| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Jan 2019 18:05:31 +0000
From: Julien Thierry <julien.thierry@....com>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc: linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Daniel Thompson <daniel.thompson@...aro.org>,
Joel Fernandes <joel@...lfernandes.org>,
Marc Zyngier <marc.zyngier@....com>,
Christoffer Dall <christoffer.dall@....com>,
James Morse <james.morse@....com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Mark Rutland <mark.rutland@....com>,
Oleg Nesterov <oleg@...hat.com>
Subject: Re: [PATCH v9 12/26] arm64: irqflags: Use ICC_PMR_EL1 for interrupt
masking
On 21/01/2019 15:45, Ard Biesheuvel wrote:
> On Mon, 21 Jan 2019 at 16:34, Julien Thierry <julien.thierry@....com> wrote:
>>
>> Instead disabling interrupts by setting the PSR.I bit, use a priority
>> higher than the one used for interrupts to mask them via PMR.
>>
>> When using PMR to disable interrupts, the value of PMR will be used
>> instead of PSR.[DAIF] for the irqflags.
>>
>> Signed-off-by: Julien Thierry <julien.thierry@....com>
>> Suggested-by: Daniel Thompson <daniel.thompson@...aro.org>
>> Cc: Catalin Marinas <catalin.marinas@....com>
>> Cc: Will Deacon <will.deacon@....com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@...aro.org>
>> Cc: Oleg Nesterov <oleg@...hat.com>
>> ---
>> arch/arm64/include/asm/efi.h | 6 +++
>> arch/arm64/include/asm/irqflags.h | 104 ++++++++++++++++++++++++++++----------
>> 2 files changed, 82 insertions(+), 28 deletions(-)
>>
>> diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h
>> index 7ed3208..3db6772 100644
>> --- a/arch/arm64/include/asm/efi.h
>> +++ b/arch/arm64/include/asm/efi.h
>> @@ -44,6 +44,12 @@
>>
>> #define ARCH_EFI_IRQ_FLAGS_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT)
>>
>> +#define arch_efi_save_flags(state_flags) \
>> + ((void)((state_flags) = read_sysreg(daif)))
>> +
>> +#define arch_efi_restore_flags(state_flags) write_sysreg(state_flags, daif)
>> +
>> +
>> /* arch specific definitions used by the stub code */
>>
>> /*
>
> For the EFI changes
>
> Acked-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>
Thanks!
>
> although it deserves a comment as to why it is unaffected by
> ARM64_HAS_IRQ_PRIO_MASKING
So far we've relied on EFI not modifying PMR, otherwise we could've
ended up without any interrupts in Linux after coming back from an EFI
service.
Now, the ARM64_HAS_IRQ_PRIO_MASKING only modifies the behaviour of
Linux, but we should have the same expectations from EFI. If we want to
be paranoid we could save/restore PMR along with the DAIF flags.
But you're right, it is fair to add a comment clearly stating that we
expect EFI not to modify PMR. I'll include that in the next posting.
Thanks,
Julien
>
>
>> diff --git a/arch/arm64/include/asm/irqflags.h b/arch/arm64/include/asm/irqflags.h
>> index 24692ed..7e82a92 100644
>> --- a/arch/arm64/include/asm/irqflags.h
>> +++ b/arch/arm64/include/asm/irqflags.h
>> @@ -18,7 +18,9 @@
>>
>> #ifdef __KERNEL__
>>
>> +#include <asm/alternative.h>
>> #include <asm/ptrace.h>
>> +#include <asm/sysreg.h>
>>
>> /*
>> * Aarch64 has flags for masking: Debug, Asynchronous (serror), Interrupts and
>> @@ -36,33 +38,31 @@
>> /*
>> * CPU interrupt mask handling.
>> */
>> -static inline unsigned long arch_local_irq_save(void)
>> -{
>> - unsigned long flags;
>> - asm volatile(
>> - "mrs %0, daif // arch_local_irq_save\n"
>> - "msr daifset, #2"
>> - : "=r" (flags)
>> - :
>> - : "memory");
>> - return flags;
>> -}
>> -
>> static inline void arch_local_irq_enable(void)
>> {
>> - asm volatile(
>> - "msr daifclr, #2 // arch_local_irq_enable"
>> - :
>> + unsigned long unmasked = GIC_PRIO_IRQON;
>> +
>> + asm volatile(ALTERNATIVE(
>> + "msr daifclr, #2 // arch_local_irq_enable\n"
>> + "nop",
>> + "msr_s " __stringify(SYS_ICC_PMR_EL1) ",%0\n"
>> + "dsb sy",
>> + ARM64_HAS_IRQ_PRIO_MASKING)
>> :
>> + : "r" (unmasked)
>> : "memory");
>> }
>>
>> static inline void arch_local_irq_disable(void)
>> {
>> - asm volatile(
>> - "msr daifset, #2 // arch_local_irq_disable"
>> - :
>> + unsigned long masked = GIC_PRIO_IRQOFF;
>> +
>> + asm volatile(ALTERNATIVE(
>> + "msr daifset, #2 // arch_local_irq_disable",
>> + "msr_s " __stringify(SYS_ICC_PMR_EL1) ", %0",
>> + ARM64_HAS_IRQ_PRIO_MASKING)
>> :
>> + : "r" (masked)
>> : "memory");
>> }
>>
>> @@ -71,12 +71,44 @@ static inline void arch_local_irq_disable(void)
>> */
>> static inline unsigned long arch_local_save_flags(void)
>> {
>> + unsigned long daif_bits;
>> unsigned long flags;
>> - asm volatile(
>> - "mrs %0, daif // arch_local_save_flags"
>> - : "=r" (flags)
>> - :
>> +
>> + daif_bits = read_sysreg(daif);
>> +
>> + /*
>> + * The asm is logically equivalent to:
>> + *
>> + * if (system_uses_irq_prio_masking())
>> + * flags = (daif_bits & PSR_I_BIT) ?
>> + * GIC_PRIO_IRQOFF :
>> + * read_sysreg_s(SYS_ICC_PMR_EL1);
>> + * else
>> + * flags = daif_bits;
>> + */
>> + asm volatile(ALTERNATIVE(
>> + "mov %0, %1\n"
>> + "nop\n"
>> + "nop",
>> + "mrs_s %0, " __stringify(SYS_ICC_PMR_EL1) "\n"
>> + "ands %1, %1, " __stringify(PSR_I_BIT) "\n"
>> + "csel %0, %0, %2, eq",
>> + ARM64_HAS_IRQ_PRIO_MASKING)
>> + : "=&r" (flags), "+r" (daif_bits)
>> + : "r" (GIC_PRIO_IRQOFF)
>> : "memory");
>> +
>> + return flags;
>> +}
>> +
>> +static inline unsigned long arch_local_irq_save(void)
>> +{
>> + unsigned long flags;
>> +
>> + flags = arch_local_save_flags();
>> +
>> + arch_local_irq_disable();
>> +
>> return flags;
>> }
>>
>> @@ -85,16 +117,32 @@ static inline unsigned long arch_local_save_flags(void)
>> */
>> static inline void arch_local_irq_restore(unsigned long flags)
>> {
>> - asm volatile(
>> - "msr daif, %0 // arch_local_irq_restore"
>> - :
>> - : "r" (flags)
>> - : "memory");
>> + asm volatile(ALTERNATIVE(
>> + "msr daif, %0\n"
>> + "nop",
>> + "msr_s " __stringify(SYS_ICC_PMR_EL1) ", %0\n"
>> + "dsb sy",
>> + ARM64_HAS_IRQ_PRIO_MASKING)
>> + : "+r" (flags)
>> + :
>> + : "memory");
>> }
>>
>> static inline int arch_irqs_disabled_flags(unsigned long flags)
>> {
>> - return flags & PSR_I_BIT;
>> + int res;
>> +
>> + asm volatile(ALTERNATIVE(
>> + "and %w0, %w1, #" __stringify(PSR_I_BIT) "\n"
>> + "nop",
>> + "cmp %w1, #" __stringify(GIC_PRIO_IRQOFF) "\n"
>> + "cset %w0, ls",
>> + ARM64_HAS_IRQ_PRIO_MASKING)
>> + : "=&r" (res)
>> + : "r" ((int) flags)
>> + : "memory");
>> +
>> + return res;
>> }
>> #endif
>> #endif
>> --
>> 1.9.1
>>
--
Julien Thierry
Powered by blists - more mailing lists