ARM errata 430973 on multi platform kernels

Tony Lindgren tony at atomide.com
Mon Apr 6 08:40:37 PDT 2015 

* Tony Lindgren <tony at atomide.com> [150406 08:24]:
> * Matthijs van Duin <matthijsvanduin at gmail.com> [150405 16:53]:
> > Cortex-A8 errata doc states in its workaround for erratum 430973:
> > 
> > > By default, the BTB Invalidate instruction is treated as a NOP on Cortex-A8.
> > > However, it is possible to enable the BTB Invalidate instruction such that it
> > > actually does a full invalidate of the BTB by setting the IBE bit (bit 6) in
> > > the CP15 Auxiliary Control Register. As a consequence of erratum 687067, the
> > > L1 System Array Debug Register should be cleared to 0 before the IBE bit is
> > > set using the following code sequence:
> > > MOV r1, #0
> > > MCR p15, 0, r1, c15, c1, 0            ; write instruction data 0 register
> > > MRC p15, 0, R1, c1, c0, 1             ; read Aux Ctl Register
> > > ORR R1, R1 #(1 << 6)                  ; set IBE to 1
> > > MCR p15, 0, R1, c1, c0, 1             ; write Aux Ctl Register
> > > The above code needs to be executed in Secure state. ARM Limited recommends
> > > that this code is added to the boot monitor.
> > 
> > The 430973 workaround code in proc-v7.S will do absolutely nothing if
> > executed in non-secure state. Ditto for the 458693 workaround, and the
> > 460075 workaround should trigger an undefined instruction exception.
> > Maybe linux is started in secure mode on some targets and this code
> > was written for one of those?
> 
> That's only for HS omaps, for those we currently only do it in the
> nokia_n900_legacy_init that calls rx51_secure_update_aux_cr.
> 
> > I scanned DM814x secure ROM for any (ARM or Thumb) write to
> > Instruction L1 System Array Debug Register 0, but I found none, hence
> > my warning to watch out for erratum 687067.
> 
> OK
>  
> > Adding the full set of BTB invalidates while making sure IBE is
> > disabled on sufficiently recent Cortex-A8 revisions would be optimal
> > for the Cortex-A8. But, apparently (based on the description of the
> > ARMv7 CPUID registers) there are also processors which only require
> > BTB invalidates when code is modified, but not when context-switching,
> > so there may be performance considerations there...
> 
> Attempting to summarize all that's been discussed.. It sounds like we
> need the following implemented:
> 
> 1. For cortex-a8 revisions affected by 458693, we can do a custom
>    cpu_v7_switch_mm function that always does flush BTAC/BTB.
> 
> 2. For HS cortex-a8 processors other than n900 affected by 458693,
>    we need to implement functions similar to rx51_secure_update_aux_cr,
>    the bootrom on n900 is different from TI HS omaps so the SMC call
>    numbering may be different.
> 
> 3. For later cortex-a8 processors not affected by 458693, we need
>    to clear IBE bit to avoid erratum 687067.

Oops sorry, wrong numbers for errata above.. s/458693/430973/, here's
a better version:

1. For cortex-a8 revisions affected by 430973, we can do a custom
   cpu_v7_switch_mm function that always does flush BTAC/BTB.
 
2. For HS cortex-a8 processors other than n900 affected by 430973,
   we need to implement functions similar to rx51_secure_update_aux_cr,
   the bootrom on n900 is different from TI HS omaps so the SMC call
   numbering may be different.
 
3. For later cortex-a8 processors not affected by 430973, we need
   to clear IBE bit to avoid erratum 687067.

Regards,

Tony

More information about the linux-arm-kernel mailing list