lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 1 Sep 2016 10:03:30 +0100
From:   Marc Zyngier <marc.zyngier@....com>
To:     "majun (F)" <majun258@...wei.com>,
        Mark Rutland <mark.rutland@....com>
Cc:     linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        tglx@...utronix.de, dingtianhong@...wei.com, guohanjun@...wei.com
Subject: Re: [PATCH] generic: Add the exception case checking routine for ppi
 interrupt

On 01/09/16 09:15, majun (F) wrote:
> 
> 
> 在 2016/8/31 16:35, Marc Zyngier 写道:
>> On 31/08/16 07:35, majun (F) wrote:
> [...]
>>>>
>>>
>>> I just checked the status of irq 30 during capture kernel booting.
>>>
>>> The irq 30 status is: mask, pending after arch_timer_starting_cpu() called.
>>> Because irq 30 triggered only 1 time during capture kernel booting,
>>> I think this problem maybe happened in the case like:
>>> 1:irq 30 triggered, but not acked by cpu yet.
>>> 2:local_irq_disable() called
>>> 3:system reboot -->capture kernel booting
>>> 4:local_irq_enable()
>>> 5:irq 30 acked by CPU.
>>>
>>> Is this case possible?
>>
>> I can't see how, because you've missed:
>>
>> 3b: All PPIs are disabled as each CPU comes up
>>
>> So for (5) to occur, I can only see two possibilities:
>> (a) either something else is enabling the timer PPI
> 
> I checked the whole process, the irq 30 alway keeping disabled.
> 
>> (b) your GIC doesn't correctly retire a pending PPI that is being disabled
> 
> According to our hardware guy said, GIC in our system has problem in this case.
> Usually, when we mask irq 30, the interrupt which in pending status but not acked by cpu
> should be released/cleared by hardware, but actually, we did't do like this in our system.

That's crazy. This means that you cannot reliably mask interrupts. :-(
Does this only affect PPIs? Or does it affect all interrupt types?

> So, this conclusion just same as you assumption.
> 
> Do you have any suggestion or workaround for this problem?

Well, this issue goes way beyond the hack you wanted to add to the
generic code, and it should probably be addressed in the GIC code
itself, as an implementation specific workaround. Without knowing the
details of the erratum, it is difficult to think of that would be
required. I can come up with something like this:

	irqnr = gic_read_iar();
	if (unlikely(!is_enabled(irqnr))) {
		gic_write_eoir(irqnr);
		if (static_key_true(&supports_deactivate))
			gic_write_dir(irqnr);
		set_pending(irqnr);
		continue;
	}

Performance will suffer (an extra MMIO access on the fast path). If LPIs
are also affected, then the ITS code also needs to be involved, and
that's not going to be pretty either. This code will have to be enabled
at runtime, and handled like other erratum we have in this code.

Thanks,

	M.
-- 
Jazz is not dead. It just smells funny...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ