lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 13:34:07 +0100 From: Mark Rutland <mark.rutland@....com> To: Marc Zyngier <maz@...nel.org> Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, Daniel Lezcano <daniel.lezcano@...aro.org>, Thomas Gleixner <tglx@...utronix.de>, Peter Shier <pshier@...gle.com>, Raghavendra Rao Ananta <rananta@...gle.com>, Ricardo Koller <ricarkol@...gle.com>, Oliver Upton <oupton@...gle.com>, Will Deacon <will@...nel.org>, Catalin Marinas <catalin.marinas@....com>, Linus Walleij <linus.walleij@...aro.org>, kernel-team@...roid.com Subject: Re: [PATCH 08/13] clocksource/arm_arch_timer: Work around broken CVAL implementations On Mon, Aug 09, 2021 at 04:26:46PM +0100, Marc Zyngier wrote: > The Applied Micro XGene-1 SoC has a busted implementation of the > CVAL register: it looks like it is based on TVAL instead of the > other way around. The net effect of this implementation blunder > is that the maximum deadline you can program in the timer is > 32bit wide. > > Detect the problematic case and limit the timer to 32bit deltas. > Note that we don't tie this bug to XGene specifically, as it may > also catch similar defects on other high-quality implementations. Do we know of any other implementations that have a similar bug? > Signed-off-by: Marc Zyngier <maz@...nel.org> > --- > drivers/clocksource/arm_arch_timer.c | 38 +++++++++++++++++++++++++++- > 1 file changed, 37 insertions(+), 1 deletion(-) > > diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c > index 895844c33351..1c596cd3cc5c 100644 > --- a/drivers/clocksource/arm_arch_timer.c > +++ b/drivers/clocksource/arm_arch_timer.c > @@ -778,9 +778,42 @@ static int arch_timer_set_next_event_phys_mem(unsigned long evt, > return 0; > } > > +static u64 __arch_timer_check_delta(void) > +{ > +#ifdef CONFIG_ARM64 > + u64 tmp; > + > + /* > + * XGene-1 implements CVAL in terms of TVAL, meaning that the > + * maximum timer range is 32bit. Shame on them. Detect the > + * issue by setting a timer to now+(1<<32), which will > + * immediately fire on the duff CPU. > + */ > + write_sysreg(0, cntv_ctl_el0); > + isb(); > + tmp = read_sysreg(cntvct_el0) | BIT(32); > + write_sysreg(tmp, cntv_cval_el0); This will fire on legitimate implementations fairly often. Consider if we enter this function at a time where CNTCVT_EL0[32] == 1, where: * At 100MHz, bit 32 flips every ~42.95 * At 200MHz, bit 32 flips every ~21.47 * At 1GHz, bit 32 flips every ~4.29s ... and ThunderX2 has a 200MHz frequency today, with SBSA recommending 100MHz. What does XGene-1 return upon a read of CVAL? If it always returns 0 for the high bits, we could do a timing-insensitive check for truncation of CVAL, e.g. | /* CVAL must be at least 56 bits wide, as with CNT */ | u64 mask = GENMASK(55, 0); | u64 val; | | write_sysreg(mask, cntv_cval_el0); | val = read_sysread(cnt_cval_el0); | | if (val != mask) { | /* What a great CPU */ | } Thanks, Mark. > + write_sysreg(ARCH_TIMER_CTRL_ENABLE | ARCH_TIMER_CTRL_IT_MASK, > + cntv_ctl_el0); > + isb(); > + > + tmp = read_sysreg(cntv_ctl_el0); > + write_sysreg(0, cntv_ctl_el0); > + isb(); > + > + if (tmp & ARCH_TIMER_CTRL_IT_STAT) { > + pr_warn_once("Detected broken implementation, limiting width to 32bits"); > + return CLOCKSOURCE_MASK(32); > + } > +#endif > + return CLOCKSOURCE_MASK(56); > +} > + > static void __arch_timer_setup(unsigned type, > struct clock_event_device *clk) > { > + u64 max_delta; > + > clk->features = CLOCK_EVT_FEAT_ONESHOT; > > if (type == ARCH_TIMER_TYPE_CP15) { > @@ -812,6 +845,7 @@ static void __arch_timer_setup(unsigned type, > } > > clk->set_next_event = sne; > + max_delta = __arch_timer_check_delta(); > } else { > clk->features |= CLOCK_EVT_FEAT_DYNIRQ; > clk->name = "arch_mem_timer"; > @@ -828,11 +862,13 @@ static void __arch_timer_setup(unsigned type, > clk->set_next_event = > arch_timer_set_next_event_phys_mem; > } > + > + max_delta = CLOCKSOURCE_MASK(56); > } > > clk->set_state_shutdown(clk); > > - clockevents_config_and_register(clk, arch_timer_rate, 0xf, CLOCKSOURCE_MASK(56)); > + clockevents_config_and_register(clk, arch_timer_rate, 0xf, max_delta); > } > > static void arch_timer_evtstrm_enable(int divider) > -- > 2.30.2 >
Powered by blists - more mailing lists