lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <e647de48-fd74-eabc-0a57-c2c519a36012@arm.com> Date: Thu, 11 Apr 2019 17:50:39 +0100 From: Julien Grall <julien.grall@....com> To: Dave Martin <Dave.Martin@....com> Cc: linux-arm-kernel@...ts.infradead.org, bigeasy@...utronix.de, linux-rt-users@...r.kernel.org, catalin.marinas@....com, will.deacon@....com, ard.biesheuvel@...aro.org, linux-kernel@...r.kernel.org Subject: Re: [RFC PATCH] arm64/fpsimd: Don't disable softirq when touching FPSIMD/SVE state Hi Dave, On 4/11/19 5:34 PM, Dave Martin wrote: > On Thu, Apr 11, 2019 at 04:58:41PM +0100, Julien Grall wrote: >> Hi Dave, >> >> On 4/5/19 4:07 PM, Dave Martin wrote: >>> On Fri, Apr 05, 2019 at 10:02:45AM +0100, Julien Grall wrote: >>>>>> +#ifdef CONFIG_KERNEL_MODE_NEON >>>>>> + >>>>>> /* >>>>>> * may_use_simd - whether it is allowable at this time to issue SIMD >>>>>> * instructions or access the SIMD register file >>>>>> diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c >>>>>> index 5ebe73b69961..b7e5dac26190 100644 >>>>>> --- a/arch/arm64/kernel/fpsimd.c >>>>>> +++ b/arch/arm64/kernel/fpsimd.c >>>>>> @@ -90,7 +90,8 @@ >>>>>> * To prevent this from racing with the manipulation of the task's FPSIMD state >>>>>> * from task context and thereby corrupting the state, it is necessary to >>>>>> * protect any manipulation of a task's fpsimd_state or TIF_FOREIGN_FPSTATE >>>>>> - * flag with local_bh_disable() unless softirqs are already masked. >>>>>> + * flag with kernel_neon_{disable, enable}. This will still allow softirqs to >>>>>> + * run but prevent them to use FPSIMD. >>>>>> * >>>>>> * For a certain task, the sequence may look something like this: >>>>>> * - the task gets scheduled in; if both the task's fpsimd_cpu field >>>>>> @@ -142,6 +143,9 @@ extern void __percpu *efi_sve_state; >>>>>> #endif /* ! CONFIG_ARM64_SVE */ >>>>>> +static void kernel_neon_disable(void); >>>>>> +static void kernel_neon_enable(void); >>>>> >>>>> I find these names a bit confusing: _disable() actualy enables FPSIMD/SVE >>>>> context access for the current context (i.e., makes it safe). >>>>> >>>>> Since these also disable/enable preemption, perhaps we can align them >>>>> with the existing get_cpu()/put_cpu(), something like: >>>>> >>>>> void get_cpu_fpsimd_context(); >>>>> vold put_cpu_fpsimd_context(); >>>>> >>>>> If you consider it's worth adding the checking helper I alluded to >>>>> above, it could then be called something like: >>>>> >>>>> bool have_cpu_fpsimd_context(); >>>> >>>> I am not sure where you suggested a checking helper above. Do you refer to >>>> exposing kernel_neon_busy even for !CONFIG_KERNEL_MODE_NEON? >>> >>> Hmmm, looks like I got my reply out of order here. >>> >>> I meant the helper (if any) to check >>> !preemptible() && !__this_cpu_read(kernel_neon_busy). >> >> I guess you are using && instead of || because some of the caller may not >> call get_cpu_fpsimd_context() before but still disable preemption, right? >> >> Wouldn't it be better to have all the user calling get_cpu_fpsimd_context() >> and put_cpu_fpsimd_context()? >> >> This has the advantage to uniformize how the way FPSIMD is protected and >> also... > > My expectation is that all users would have called > get_cpu_fpsimd_context(). This is not the case today (see kvm_arch_vcpu_put_fp), I will look at protecting it with a call to get_cpu_fpsimd_context(). > > The reason for writing the check that way is that we can't meaningfully > inspect percpu variables unless we are non-preemptible already. The && > means we don't do the percpu read at all is the case where preemptible() > is true. I am not sure to understand why it would be necessary. this_cpu_read(kernel_neon_busy) should be sufficient here. If it is set then, preemption is disabled. Or are you worried about user directly setting kernel_neon_busy instead of calling get_cpu_fpsimd_context? > > Or do you think my logic is wrong somewhere? (It's possible...) I think your logic would not return the correct value. We want have_cpu_fpsimd_context() to return true if it is not preemptible and kernel_neon_busy is true. So we would want: !preemptible() && __this_cpu_read(kernel_neon_busy) If we speak about the implementation of have_cpu_fpsimd_context(), then we want: !preemptible() && __this_cpu_read(kernel_neon_busy) Cheers, -- Julien Grall
Powered by blists - more mailing lists