Re: [TF-A] Erroneous speculative AT workaround - TF-A

1 Jul 2020


      +Updated comment for SCTLR_EL2 register restoration.
On 01/07/2020, 17:45, "TF-A on behalf of Manish Badarkhe via TF-A" <tf-a-bounces@lists.trustedfirmware.org on behalf of tf-a@lists.trustedfirmware.org> wrote:
Hi Andrew,
As per current implementation, in “el1_sysregs_context_restore” routine do below things:
1.  TCR_EL1.EPD0 = 1
          2.  TCR_EL1.EPD1 = 1
          3.  SCTR_EL1.M = 0
          4.  Isb
    Code snippet:	
            mrs     x9, tcr_el1
            orr     x9, x9, #TCR_EPD0_BIT
            orr     x9, x9, #TCR_EPD1_BIT
            msr     tcr_el1, x9
            mrs     x9, sctlr_el1
            bic     x9, x9, #SCTLR_M_BIT
            msr     sctlr_el1, x9
            isb
    This is to avoid PTW through while updating system registers at step 5
          5. Restore all system registers for El1 except SCTLR_EL1 and TCR_EL1
          6. isb() 
          7. restore SCTLR_EL1 and TCR_EL1
    Code Snippet:  
            ldr     x9, [x0, #CTX_SCTLR_EL1]     -> saved value from "el2_sysregs_context_save"
            msr     sctlr_el1, x9
            ldr     x9, [x0, #CTX_TCR_EL1]
            msr     tcr_el1, x9
As per above steps. SCTLR_EL1 get restored back with actual settings at step 7.
    Similar flow is present for “el2_sysregs_context_restore” to restore SCTLR_EL2 register.
In conclusion, this routine temporarily clear M bit of SCTLR_EL1 to avoid speculation but restored it back
    to its original setting while leaving back to its caller. Please let us know whether this align with KVM 
    workaround for speculative AT erratum.
Thanks
    Manish Badarkhe
On 01/07/2020, 17:02, "TF-A on behalf of Joanna Farley via TF-A" <tf-a-bounces@lists.trustedfirmware.org on behalf of tf-a@lists.trustedfirmware.org> wrote:
Thanks Andrew for the notification. We will look into it and get back to this thread.
Thanks
Joanna
On 01/07/2020, 10:16, "TF-A on behalf of Andrew Scull via TF-A" <tf-a-bounces@lists.trustedfirmware.org on behalf of tf-a@lists.trustedfirmware.org> wrote:
Whilst looking at the speculative AT workaround in KVM, I compared it
            against the workaround in TF-A and noticed an inconsistency whereby TF-A
            **breaks** KVM's workaround.
In `el1_sysregs_context_restore`, the M bit of SCTRL_EL1 is cleared
            however Linux requires this to be set for its workaround to be correct.
            If an exception is taken to EL3 partway through a VM context switch,
            e.g. a secure interrupt, causing a switch to the secure world, TF-A will
            reintroduce the possibility of TLB corruption.
The above explains how it is broken for Linux's chosen workaround
            however TF-A will also have to be compatible with whatever workaround
            the EL2 software is using.
Starting this thread with the issue identified and we can add more
            details as needed.
Thanks
            Andrew
            -- 
            TF-A mailing list
            TF-A@lists.trustedfirmware.org
            https://lists.trustedfirmware.org/mailman/listinfo/tf-a
-- 
        TF-A mailing list
        TF-A@lists.trustedfirmware.org
        https://lists.trustedfirmware.org/mailman/listinfo/tf-a
-- 
    TF-A mailing list
    TF-A@lists.trustedfirmware.org
    https://lists.trustedfirmware.org/mailman/listinfo/tf-a