lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191011142137.GH27757@arm.com>
Date:   Fri, 11 Oct 2019 15:21:38 +0100
From:   Dave Martin <Dave.Martin@....com>
To:     Suzuki K Poulose <suzuki.poulose@....com>
Cc:     mark.rutland@....com, catalin.marinas@....com, will@...nel.org,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 1/3] arm64: cpufeature: Fix the type of no FP/SIMD
 capability

On Fri, Oct 11, 2019 at 01:13:18PM +0100, Suzuki K Poulose wrote: > Hi Dave
> 
> On 11/10/2019 12:36, Dave Martin wrote:
> >On Thu, Oct 10, 2019 at 06:15:15PM +0100, Suzuki K Poulose wrote:
> >>The NO_FPSIMD capability is defined with scope SYSTEM, which implies
> >>that the "absence" of FP/SIMD on at least one CPU is detected only
> >>after all the SMP CPUs are brought up. However, we use the status
> >>of this capability for every context switch. So, let us change
> >>the scop to LOCAL_CPU to allow the detection of this capability
> >>as and when the first CPU without FP is brought up.
> >>
> >>Also, the current type allows hotplugged CPU to be brought up without
> >>FP/SIMD when all the current CPUs have FP/SIMD and we have the userspace
> >>up. Fix both of these issues by changing the capability to
> >>BOOT_RESTRICTED_LOCAL_CPU_FEATURE.
> >>
> >>Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD")
> >>Cc: Will Deacon <will@...nel.org>
> >>Cc: Mark Rutland <mark.rutland@....com>
> >>Cc: Catalin Marinas <catalin.marinas@....com>
> >>Signed-off-by: Suzuki K Poulose <suzuki.poulose@....com>
> >>---
> >>  arch/arm64/kernel/cpufeature.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >>diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> >>index 9323bcc40a58..0f9eace6c64b 100644
> >>--- a/arch/arm64/kernel/cpufeature.c
> >>+++ b/arch/arm64/kernel/cpufeature.c
> >>@@ -1361,7 +1361,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
> >>  	{
> >>  		/* FP/SIMD is not implemented */
> >>  		.capability = ARM64_HAS_NO_FPSIMD,
> >>-		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
> >>+		.type = ARM64_CPUCAP_BOOT_RESTRICTED_CPU_LOCAL_FEATURE,
> >
> >ARM64_HAS_NO_FPSIMD is really a disability, not a capability.
> >
> >Although we have other things that smell like this (CPU errata for
> >example), I wonder whether inverting the meaning in the case would
> >make the situation easier to understand.
> 
> Yes, it is indeed a disability, more on that below.
> 
> >
> >So, we'd have ARM64_HAS_FPSIMD, with a minimum (signed) feature field
> >value of 0.  Then this just looks like an ARM64_CPUCAP_SYSTEM_FEATURE
> >IIUC.  We'd just need to invert the sense of the check in
> >system_supports_fpsimd().
> 
> This is particularly something we want to avoid with this patch. We want
> to make sure that we have the up-to-date status of the disability right
> when it happens. i.e, a CPU without FP/SIMD is brought up. With SYSTEM_FEATURE
> you have to wait until we bring all the CPUs up. Also, for HAS_FPSIMD,
> you must wait until all the CPUs are up, unlike the negated capability.

I don't see why waiting for the random defective early CPU to come up is
better than waiting for all the early CPUs to come up and then deciding.

Kernel-mode NEON aside, the status of this cap should not matter until
we enter userspace for the first time.

The only issue is if e.g., crypto drivers that can use kernel-mode NEON
probe for it before all early CPUs are up, and so cache the wrong
decision.  The current approach doesn't cope with that anyway AFAICT.

> >>  		.min_field_value = 0,
> >
> >(Does .min_field_value == 0 make sense, or is it even used?  I thought
> >only the default has_cpuid_feature() match logic uses that.)
> 
> True, it is not used for this particular case.

Ok, just wondering.

Cheers
---Dave

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ