lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <871r6yajy7.wl-maz@kernel.org>
Date:   Thu, 12 Aug 2021 14:09:20 +0100
From:   Marc Zyngier <maz@...nel.org>
To:     Alexandru Elisei <alexandru.elisei@....com>
Cc:     Chen-Yu Tsai <wenst@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] irqchip/gic-v3: Fix priority comparison when non-secure priorities are used

On Thu, 12 Aug 2021 12:51:34 +0100,
Alexandru Elisei <alexandru.elisei@....com> wrote:
> 
> Hi,
> 
> After re-familiarizing myself with the spec, it starting to look to
> me like indeed there's something not quite right (read as: totally
> broken) with my patch.
> 
> Arm IHI 0069F, the pseudocode for reading ICC_RPR_EL1 (page 11-797),
> says that the priority returned is unchanged if SCTLR_EL3.FIQ ==
> 0.

Sure, but look at what ICC_RPR_EL1 does for FIQ==1:

<quote>
if HaveEL(EL3) && !IsSecure() && SCR_EL3.FIQ == '1' then
    // A Non-secure GIC access and Group 0 inaccessible to Non-secure.
        if pPriority<7> == '0' then
	    // Priority is in Secure half and not visible to Non-secure
	    Priority = Zeros();
        elsif !IsOnes(pPriority) then
	    // Non-secure access and not idle, so physical priority must be shifted
            pPriority<7:0> = (pPriority AND PRIMask())<6:0>:'0';

return ZeroExtend(pPriority);
</quote>

See how the the priority is shifted *left* (bits [6:0] end up in
[7:1])?

> This means that the ICC_RPR_EL1 read will return the secure view
> (the value as it is stored by the GIC) of the priority, so for
> pseudo-nmis it will return (GICD_INT_NMI_PRI >> 1) | 0x80, which
> definitely != GICD_INT_NMI_PRI.

That's not my reading of the pseudocode.

> This is further confirmed by this statement on page 4-67:
> 
> "When GICD_CTLR.DS == 0, [..] For Non-secure access to ICC_PMR_EL1
> and ICC_RPR_EL1 when SCR_EL3.FIQ == 0: The Secure, unshifted view
> applies."
> 
> I don't know how I missed that during testing.
> 
> Did a quick test on the model with PMU NMIs (GICD_CTRL.DS = 0,
> SCTLR_EL2.FIQ = 0), gic_handle_nmi() was not being called at all,

0? Really????

> but when I changed the comparison to gic_read_rpr() ==
> ((GICD_INT_NMI_PRI >> 1) | 0x80), NMIs were being correctly handled
> again.

You have completely lost me. This contradicts what you have written
above.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ