[stable,4.19] arm64: errata: Remove AES hwcap for COMPAT tasks

Message ID 20221020230110.1255660-3-f.fainelli@gmail.com
State New
Headers
Series [stable,4.19] arm64: errata: Remove AES hwcap for COMPAT tasks |

Commit Message

Florian Fainelli Oct. 20, 2022, 11:01 p.m. UTC
  From: James Morse <james.morse@arm.com>

commit 44b3834b2eed595af07021b1c64e6f9bc396398b upstream

Cortex-A57 and Cortex-A72 have an erratum where an interrupt that
occurs between a pair of AES instructions in aarch32 mode may corrupt
the ELR. The task will subsequently produce the wrong AES result.

The AES instructions are part of the cryptographic extensions, which are
optional. User-space software will detect the support for these
instructions from the hwcaps. If the platform doesn't support these
instructions a software implementation should be used.

Remove the hwcap bits on affected parts to indicate user-space should
not use the AES instructions.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: James Morse <james.morse@arm.com>
Link: https://lore.kernel.org/r/20220714161523.279570-3-james.morse@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
[florian: resolved conflicts in arch/arm64/tools/cpucaps and cpu_errata.c]
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Change-Id: I651a0db2e9d2f304d210ae979ae586e7dcc9744d
---
 Documentation/arm64/silicon-errata.txt |  2 ++
 arch/arm64/Kconfig                     | 16 ++++++++++++++++
 arch/arm64/include/asm/cpucaps.h       |  3 ++-
 arch/arm64/kernel/cpu_errata.c         | 17 +++++++++++++++++
 arch/arm64/kernel/cpufeature.c         | 13 ++++++++++++-
 5 files changed, 49 insertions(+), 2 deletions(-)
  

Comments

Greg KH Oct. 26, 2022, 4:49 p.m. UTC | #1
On Thu, Oct 20, 2022 at 04:01:07PM -0700, Florian Fainelli wrote:
> From: James Morse <james.morse@arm.com>
> 
> commit 44b3834b2eed595af07021b1c64e6f9bc396398b upstream
> 
> Cortex-A57 and Cortex-A72 have an erratum where an interrupt that
> occurs between a pair of AES instructions in aarch32 mode may corrupt
> the ELR. The task will subsequently produce the wrong AES result.
> 
> The AES instructions are part of the cryptographic extensions, which are
> optional. User-space software will detect the support for these
> instructions from the hwcaps. If the platform doesn't support these
> instructions a software implementation should be used.
> 
> Remove the hwcap bits on affected parts to indicate user-space should
> not use the AES instructions.
> 
> Acked-by: Ard Biesheuvel <ardb@kernel.org>
> Signed-off-by: James Morse <james.morse@arm.com>
> Link: https://lore.kernel.org/r/20220714161523.279570-3-james.morse@arm.com
> Signed-off-by: Will Deacon <will@kernel.org>
> [florian: resolved conflicts in arch/arm64/tools/cpucaps and cpu_errata.c]
> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
> Change-Id: I651a0db2e9d2f304d210ae979ae586e7dcc9744d

No need for Change-Id: in upstream patches :)
  
Florian Fainelli Oct. 26, 2022, 4:51 p.m. UTC | #2
On 10/26/2022 9:49 AM, Greg Kroah-Hartman wrote:
> On Thu, Oct 20, 2022 at 04:01:07PM -0700, Florian Fainelli wrote:
>> From: James Morse <james.morse@arm.com>
>>
>> commit 44b3834b2eed595af07021b1c64e6f9bc396398b upstream
>>
>> Cortex-A57 and Cortex-A72 have an erratum where an interrupt that
>> occurs between a pair of AES instructions in aarch32 mode may corrupt
>> the ELR. The task will subsequently produce the wrong AES result.
>>
>> The AES instructions are part of the cryptographic extensions, which are
>> optional. User-space software will detect the support for these
>> instructions from the hwcaps. If the platform doesn't support these
>> instructions a software implementation should be used.
>>
>> Remove the hwcap bits on affected parts to indicate user-space should
>> not use the AES instructions.
>>
>> Acked-by: Ard Biesheuvel <ardb@kernel.org>
>> Signed-off-by: James Morse <james.morse@arm.com>
>> Link: https://lore.kernel.org/r/20220714161523.279570-3-james.morse@arm.com
>> Signed-off-by: Will Deacon <will@kernel.org>
>> [florian: resolved conflicts in arch/arm64/tools/cpucaps and cpu_errata.c]
>> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
>> Change-Id: I651a0db2e9d2f304d210ae979ae586e7dcc9744d
> 
> No need for Change-Id: in upstream patches :)

Meh, the perils of working with Gerrit in the same tree.. do you need me 
to resubmit or can you strip those when you apply the patches?
  
Greg KH Oct. 26, 2022, 5:02 p.m. UTC | #3
On Wed, Oct 26, 2022 at 09:51:20AM -0700, Florian Fainelli wrote:
> 
> 
> On 10/26/2022 9:49 AM, Greg Kroah-Hartman wrote:
> > On Thu, Oct 20, 2022 at 04:01:07PM -0700, Florian Fainelli wrote:
> > > From: James Morse <james.morse@arm.com>
> > > 
> > > commit 44b3834b2eed595af07021b1c64e6f9bc396398b upstream
> > > 
> > > Cortex-A57 and Cortex-A72 have an erratum where an interrupt that
> > > occurs between a pair of AES instructions in aarch32 mode may corrupt
> > > the ELR. The task will subsequently produce the wrong AES result.
> > > 
> > > The AES instructions are part of the cryptographic extensions, which are
> > > optional. User-space software will detect the support for these
> > > instructions from the hwcaps. If the platform doesn't support these
> > > instructions a software implementation should be used.
> > > 
> > > Remove the hwcap bits on affected parts to indicate user-space should
> > > not use the AES instructions.
> > > 
> > > Acked-by: Ard Biesheuvel <ardb@kernel.org>
> > > Signed-off-by: James Morse <james.morse@arm.com>
> > > Link: https://lore.kernel.org/r/20220714161523.279570-3-james.morse@arm.com
> > > Signed-off-by: Will Deacon <will@kernel.org>
> > > [florian: resolved conflicts in arch/arm64/tools/cpucaps and cpu_errata.c]
> > > Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
> > > Change-Id: I651a0db2e9d2f304d210ae979ae586e7dcc9744d
> > 
> > No need for Change-Id: in upstream patches :)
> 
> Meh, the perils of working with Gerrit in the same tree.. do you need me to
> resubmit or can you strip those when you apply the patches?

I stripped them all, no worries.
  

Patch

diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt
index 667ea906266e..5329e3e00e04 100644
--- a/Documentation/arm64/silicon-errata.txt
+++ b/Documentation/arm64/silicon-errata.txt
@@ -55,7 +55,9 @@  stable kernels.
 | ARM            | Cortex-A57      | #832075         | ARM64_ERRATUM_832075        |
 | ARM            | Cortex-A57      | #852523         | N/A                         |
 | ARM            | Cortex-A57      | #834220         | ARM64_ERRATUM_834220        |
+| ARM            | Cortex-A57      | #1742098        | ARM64_ERRATUM_1742098       |
 | ARM            | Cortex-A72      | #853709         | N/A                         |
+| ARM            | Cortex-A72      | #1655431        | ARM64_ERRATUM_1742098       |
 | ARM            | Cortex-A73      | #858921         | ARM64_ERRATUM_858921        |
 | ARM            | Cortex-A55      | #1024718        | ARM64_ERRATUM_1024718       |
 | ARM            | Cortex-A76      | #1463225        | ARM64_ERRATUM_1463225       |
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a101f5d2fbed..e16f0d45b47a 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -515,6 +515,22 @@  config ARM64_ERRATUM_1542419
 
 	  If unsure, say Y.
 
+config ARM64_ERRATUM_1742098
+	bool "Cortex-A57/A72: 1742098: ELR recorded incorrectly on interrupt taken between cryptographic instructions in a sequence"
+	depends on COMPAT
+	default y
+	help
+	  This option removes the AES hwcap for aarch32 user-space to
+	  workaround erratum 1742098 on Cortex-A57 and Cortex-A72.
+
+	  Affected parts may corrupt the AES state if an interrupt is
+	  taken between a pair of AES instructions. These instructions
+	  are only present if the cryptography extensions are present.
+	  All software should have a fallback implementation for CPUs
+	  that don't implement the cryptography extensions.
+
+	  If unsure, say Y.
+
 config CAVIUM_ERRATUM_22375
 	bool "Cavium erratum 22375, 24313"
 	default y
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 64ae14371cae..61fd28522d74 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -55,7 +55,8 @@ 
 #define ARM64_SSBS				34
 #define ARM64_WORKAROUND_1542419		35
 #define ARM64_SPECTRE_BHB			36
+#define ARM64_WORKAROUND_1742098		37
 
-#define ARM64_NCAPS				37
+#define ARM64_NCAPS				38
 
 #endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index d0b7dd60861b..5435550d1c9b 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -683,6 +683,15 @@  static const struct midr_range arm64_harden_el2_vectors[] = {
 
 #endif
 
+#ifdef CONFIG_ARM64_ERRATUM_1742098
+static struct midr_range broken_aarch32_aes[] = {
+	MIDR_RANGE(MIDR_CORTEX_A57, 0, 1, 0xf, 0xf),
+	MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
+	{},
+};
+#endif
+
+
 const struct arm64_cpu_capabilities arm64_errata[] = {
 #if	defined(CONFIG_ARM64_ERRATUM_826319) || \
 	defined(CONFIG_ARM64_ERRATUM_827319) || \
@@ -883,6 +892,14 @@  const struct arm64_cpu_capabilities arm64_errata[] = {
 		.matches = has_neoverse_n1_erratum_1542419,
 		.cpu_enable = cpu_enable_trap_ctr_access,
 	},
+#endif
+#ifdef CONFIG_ARM64_ERRATUM_1742098
+	{
+		.desc = "ARM erratum 1742098",
+		.capability = ARM64_WORKAROUND_1742098,
+		CAP_MIDR_RANGE_LIST(broken_aarch32_aes),
+		.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
+	},
 #endif
 	{
 	}
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 03b0fdccaf05..d7e73a7963d1 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -31,6 +31,7 @@ 
 #include <asm/cpufeature.h>
 #include <asm/cpu_ops.h>
 #include <asm/fpsimd.h>
+#include <asm/hwcap.h>
 #include <asm/mmu_context.h>
 #include <asm/processor.h>
 #include <asm/sysreg.h>
@@ -1154,6 +1155,14 @@  static void cpu_enable_ssbs(const struct arm64_cpu_capabilities *__unused)
 }
 #endif /* CONFIG_ARM64_SSBD */
 
+static void elf_hwcap_fixup(void)
+{
+#ifdef CONFIG_ARM64_ERRATUM_1742098
+	if (cpus_have_const_cap(ARM64_WORKAROUND_1742098))
+		compat_elf_hwcap2 &= ~COMPAT_HWCAP2_AES;
+#endif /* ARM64_ERRATUM_1742098 */
+}
+
 static const struct arm64_cpu_capabilities arm64_features[] = {
 	{
 		.desc = "GIC system register CPU interface",
@@ -1802,8 +1811,10 @@  void __init setup_cpu_features(void)
 	mark_const_caps_ready();
 	setup_elf_hwcaps(arm64_elf_hwcaps);
 
-	if (system_supports_32bit_el0())
+	if (system_supports_32bit_el0()) {
 		setup_elf_hwcaps(compat_elf_hwcaps);
+		elf_hwcap_fixup();
+	}
 
 	if (system_uses_ttbr0_pan())
 		pr_info("emulated: Privileged Access Never (PAN) using TTBR0_EL1 switching\n");