Google Git
Sign in
chromium / chromiumos / third_party / kernel / eda9c9d938509499ada3ece914bcc0a576ce4e4f
commiteda9c9d938509499ada3ece914bcc0a576ce4e4f[log] [tgz]
authorArd Biesheuvel <ard.biesheuvel@linaro.org>Tue Nov 10 14:11:20 2015
committerchrome-bot <chrome-bot@chromium.org>Fri Jun 15 17:53:59 2018
treef2a3764601dbd6fb0d53d43b8cac695c37dc3f86
parent585bb87a78900d095ec1c2173536d9408cada798 [diff]
BACKPORT: ARM/arm64: KVM: test properly for a PTE's uncachedness

The open coded tests for checking whether a PTE maps a page as
uncached use a flawed '(pte_val(xxx) & CONST) != CONST' pattern,
which is not guaranteed to work since the type of a mapping is
not a set of mutually exclusive bits

For HYP mappings, the type is an index into the MAIR table (i.e, the
index itself does not contain any information whatsoever about the
type of the mapping), and for stage-2 mappings it is a bit field where
normal memory and device types are defined as follows:

    #define MT_S2_NORMAL            0xf
    #define MT_S2_DEVICE_nGnRE      0x1

I.e., masking *and* comparing with the latter matches on the former,
and we have been getting lucky merely because the S2 device mappings
also have the PTE_UXN bit set, or we would misidentify memory mappings
as device mappings.

Since the unmap_range() code path (which contains one instance of the
flawed test) is used both for HYP mappings and stage-2 mappings, and
considering the difference between the two, it is non-trivial to fix
this by rewriting the tests in place, as it would involve passing
down the type of mapping through all the functions.

However, since HYP mappings and stage-2 mappings both deal with host
physical addresses, we can simply check whether the mapping is backed
by memory that is managed by the host kernel, and only perform the
D-cache maintenance if this is the case.

BUG=chromium:846515
TEST=build/boot on hana with USE=kvm_host

Change-Id: Icf584d6f75d04e9fe1e13e080773d91315e5e470
Cc: stable@vger.kernel.org
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
(cherry picked from commit e6fab54423450d699a09ec2b899473a541f61971)
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
[SR: context from not having 15a49a44fc3620]
 Conflicts:
	arch/arm/kvm/mmu.c
Reviewed-on: https://chromium-review.googlesource.com/1088107
Reviewed-by: Dylan Reid <dgreid@chromium.org>
1 file changed
tree: f2a3764601dbd6fb0d53d43b8cac695c37dc3f86
  1. android/
  2. arch/
  3. block/
  4. chromeos/
  5. crypto/
  6. Documentation/
  7. drivers/
  8. firmware/
  9. fs/
  10. include/
  11. init/
  12. ipc/
  13. kernel/
  14. lib/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .gitignore
  25. .mailmap
  26. COMMIT-QUEUE.ini
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. PRESUBMIT.cfg
  34. README
  35. REPORTING-BUGS