| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 May 2019 16:25:42 +0800
From: Wei Li <liwei391@...wei.com>
To: <catalin.marinas@....com>, <will.deacon@....com>,
<marc.zyngier@....com>, <tglx@...utronix.de>,
<jason@...edaemon.net>
CC: <julien.thierry@....com>, <Suzuki.Poulose@....com>,
<sudeep.holla@....com>, <steve.capper@....com>,
<lorenzo.pieralisi@....com>, <daniel.thompson@...aro.org>,
<james.morse@....com>, <linux-arm-kernel@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>
Subject: [PATCH 3/3] arm64: Avoid entering NMI context improperly
As the pseudo NMI can be enabled/disabled by cmdline parameter, the
arch_trigger_cpumask_backtrace() may still work through a normal IPI.
In this patch, we export the gic_supports_nmi() and add a check in
IPI_CPU_BACKTRACE process to avoid entering NMI context when pseudo
NMI is disabled.
Signed-off-by: Wei Li <liwei391@...wei.com>
---
arch/arm64/include/asm/arch_gicv3.h | 8 ++++++++
arch/arm64/kernel/smp.c | 14 ++++++++++++--
drivers/irqchip/irq-gic-v3.c | 8 +-------
3 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/arch/arm64/include/asm/arch_gicv3.h b/arch/arm64/include/asm/arch_gicv3.h
index 14b41ddc68ba..6655701ea7d4 100644
--- a/arch/arm64/include/asm/arch_gicv3.h
+++ b/arch/arm64/include/asm/arch_gicv3.h
@@ -156,6 +156,14 @@ static inline u32 gic_read_rpr(void)
#define gits_write_vpendbaser(v, c) writeq_relaxed(v, c)
#define gits_read_vpendbaser(c) readq_relaxed(c)
+extern struct static_key_false supports_pseudo_nmis;
+
+static inline bool gic_supports_nmi(void)
+{
+ return IS_ENABLED(CONFIG_ARM64_PSEUDO_NMI) &&
+ static_branch_likely(&supports_pseudo_nmis);
+}
+
static inline bool gic_prio_masking_enabled(void)
{
return system_uses_irq_prio_masking();
diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
index 7e862f9124f3..5550951527ea 100644
--- a/arch/arm64/kernel/smp.c
+++ b/arch/arm64/kernel/smp.c
@@ -950,9 +950,19 @@ void handle_IPI(int ipinr, struct pt_regs *regs)
#endif
case IPI_CPU_BACKTRACE:
- nmi_enter();
+ if (gic_supports_nmi()) {
+ nmi_enter();
+ } else {
+ printk_nmi_enter();
+ irq_enter();
+ }
nmi_cpu_backtrace(regs);
- nmi_exit();
+ if (gic_supports_nmi()) {
+ nmi_exit();
+ } else {
+ irq_exit();
+ printk_nmi_exit();
+ }
break;
default:
diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c
index 394aa5668dd6..b701727258b0 100644
--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -90,7 +90,7 @@ static DEFINE_STATIC_KEY_TRUE(supports_deactivate_key);
* For now, we only support pseudo-NMIs if we have non-secure view of
* priorities.
*/
-static DEFINE_STATIC_KEY_FALSE(supports_pseudo_nmis);
+DEFINE_STATIC_KEY_FALSE(supports_pseudo_nmis);
/* ppi_nmi_refs[n] == number of cpus having ppi[n + 16] set as NMI */
static refcount_t ppi_nmi_refs[16];
@@ -261,12 +261,6 @@ static void gic_unmask_irq(struct irq_data *d)
gic_poke_irq(d, GICD_ISENABLER);
}
-static inline bool gic_supports_nmi(void)
-{
- return IS_ENABLED(CONFIG_ARM64_PSEUDO_NMI) &&
- static_branch_likely(&supports_pseudo_nmis);
-}
-
static int gic_irq_set_irqchip_state(struct irq_data *d,
enum irqchip_irq_state which, bool val)
{
--
2.17.1
Powered by blists - more mailing lists