| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jan 2019 21:12:23 +0800
From: Wei Li <liwei391@...wei.com>
To: <julien.thierry@....com>, <linux-arm-kernel@...ts.infradead.org>
CC: <linux-kernel@...r.kernel.org>, <marc.zyngier@....com>,
<daniel.thompson@...aro.org>, <catalin.marinas@....com>,
<will.deacon@....com>, <dave.martin@....com>,
<mark.rutland@....com>, <jason@...edaemon.net>,
<huawei.libin@...wei.com>, <guohanjun@...wei.com>,
<thunder.leizhen@...wei.com>
Subject: [PATCH] arm64: fix potential deadlock in arm64-provide-pseudo-NMI-with-GICv3
In some exception handlers, the interrupt is not reenabled by daifclr at first.
The later process may call local_irq_enable() to enable the interrupt, like
gic_handle_irq(). As we known, function local_irq_enable() just change the pmr now.
The following codes what i found may cause a deadlock or some issues else:
do_sp_pc_abort <- el0_sp_pc
do_el0_ia_bp_hardening <- el0_ia
kgdb_roundup_cpus <- el1_dbg
Signed-off-by: Wei Li <liwei391@...wei.com>
---
arch/arm64/kernel/kgdb.c | 4 ++++
arch/arm64/mm/fault.c | 6 ++++++
2 files changed, 10 insertions(+)
diff --git a/arch/arm64/kernel/kgdb.c b/arch/arm64/kernel/kgdb.c
index a20de58061a8..119fbf2c0788 100644
--- a/arch/arm64/kernel/kgdb.c
+++ b/arch/arm64/kernel/kgdb.c
@@ -25,6 +25,7 @@
#include <linux/kgdb.h>
#include <linux/kprobes.h>
#include <linux/sched/task_stack.h>
+#include <linux/irqchip/arm-gic-v3.h>
#include <asm/debug-monitors.h>
#include <asm/insn.h>
@@ -291,6 +292,9 @@ static void kgdb_call_nmi_hook(void *ignored)
void kgdb_roundup_cpus(unsigned long flags)
{
+ if (gic_prio_masking_enabled())
+ gic_arch_enable_irqs();
+
local_irq_enable();
smp_call_function(kgdb_call_nmi_hook, NULL, 0);
local_irq_disable();
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index 97ba2ba78aee..f7c39a0b28bc 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -32,6 +32,7 @@
#include <linux/perf_event.h>
#include <linux/preempt.h>
#include <linux/hugetlb.h>
+#include <linux/irqchip/arm-gic-v3.h>
#include <asm/bug.h>
#include <asm/cmpxchg.h>
@@ -780,6 +781,8 @@ asmlinkage void __exception do_el0_ia_bp_hardening(unsigned long addr,
if (addr > TASK_SIZE)
arm64_apply_bp_hardening();
+ if (gic_prio_masking_enabled())
+ gic_arch_enable_irqs();
local_irq_enable();
do_mem_abort(addr, esr, regs);
}
@@ -794,6 +797,9 @@ asmlinkage void __exception do_sp_pc_abort(unsigned long addr,
if (user_mode(regs)) {
if (instruction_pointer(regs) > TASK_SIZE)
arm64_apply_bp_hardening();
+
+ if (gic_prio_masking_enabled())
+ gic_arch_enable_irqs();
local_irq_enable();
}
--
2.17.1
Powered by blists - more mailing lists