lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 23 Jul 2021 05:27:13 +0000
From:   Jianyong Wu <Jianyong.Wu@....com>
To:     Marc Zyngier <maz@...nel.org>
CC:     James Morse <James.Morse@....com>,
        Andre Przywara <Andre.Przywara@....com>,
        "lushenming@...wei.com" <lushenming@...wei.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "kvmarm@...ts.cs.columbia.edu" <kvmarm@...ts.cs.columbia.edu>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Justin He <Justin.He@....com>
Subject: RE: [PATCH] doc/arm: take care restore order of GICR_* in ITS restore

Hi Marc,

Get it! Thanks for your explanation.

Thanks
Jianyong

> -----Original Message-----
> From: Marc Zyngier <maz@...nel.org>
> Sent: Thursday, July 22, 2021 4:11 PM
> To: Jianyong Wu <Jianyong.Wu@....com>
> Cc: James Morse <James.Morse@....com>; Andre Przywara
> <Andre.Przywara@....com>; lushenming@...wei.com;
> kvm@...r.kernel.org; kvmarm@...ts.cs.columbia.edu; linux-
> doc@...r.kernel.org; linux-kernel@...r.kernel.org; Justin He
> <Justin.He@....com>
> Subject: Re: [PATCH] doc/arm: take care restore order of GICR_* in ITS
> restore
>
> On Thu, 22 Jul 2021 03:49:52 +0100,
> Jianyong Wu <Jianyong.Wu@....com> wrote:
> >
> > Hello Marc,
> >
> > > -----Original Message-----
> > > From: Marc Zyngier <maz@...nel.org>
> > > Sent: Wednesday, July 21, 2021 5:54 PM
> > > To: Jianyong Wu <Jianyong.Wu@....com>
> > > Cc: James Morse <James.Morse@....com>; Andre Przywara
> > > <Andre.Przywara@....com>; lushenming@...wei.com;
> > > kvm@...r.kernel.org; kvmarm@...ts.cs.columbia.edu; linux-
> > > doc@...r.kernel.org; linux-kernel@...r.kernel.org; Justin He
> > > <Justin.He@....com>
> > > Subject: Re: [PATCH] doc/arm: take care restore order of GICR_* in
> > > ITS restore
> > >
> > > On Wed, 21 Jul 2021 10:20:19 +0100,
> > > Jianyong Wu <jianyong.wu@....com> wrote:
> > > >
> > > > When restore GIC/ITS, GICR_CTLR must be restored after
> > > > GICR_PROPBASER and GICR_PENDBASER. That is important, as both of
> > > > GICR_PROPBASER and GICR_PENDBASER will fail to be loaded when lpi
> > > > has enabled yet in GICR_CTLR. Keep the restore order above will avoid
> that issue.
> > > > Shout it out at the doc is very helpful that may avoid lots of debug work.
> > >
> > > But that's something that is already mandated by the architecture, isn't it?
> > > See "5.1 LPIs" in the architecture spec:
> > >
> > > <quote>
> > >
> > > If GICR_PROPBASER is updated when GICR_CTLR.EnableLPIs == 1, the
> > > effects are UNPREDICTABLE.
> > >
> > > [...]
> > >
> > > If GICR_PENDBASER is updated when GICR_CTLR.EnableLPIs == 1, the
> > > effects are UNPREDICTABLE.
> > >
> >
> > I think this "UNPREDICTABLE" related with the "physical machine". Am I
> > right?
>
> No, you are unfortunately wrong. The architecture applies to *any*
> implementation, and makes no distinction between a HW implementation of
> a SW version. This is why we call it an architecture, and not an
> implementation.
>
> > In virtualization environment, kernel gives the definite answer that
> > we should not enable GICR_CTLR.EnableLPIs before restoring
> > GICR_PROPBASER(GICR_PENDBASER either) when restore GIC ITS in VMM,
> see
> > [1]. Thus, should we consider the virtualization environment as a
> > special case?
>
> Absolutely not.  If you start special casing things, then we end-up having
> stupidly designed SW that tries to do stupid things based on the supposed
> properties of an implementation.
>
> We follow the architecture, all the architecture, nothing but the architecture.
> The architecture is the only barrier between insanity and pure madness! ;-)
>
> >
> > [1] linux/arch/arm64/kvm/vgic/vgic-mmio-v3.c
> > static void vgic_mmio_write_propbase(struct kvm_vcpu *vcpu,
> >                                      gpa_t addr, unsigned int len,
> >                                      unsigned long val) {
> >         struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
> >         struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
> >         u64 old_propbaser, propbaser;
> >
> >         /* Storing a value with LPIs already enabled is undefined */
> >         if (vgic_cpu->lpis_enabled)
> >            return;
> > ...
> > }
>
> Do you see how the kernel does exactly what the architecture says we can do?
> Ignoring the write is a perfectly valid implementation of UNPREDICTABLE.
>
> So what we do is completely in line with the architecture. As such, no need to
> document it any further, everything is already where it should be. If
> someone tries to write code dealing with the GIC without understanding the
> architecture, no amount of additional documentation will help.
>
> Thanks,
>
>       M.
>
> --
> Without deviation from the norm, progress is not possible.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Powered by blists - more mailing lists