From 66c3920d4a54edd56f8fce2ad5e0c1c89710ce88 Mon Sep 17 00:00:00 2001 From: Zhang Zekun Date: Wed, 21 Feb 2024 14:52:20 +0800 Subject: [PATCH 1/2] Revert "iommu/arm-smmu-v3: Add a SYNC command to avoid broken page table prefetch" hulk inclusion category: feature bugzilla: https://gitee.com/src-openeuler/kernel/issues/I92MAE CVE: NA --------------------------------------------- This reverts commit 880e928489d90b670bf377689b74397670ebbc25. Signed-off-by: Zhang Zekun --- arch/arm64/Kconfig | 13 ------------- arch/arm64/configs/openeuler_defconfig | 1 - arch/arm64/kernel/cpu_errata.c | 14 -------------- arch/arm64/tools/cpucaps | 1 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 20 -------------------- 5 files changed, 49 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index e3821be64a22..159567244db7 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1185,19 +1185,6 @@ config HISILICON_ERRATUM_1980005 If unsure, say N. -config HISILICON_ERRATUM_162100602 - bool "Hisilicon erratum 162100602" - depends on ARM_SMMU_V3 - default y - help - On Hisilicon LINXICORE9100 cores, SMMU pagetable prefetch features may - prefetch and use a invalid PTE even the PTE is valid at that time. This - will cause the device trigger fake pagefaults. If the SMMU works in - terminate mode, transactions which occur fake pagefaults will be aborted, - and could result in unexpected errors. - - If unsure, say Y. - config QCOM_FALKOR_ERRATUM_1003 bool "Falkor E1003: Incorrect translation due to ASID change" default y diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index 7485b95ed2dc..fb1b37b2113a 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -428,7 +428,6 @@ CONFIG_FUJITSU_ERRATUM_010001=y CONFIG_HISILICON_ERRATUM_161600802=y CONFIG_HISILICON_ERRATUM_162100125=y # CONFIG_HISILICON_ERRATUM_1980005 is not set -CONFIG_HISILICON_ERRATUM_162100602=y CONFIG_QCOM_FALKOR_ERRATUM_1003=y CONFIG_QCOM_FALKOR_ERRATUM_1009=y CONFIG_QCOM_QDF2400_ERRATUM_0065=y diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index c569e6c0ac07..a686a96d966a 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -360,13 +360,6 @@ static const struct midr_range hisilicon_erratum_162100125_cpus[] = { }; #endif -#ifdef CONFIG_HISILICON_ERRATUM_162100602 -static const struct midr_range hisilicon_erratum_162100602_cpus[] = { - MIDR_REV(MIDR_HISI_LINXICORE9100, 0, 0), - {}, -}; -#endif - #ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003 static const struct arm64_cpu_capabilities qcom_erratum_1003_list[] = { { @@ -598,13 +591,6 @@ const struct arm64_cpu_capabilities arm64_errata[] = { ERRATA_MIDR_RANGE_LIST(hisilicon_erratum_162100125_cpus), }, #endif -#ifdef CONFIG_HISILICON_ERRATUM_162100602 - { - .desc = "Hisilicon erratum 162100602", - .capability = ARM64_WORKAROUND_HISILICON_ERRATUM_162100602, - ERRATA_MIDR_RANGE_LIST(hisilicon_erratum_162100602_cpus), - }, -#endif #ifdef CONFIG_HISILICON_ERRATUM_1980005 { .desc = "Hisilicon erratum 1980005 (IDC)", diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index 8c4f338e6568..94c85ead16e2 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -105,7 +105,6 @@ WORKAROUND_SPECULATIVE_AT WORKAROUND_HISILICON_ERRATUM_162100125 WORKAROUND_HISI_HIP08_RU_PREFETCH WORKAROUND_HISILICON_1980005 -WORKAROUND_HISILICON_ERRATUM_162100602 KABI_RESERVE_1 KABI_RESERVE_2 KABI_RESERVE_3 diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c index de95468a1293..d358ec5decdc 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c @@ -2776,23 +2776,6 @@ static void arm_smmu_iotlb_sync(struct iommu_domain *domain, gather->pgsize, true, smmu_domain); } -#ifdef CONFIG_HISILICON_ERRATUM_162100602 -static void arm_smmu_iotlb_sync_map(struct iommu_domain *domain, - unsigned long iova, size_t size) -{ - struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain); - size_t granule_size; - - if (!cpus_have_const_cap(ARM64_WORKAROUND_HISILICON_ERRATUM_162100602)) - return; - - granule_size = 1 << __ffs(smmu_domain->domain.pgsize_bitmap); - - /* Add a SYNC command to sync io-pgtale to avoid errors in pgtable prefetch*/ - arm_smmu_tlb_inv_range_domain(iova, granule_size, granule_size, true, smmu_domain); -} -#endif - static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova) { @@ -3356,9 +3339,6 @@ static struct iommu_ops arm_smmu_ops = { .unmap_pages = arm_smmu_unmap_pages, .flush_iotlb_all = arm_smmu_flush_iotlb_all, .iotlb_sync = arm_smmu_iotlb_sync, -#ifdef CONFIG_HISILICON_ERRATUM_162100602 - .iotlb_sync_map = arm_smmu_iotlb_sync_map, -#endif .iova_to_phys = arm_smmu_iova_to_phys, .enable_nesting = arm_smmu_enable_nesting, #ifdef CONFIG_ARM_SMMU_V3_HTTU -- Gitee From 0b84ef37d4f8496d11085bff5ae2dce1e21c455c Mon Sep 17 00:00:00 2001 From: Zhang Zekun Date: Wed, 21 Feb 2024 14:52:21 +0800 Subject: [PATCH 2/2] iommu/arm-smmu-v3: Enable iotlb_sync_map according to SMMU_IIDR hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I92MAE CVE: NA --------------------------------------------------- SMMU pagetable prefetch features may prefetch and use a invalid PTE even the PTE is valid at that time. This will cause the device trigger fake pagefaults. If the SMMU works in terminate mode, transactions which occur fake pagefaults will be aborted, and could result in unexpected errors. To fix this problem, we need to add a SYNC command after smmu has map a iova, then smmu will always try to get the newest PTE. Signed-off-by: Zhang Zekun --- Documentation/arch/arm64/silicon-errata.rst | 1 + arch/arm64/Kconfig | 12 +++++++++ arch/arm64/configs/openeuler_defconfig | 1 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 27 +++++++++++++++++++++ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 + 5 files changed, 42 insertions(+) diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst index 30d3091452f9..2b6208e0b421 100644 --- a/Documentation/arch/arm64/silicon-errata.rst +++ b/Documentation/arch/arm64/silicon-errata.rst @@ -207,6 +207,7 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | Hisilicon | LINXICORE9100 | #1980005 | HISILICON_ERRATUM_1980005 | +----------------+-----------------+-----------------+-----------------------------+ +| Hisilicon | SMMUv3 | #162100602 | HISILICON_ERRATUM_162100602 | +----------------+-----------------+-----------------+-----------------------------+ | Qualcomm Tech. | Kryo/Falkor v1 | E1003 | QCOM_FALKOR_ERRATUM_1003 | +----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 159567244db7..67bc2ad13453 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1185,6 +1185,18 @@ config HISILICON_ERRATUM_1980005 If unsure, say N. +config HISILICON_ERRATUM_162100602 + bool "Hisilicon erratum 162100602" + depends on ARM_SMMU_V3 && ARCH_HISI + default y + help + SMMU pagetable prefetch features may prefetch and use a invalid PTE even + the PTE is valid at that time. This will cause the device trigger fake + pagefaults. If the SMMU works in terminate mode, transactions which occur + fake pagefaults will be aborted, and could result in unexpected errors. + + If unsure, say Y. + config QCOM_FALKOR_ERRATUM_1003 bool "Falkor E1003: Incorrect translation due to ASID change" default y diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index fb1b37b2113a..7485b95ed2dc 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -428,6 +428,7 @@ CONFIG_FUJITSU_ERRATUM_010001=y CONFIG_HISILICON_ERRATUM_161600802=y CONFIG_HISILICON_ERRATUM_162100125=y # CONFIG_HISILICON_ERRATUM_1980005 is not set +CONFIG_HISILICON_ERRATUM_162100602=y CONFIG_QCOM_FALKOR_ERRATUM_1003=y CONFIG_QCOM_FALKOR_ERRATUM_1009=y CONFIG_QCOM_QDF2400_ERRATUM_0065=y diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c index d358ec5decdc..09dc2d690de1 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c @@ -2776,6 +2776,23 @@ static void arm_smmu_iotlb_sync(struct iommu_domain *domain, gather->pgsize, true, smmu_domain); } +#ifdef CONFIG_HISILICON_ERRATUM_162100602 +static void arm_smmu_iotlb_sync_map(struct iommu_domain *domain, + unsigned long iova, size_t size) +{ + struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain); + size_t granule_size; + + if (!(smmu_domain->smmu->options & ARM_SMMU_OPT_SYNC_MAP)) + return; + + granule_size = 1 << __ffs(smmu_domain->domain.pgsize_bitmap); + + /* Add a SYNC command to sync io-pgtale to avoid errors in pgtable prefetch*/ + arm_smmu_tlb_inv_range_domain(iova, granule_size, granule_size, true, smmu_domain); +} +#endif + static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova) { @@ -3339,6 +3356,9 @@ static struct iommu_ops arm_smmu_ops = { .unmap_pages = arm_smmu_unmap_pages, .flush_iotlb_all = arm_smmu_flush_iotlb_all, .iotlb_sync = arm_smmu_iotlb_sync, +#ifdef CONFIG_HISILICON_ERRATUM_162100602 + .iotlb_sync_map = arm_smmu_iotlb_sync_map, +#endif .iova_to_phys = arm_smmu_iova_to_phys, .enable_nesting = arm_smmu_enable_nesting, #ifdef CONFIG_ARM_SMMU_V3_HTTU @@ -4227,6 +4247,13 @@ static void arm_smmu_device_iidr_probe(struct arm_smmu_device *smmu) } break; } + +#ifdef CONFIG_HISILICON_ERRATUM_162100602 + reg = readl_relaxed(smmu->base + ARM_SMMU_IIDR); + if (FIELD_GET(IIDR_VARIANT, reg) == 0x3 && + FIELD_GET(IIDR_REVISION, reg) == 0x2) + smmu->options |= ARM_SMMU_OPT_SYNC_MAP; +#endif } static void arm_smmu_get_httu(struct arm_smmu_device *smmu, u32 reg) diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h index a6381d33647c..f04d10223f6e 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h @@ -704,6 +704,7 @@ struct arm_smmu_device { #define ARM_SMMU_OPT_PAGE0_REGS_ONLY (1 << 1) #define ARM_SMMU_OPT_MSIPOLL (1 << 2) #define ARM_SMMU_OPT_CMDQ_FORCE_SYNC (1 << 3) +#define ARM_SMMU_OPT_SYNC_MAP (1 << 4) u32 options; #ifdef CONFIG_ARM_SMMU_V3_ECMDQ -- Gitee