lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Mar 2017 10:21:48 -0600 From: Julia Cartwright <julia@...com> To: Julia Lawall <Julia.Lawall@...6.fr>, Gilles Muller <Gilles.Muller@...6.fr>, Nicolas Palix <nicolas.palix@...g.fr>, Michal Marek <mmarek@...e.com> CC: <linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Linus Walleij <linus.walleij@...aro.org>, <cocci@...teme.lip6.fr> Subject: [PATCH 01/19] Coccinelle: locks: identify callers of spin_lock{,_irq,_irqsave}() in irqchip implementations On PREEMPT_RT, the spinlock_t type becomes an object which sleeps under contention. The codepaths used to support scheduling (irq dispatching, arch code, the scheduler, timers) therefore must make use of the raw_spin_lock{,_irq,_irqsave}() variations which preserve the non-sleeping spinlock behavior. Because the irq_chip callbacks are invoked in the process of interrupt dispatch, they cannot therefore make use of spin_lock_t type. Instead, the usage of raw_spinlock_t is appropriate. Provide a spatch to identify (and attempt to patch) such problematic irqchip implementations. Note to those generating patches using this spatch; in order to maintain correct semantics w/ PREEMPT_RT, it is necessary to audit the raw_spinlock_t-protected codepaths to ensure their execution is bounded and minimal. This is a manual audit process. See commit 47b03ca903fb0 ("pinctrl: qcom: Use raw spinlock variants") as an example of _one_ such instance, which fixed a real bug seen in the field. Cc: Thomas Gleixner <tglx@...utronix.de> Cc: Sebastian Andrzej Siewior <bigeasy@...utronix.de> Cc: Linus Walleij <linus.walleij@...aro.org> Signed-off-by: Julia Cartwright <julia@...com> --- .../coccinelle/locks/irq_chip_raw_spinlock.cocci | 96 ++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 scripts/coccinelle/locks/irq_chip_raw_spinlock.cocci diff --git a/scripts/coccinelle/locks/irq_chip_raw_spinlock.cocci b/scripts/coccinelle/locks/irq_chip_raw_spinlock.cocci new file mode 100644 index 000000000000..73fd4519ae29 --- /dev/null +++ b/scripts/coccinelle/locks/irq_chip_raw_spinlock.cocci @@ -0,0 +1,96 @@ +// Copyright: (C) 2017 National Instruments Corp. GPLv2. +// Author: Julia Cartwright <julia@...com> +// +// Identify callers of non-raw spinlock_t functions in hardirq irq_chip +// callbacks. +// +// spin_lock{_irq,_irqsave}(), w/ PREEMPT_RT are "sleeping" spinlocks, and so +// therefore "sleep" under contention; identify (and potentially patch) callers +// to use raw_spinlock_t instead. +// +// Confidence: Moderate + +virtual report +virtual patch + +@...ch@ +identifier __irqchip; +identifier __irq_mask; +@@ + static struct irq_chip __irqchip = { + .irq_mask = __irq_mask, + }; + +@...ch2 depends on match@ +identifier match.__irq_mask; +identifier data; +identifier x; +identifier l; +type T; +position j0; +expression flags; +@@ + static void __irq_mask(struct irq_data *data) + { + ... + T *x; + ... +( + spin_lock_irqsave(&x->l@j0, flags); +| + spin_lock_irq(&x->l@j0); +| + spin_lock(&x->l@j0); +) + ... + } + +@...ch3 depends on match2 && patch@ +type match2.T; +identifier match2.l; +@@ + T { + ... +- spinlock_t l; ++ raw_spinlock_t l; + ... + }; + +@...ch4 depends on match2 && patch@ +type match2.T; +identifier match2.l; +expression flags; +T *x; +@@ + +( +-spin_lock(&x->l) ++raw_spin_lock(&x->l) +| +-spin_lock_irqsave(&x->l, flags) ++raw_spin_lock_irqsave(&x->l, flags) +| +-spin_lock_irq(&x->l) ++raw_spin_lock_irq(&x->l) +| +-spin_unlock(&x->l) ++raw_spin_unlock(&x->l) +| +-spin_unlock_irq(&x->l) ++raw_spin_unlock_irq(&x->l) +| +-spin_unlock_irqrestore(&x->l, flags) ++raw_spin_unlock_irqrestore(&x->l, flags) +| +-spin_lock_init(&x->l) ++raw_spin_lock_init(&x->l) +) + +@...ipt:python wat depends on match2 && report@ +j0 << match2.j0; +t << match2.T; +l << match2.l; +@@ + +msg = "Use of non-raw spinlock is illegal in this context (%s::%s)" % (t, l) +coccilib.report.print_report(j0[0], msg) -- 2.11.1
Powered by blists - more mailing lists