From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.18836.1672852987105836003 for ; Wed, 04 Jan 2023 09:23:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=U7unUQ1C; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 56046616C3; Wed, 4 Jan 2023 17:23:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DB898C433D2; Wed, 4 Jan 2023 17:23:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672852985; bh=n1Y68eamnTr7FQv9iYyf6SWw8Mf3jfLb3xWLn6KTmsc=; h=From:To:Cc:Subject:Date:From; b=U7unUQ1Cv1PSNmUeCoeAqb1i+WUxs7J5Hx6Ap9v6nHpDbAqGIjKP9GTlkM8/qYoRW FJEMBKqWUobYcXgY2M4DR5Cn3t8zd2X0hFWoXKQU004bJuUwpJojIz3JpENe737gQM 72bDLlpCLsQxmuOxq0t5Gd2bJsyVD8j0VYB2jIlh5qomLvUGpbmtn7/kjBEontiWk9 /ObZOvDH6mG4uU/K6pC654+2eerTcfPy4ERDr/thtx8sIWOkhGnjryGrYvTj6Pzac8 F3YTH5qkg/inIF8/U6GdmSLh7wxJy3VG7QprEUL3hnTh7F3TntQ07a0Q0pUYekAi8H OqL8ef5WpVCPw== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: dann.frazier@canonical.com, Ard Biesheuvel Subject: [PATCH] ArmVirtPkg/ArmVirtQemu: Avoid early ID map on ThunderX Date: Wed, 4 Jan 2023 18:22:55 +0100 Message-Id: <20230104172255.1211768-1-ardb@kernel.org> X-Mailer: git-send-email 2.39.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The early ID map used by ArmVirtQemu uses ASID scoped non-global mappings, as this allows us to switch to the permanent ID map seamlessly without the need for explicit TLB maintenance. However, this triggers a known erratum on ThunderX, which does not tolerate non-global mappings that are executable at EL1, as this appears to result in I-cache corruption. (Linux disables the KPTI based Meltdown mitigation on ThunderX for the same reason) So work around this, by detecting the CPU implementor and part number, and proceeding without the early ID map if a ThunderX CPU is detected. Note that this requires the C code to be built with strict alignment again, as we may end up executing it with the MMU and caches off. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirtQemu.dsc | 6 +++= +++ ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S | 18 +++= +++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index f77443229e8e..340b36f69c2c 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -31,6 +31,7 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE=0D DEFINE TPM2_ENABLE =3D FALSE=0D DEFINE TPM2_CONFIG_ENABLE =3D FALSE=0D + DEFINE CAVIUM_ERRATUM_27456 =3D FALSE=0D =0D #=0D # Network definition=0D @@ -117,7 +118,12 @@ [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf=0D =0D [BuildOptions]=0D +!if $(CAVIUM_ERRATUM_27456) =3D=3D TRUE=0D + GCC:*_*_AARCH64_CC_XIPFLAGS =3D -mno-strict-align=0D + GCC:*_*_AARCH64_PP_FLAGS =3D -DCAVIUM_ERRATUM_27456=0D +!else=0D GCC:*_*_AARCH64_CC_XIPFLAGS =3D=3D=0D +!endif=0D =0D !include NetworkPkg/NetworkBuildOptions.dsc.inc=0D =0D diff --git a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelpe= r.S b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S index 05ccc7f9f043..962f1ba3a4d7 100644 --- a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S +++ b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S @@ -44,8 +44,26 @@ =0D =0D ASM_FUNC(ArmPlatformPeiBootAction)=0D +#ifdef CAVIUM_ERRATUM_27456=0D + /*=0D + * On Cavium ThunderX, using non-global mappings that are executable at = EL1=0D + * results in I-cache corruption. So just avoid the early ID mapping the= re.=0D + *=0D + * MIDR implementor 0x43=0D + * MIDR part numbers 0xA1 0xA2=0D + */=0D + mrs x0, midr_el1 // read the MIDR into X0=0D + ubfx x1, x0, #6, #10 // grab part number bits [11:2]=0D + ubfx x0, x0, #24, #8 // grab implementor id=0D + mov x2, #0xA0 >> 2=0D + cmp x0, #0x43 // compare implementor id=0D + ccmp x1, x2, #0, eq // compare part# bits [11:2]=0D + b.eq .Lreturn=0D +#endif=0D +=0D mrs x0, CurrentEL // check current exception level=0D tbz x0, #3, 0f // bail if above EL1=0D +.Lreturn:=0D ret=0D =0D 0:mov_i x0, mairval=0D --=20 2.39.0