1. 20 Mar, 2015 1 commit
    • Will Deacon's avatar
      arm64: efi: don't restore TTBR0 if active_mm points at init_mm · 130c93fd
      Will Deacon authored
      
      
      init_mm isn't a normal mm: it has swapper_pg_dir as its pgd (which
      contains kernel mappings) and is used as the active_mm for the idle
      thread.
      
      When restoring the pgd after an EFI call, we write current->active_mm
      into TTBR0. If the current task is actually the idle thread (e.g. when
      initialising the EFI RTC before entering userspace), then the TLB can
      erroneously populate itself with junk global entries as a result of
      speculative table walks.
      
      When we do eventually return to userspace, the task can end up hitting
      these junk mappings leading to lockups, corruption or crashes.
      
      This patch fixes the problem in the same way as the CPU suspend code by
      ensuring that we never switch to the init_mm in efi_set_pgd and instead
      point TTBR0 at the zero page. A check is also added to cpu_switch_mm to
      BUG if we get passed swapper_pg_dir.
      Reviewed-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Fixes: f3cdfd23
      
       ("arm64/efi: move SetVirtualAddressMap() to UEFI stub")
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      130c93fd
  2. 08 Sep, 2014 1 commit
    • Arun Chandran's avatar
      arm64: convert part of soft_restart() to assembly · 5e051531
      Arun Chandran authored
      
      
      The current soft_restart() and setup_restart implementations incorrectly
      assume that compiler will not spill/fill values to/from stack. However
      this assumption seems to be wrong, revealed by the disassembly of the
      currently existing code (v3.16) built with Linaro GCC 4.9-2014.05.
      
      ffffffc000085224 <soft_restart>:
      ffffffc000085224:  a9be7bfd  stp    x29, x30, [sp,#-32]!
      ffffffc000085228:  910003fd  mov    x29, sp
      ffffffc00008522c:  f9000fa0  str    x0, [x29,#24]
      ffffffc000085230:  94003d21  bl     ffffffc0000946b4 <setup_mm_for_reboot>
      ffffffc000085234:  94003b33  bl     ffffffc000093f00 <flush_cache_all>
      ffffffc000085238:  94003dfa  bl     ffffffc000094a20 <cpu_cache_off>
      ffffffc00008523c:  94003b31  bl     ffffffc000093f00 <flush_cache_all>
      ffffffc000085240:  b0003321  adrp   x1, ffffffc0006ea000 <reset_devices>
      
      ffffffc000085244:  f9400fa0  ldr    x0, [x29,#24] ----> spilled addr
      ffffffc000085248:  f942fc22  ldr    x2, [x1,#1528] ----> global memstart_addr
      
      ffffffc00008524c:  f0000061  adrp   x1, ffffffc000094000 <__inval_cache_range+0x40>
      ffffffc000085250:  91290021  add    x1, x1, #0xa40
      ffffffc000085254:  8b010041  add    x1, x2, x1
      ffffffc000085258:  d2c00802  mov    x2, #0x4000000000           // #274877906944
      ffffffc00008525c:  8b020021  add    x1, x1, x2
      ffffffc000085260:  d63f0020  blr    x1
      ...
      
      Here the compiler generates memory accesses after the cache is disabled,
      loading stale values for the spilled value and global variable. As we cannot
      control when the compiler will access memory we must rewrite the
      functions in assembly to stash values we need in registers prior to
      disabling the cache, avoiding the use of memory.
      Reviewed-by: default avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarArun Chandran <achandran@mvista.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      5e051531
  3. 16 Dec, 2013 1 commit
    • Lorenzo Pieralisi's avatar
      arm64: kernel: suspend/resume registers save/restore · 6732bc65
      Lorenzo Pieralisi authored
      
      
      Power management software requires the kernel to save and restore
      CPU registers while going through suspend and resume operations
      triggered by kernel subsystems like CPU idle and suspend to RAM.
      
      This patch implements code that provides save and restore mechanism
      for the arm v8 implementation. Memory for the context is passed as
      parameter to both cpu_do_suspend and cpu_do_resume functions, and allows
      the callers to implement context allocation as they deem fit.
      
      The registers that are saved and restored correspond to the registers set
      actually required by the kernel to be up and running which represents a
      subset of v8 ISA.
      Signed-off-by: default avatarLorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      6732bc65
  4. 17 Sep, 2012 1 commit