| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jan 2022 15:00:21 -0800 (PST)
From: Palmer Dabbelt <palmer@...osinc.com>
To: Atish Patra <atishp@...osinc.com>
CC: linux-riscv@...ts.infradead.org,
Paul Walmsley <paul.walmsley@...ive.com>,
aou@...s.berkeley.edu, anup@...infault.org,
Atish Patra <atishp@...osinc.com>, jszhang@...nel.org,
vincent.chen@...ive.com, sunnanyong@...wei.com,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
Atish Patra <atishp@...osinc.com>, stable@...r.kernel.org
Subject: Re: [PATCH] RISC-V: Prevent sbi_ecall() from being inlined
On Thu, 27 Jan 2022 11:55:55 PST (-0800), Palmer Dabbelt wrote:
> From: Palmer Dabbelt <palmer@...osinc.com>
>
> The SBI spec defines SBI calls as following the standard calling
> convention, but we don't actually inform GCC of that when making an
As per some discussion on the SBI spec, this definition isn't internally
consistent. I've got some WIP to make proper inline SBI macros --
that'll be necessary either way the spec goes (ie, to get rid of all the
zeros), but I'm going to leave this alone until the spec gets sorted
out.
> ecall. Unfortunately this does actually manifest for the more complex
> SBI call wrappers, for example sbi_s, for example sbi_send_ipi_v02()
> uses t1.
>
> This patch just marks sbi_ecall() as noinline, which implicitly enforces
> the standard calling convention.
>
> Fixes : b9dcd9e41587 ("RISC-V: Add basic support for SBI v0.2")
> Cc: stable@...r.kernel.org
> Reported-by: Atish Patra <atishp@...osinc.com>
> Signed-off-by: Palmer Dabbelt <palmer@...osinc.com>
> ---
> This is more of a stop-gap fix than anything else, but it's small enough
> that it should be straight-forward to back port to stable. This bug has
> existed forever, in theory, but none of this was specified in SBI-0.1
> so the backport to the introduction of 0.2 should be sufficient.
> No extant versions OpenSBI or BBL will manifest issues here, as they
> save all registers, but the spec is quite explicit so we're better off
> getting back in line sooner rather than later.
>
> There'll be some marginal performance impact here. I'll send a
> follow-on to clean up the SBI call wrappers in a way that allows
> inlining without violating the spec, but that'll be a bigger change and
> thus isn't really suitable for stable.
> ---
> arch/riscv/kernel/sbi.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/riscv/kernel/sbi.c b/arch/riscv/kernel/sbi.c
> index f72527fcb347..7be586f5dc69 100644
> --- a/arch/riscv/kernel/sbi.c
> +++ b/arch/riscv/kernel/sbi.c
> @@ -21,6 +21,11 @@ static int (*__sbi_rfence)(int fid, const struct cpumask *cpu_mask,
> unsigned long start, unsigned long size,
> unsigned long arg4, unsigned long arg5) __ro_after_init;
>
> +/*
> + * This ecall stub can't be inlined because we're relying on the presence of a
> + * function call to enforce the calling convention.
> + */
> +noinline
> struct sbiret sbi_ecall(int ext, int fid, unsigned long arg0,
> unsigned long arg1, unsigned long arg2,
> unsigned long arg3, unsigned long arg4,
Powered by blists - more mailing lists