| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250625133735.GB213144@ziepe.ca>
Date: Wed, 25 Jun 2025 10:37:35 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Ryan Roberts <ryan.roberts@....com>
Cc: Catalin Marinas <catalin.marinas@....com>,
MikoĊaj Lenczewski <miko.lenczewski@....com>,
yang@...amperecomputing.com, will@...nel.org,
jean-philippe@...aro.org, robin.murphy@....com, joro@...tes.org,
maz@...nel.org, oliver.upton@...ux.dev, joey.gouly@....com,
james.morse@....com, broonie@...nel.org, ardb@...nel.org,
baohua@...nel.org, suzuki.poulose@....com, david@...hat.com,
nicolinc@...dia.com, jsnitsel@...hat.com, mshavit@...gle.com,
kevin.tian@...el.com, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org, iommu@...ts.linux.dev
Subject: Re: [PATCH v7 4/4] arm64/mm: Elide tlbi in contpte_convert() under
BBML2
On Wed, Jun 25, 2025 at 02:07:23PM +0100, Ryan Roberts wrote:
> I think what you are saying is that despite going via invalid, the HW may see
> this direct transition:
>
> +----+----+----+----+
> |RO,n|RO,n|RO,n|RW,n|
> +----+----+----+----+
> to:
> +----+----+----+----+
> |RO,c|RO,c|RO,c|RO,c|
> +----+----+----+----+
>
> There are 2 logical operations here. The first is changing the permissions of
> the last entry. The second is changing the size of the entry.
>
> As I understand it, it's permissible in the architecture to update the
> permissions of the a PTE without break-before-make and without issuing a tlbi
> afterwards; in that case the HW may apply either the old permissions or the new
> permissions up until a future tlbi (after which the new permissions are
> guarranteed). That's the first logical operation.
>
> The second logical operation is permitted by FEAT_BBM level 2.
>
> So both logical operations are permitted and the Arm ARM doesn't mention any
> requirement to "separate" these operations with a tlbi or anything else, as far
> as I can see.
>
> So I would interpret that combining these 2 in the way we have should be safe.
> RNGLXZ and RJQQTC give further insight into the spirit of the spec. But I agree
> this isn't spelled out super clearly.
>
> Perhaps we can move forwards based on this understanding, and I will seek some
> clarifying words to be added to the Arm ARM?
FWIW this matches my understanding as well.
AFAIK the actual physical issue for BBM < 2 is the TLB lookup HW
cannot tolerate having two entries that overlap in address because of
different sizes. Every lookup must return exactly one result. If more
results are returned the HW fails in some way.
For BBM 2 if the HW lookup gets more than one result the HW selects
one unpredictably and uses that.
Permissions shouldn't have any impact because they do not effect how
the lookup is performed, they are the result of the lookup.
I've been looking at implementing BBM 2 support on the iommu side and
I didn't see anything that said we cannot do arbitary transformations
under BBM 2? For instance when degrading from a contiguous range of
block descriptors down to single page descriptors I'm expecting to go
like:
16x2M -> 2M -> 4k -> FLUSH
Jason
Powered by blists - more mailing lists