[PATCH v2 1/2] arm64: errata: Remove AES hwcap for COMPAT tasks
Will Deacon
will at kernel.org
Thu Apr 14 03:03:43 PDT 2022
On Wed, Apr 13, 2022 at 06:05:44PM +0100, James Morse wrote:
> Cortex-A57 and Cortex-A72 have an erratum where an interrupt that
> occurs between a pair of AES instructions in aarch32 mode may corrupt
> the ELR. The task will subsequently produce the wrong AES result.
>
> The AES instructions are part of the cryptographic extensions, which are
> optional. User-space software will detect the support for these
> instructions from the hwcaps. If the platform doesn't support these
> instructions a software implementation should be used.
>
> Remove the hwcap bits on affected parts to indicate user-space should
> not use the AES instructions.
>
> Signed-off-by: James Morse <james.morse at arm.com>
> ---
> Documentation/arm64/silicon-errata.rst | 4 ++++
> arch/arm64/Kconfig | 16 ++++++++++++++++
> arch/arm64/kernel/cpu_errata.c | 16 ++++++++++++++++
> arch/arm64/kernel/cpufeature.c | 11 ++++++++++-
> arch/arm64/tools/cpucaps | 1 +
> 5 files changed, 47 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst
> index 466cb9e89047..053dc12696b5 100644
> --- a/Documentation/arm64/silicon-errata.rst
> +++ b/Documentation/arm64/silicon-errata.rst
> @@ -82,10 +82,14 @@ stable kernels.
> +----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A57 | #1319537 | ARM64_ERRATUM_1319367 |
> +----------------+-----------------+-----------------+-----------------------------+
> +| ARM | Cortex-A57 | #1742098 | ARM64_ERRATUM_1742098 |
> ++----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A72 | #853709 | N/A |
> +----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A72 | #1319367 | ARM64_ERRATUM_1319367 |
> +----------------+-----------------+-----------------+-----------------------------+
> +| ARM | Cortex-A72 | #1655431 | ARM64_ERRATUM_1742098 |
> ++----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A73 | #858921 | ARM64_ERRATUM_858921 |
> +----------------+-----------------+-----------------+-----------------------------+
> | ARM | Cortex-A76 | #1188873,1418040| ARM64_ERRATUM_1418040 |
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 57c4c995965f..df19e60c4c46 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -491,6 +491,22 @@ config ARM64_ERRATUM_834220
>
> If unsure, say Y.
>
> +config ARM64_ERRATUM_1742098
> + bool "Cortex-A57/A72: 1742098: ELR recorded incorrectly on interrupt taken between cryptographic instructions in a sequence"
> + depends on COMPAT
> + default y
> + help
> + This option removes the AES hwcap for aarch32 user-space to
> + workaround erratum 1742098 on Cortex-A57 and Cortex-A72.
> +
> + Affected parts may corrupt the AES state if an interrupt is
> + taken between a pair of AES instructions. These instructions
> + are only present if the cryptography extensions are present.
> + All software should have a fallback implementation for CPUs
> + that don't implement the cryptography extensions.
> +
> + If unsure, say Y.
> +
> config ARM64_ERRATUM_845719
> bool "Cortex-A53: 845719: a load might read incorrect data"
> depends on COMPAT
> diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
> index 4c9b5b4b7a0b..8f85dac4cd79 100644
> --- a/arch/arm64/kernel/cpu_errata.c
> +++ b/arch/arm64/kernel/cpu_errata.c
> @@ -393,6 +393,14 @@ static struct midr_range trbe_write_out_of_range_cpus[] = {
> };
> #endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */
>
> +#ifdef CONFIG_ARM64_ERRATUM_1742098
> +static struct midr_range broken_aarch32_aes[] = {
> + MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
> + MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
> + {},
> +};
> +#endif /* CONFIG_ARM64_WORKAROUND_TRBE_WRITE_OUT_OF_RANGE */
Comment here is wrong ^^^
> +
> const struct arm64_cpu_capabilities arm64_errata[] = {
> #ifdef CONFIG_ARM64_WORKAROUND_CLEAN_CACHE
> {
> @@ -655,6 +663,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
> /* Cortex-A510 r0p0 - r0p1 */
> ERRATA_MIDR_REV_RANGE(MIDR_CORTEX_A510, 0, 0, 1)
> },
> +#endif
> +#ifdef CONFIG_ARM64_ERRATUM_1742098
> + {
> + .desc = "ARM erratum 1742098",
> + .capability = ARM64_WORKAROUND_1742098,
> + CAP_MIDR_RANGE_LIST(broken_aarch32_aes),
> + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
> + },
> #endif
> {
> }
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index d72c4b4d389c..3faf16f1c040 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -1922,6 +1922,12 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
> }
> #endif /* CONFIG_ARM64_MTE */
>
> +static void elf_hwcap_fixup(void)
> +{
> + if (cpus_have_const_cap(ARM64_WORKAROUND_1742098))
> + compat_elf_hwcap2 &= ~COMPAT_HWCAP2_AES;
> +}
How does this deal with big/little if we late online an affected CPU? It
would probably be easier if we treated these CPUs as not having the 32-bit
AES instructions at all (rather than removing the hwcap later), then the
early cap check would prevent late onlining.
Will
More information about the linux-arm-kernel
mailing list