lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87r165gmoz.ffs@tglx>
Date:   Sun, 10 Apr 2022 14:14:20 +0200
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Pete Swain <swine@...gle.com>, Ingo Molnar <mingo@...hat.com>,
        Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org
Cc:     "H. Peter Anvin" <hpa@...or.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>,
        John Stultz <john.stultz@...aro.org>,
        Stephen Boyd <sboyd@...nel.org>,
        "Maciej W. Rozycki" <macro@...am.me.uk>,
        Johan Hovold <johan@...nel.org>,
        Feng Tang <feng.tang@...el.com>,
        "Paul E. McKenney" <paulmck@...nel.org>,
        Juergen Gross <jgross@...e.com>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org, Pete Swain <swine@...gle.com>
Subject: Re: [PATCH 2/2] timers: retpoline mitigation for time funcs

On Fri, Feb 18 2022 at 14:18, Pete Swain wrote:
> Adds indirect call exports for clock reads from tsc, apic,
> hrtimer, via clock-event, timekeeper & posix interfaces.

Sure, but why?

> Signed-off-by: Pete Swain <swine@...gle.com>
> ---
>  arch/x86/kernel/apic/apic.c    |  8 +++++---
>  arch/x86/kernel/tsc.c          |  3 ++-
>  include/linux/hrtimer.h        | 19 ++++++++++++++++---
>  kernel/time/clockevents.c      |  9 ++++++---
>  kernel/time/hrtimer.c          |  3 ++-
>  kernel/time/posix-cpu-timers.c |  4 ++--
>  kernel/time/posix-timers.c     |  3 ++-
>  kernel/time/timekeeping.c      |  2 +-
>  8 files changed, 36 insertions(+), 15 deletions(-)

Can this please be split up properly? 

> diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
> index b70344bf6600..523a569dd35e 100644
> --- a/arch/x86/kernel/apic/apic.c
> +++ b/arch/x86/kernel/apic/apic.c
> @@ -463,15 +463,17 @@ EXPORT_SYMBOL_GPL(setup_APIC_eilvt);
>  /*
>   * Program the next event, relative to now
>   */
> -static int lapic_next_event(unsigned long delta,
> +INDIRECT_CALLABLE_SCOPE
> +int lapic_next_event(unsigned long delta,
>  			    struct clock_event_device *evt)

So this was formatted properly:

static int lapic_next_event(unsigned long delta,
  			    struct clock_event_device *evt)

Now it turned into garbage:

INDIRECT_CALLABLE_SCOPE
int lapic_next_event(unsigned long delta,
  			    struct clock_event_device *evt)

while:

INDIRECT_CALLABLE_SCOPE int lapic_next_event(unsigned long delta,
					     struct clock_event_device *evt)
or

INDIRECT_CALLABLE_SCOPE
int lapic_next_event(unsigned long delta, struct clock_event_device *evt)

are both what a reader would expect.

Similar issues all over the place.

> diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
> index a698196377be..ff2868d5ddea 100644
> --- a/arch/x86/kernel/tsc.c
> +++ b/arch/x86/kernel/tsc.c
> @@ -1090,7 +1090,8 @@ static void tsc_resume(struct clocksource *cs)
>   * checking the result of read_tsc() - cycle_last for being negative.
>   * That works because CLOCKSOURCE_MASK(64) does not mask out any bit.
>   */
> -static u64 read_tsc(struct clocksource *cs)
> +INDIRECT_CALLABLE_SCOPE
> +u64 read_tsc(struct clocksource *cs)

What's the extra line for?

>  {
>  	return (u64)rdtsc_ordered();
>  }
> diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h
> index 0ee140176f10..9d2d110f0b8c 100644
> --- a/include/linux/hrtimer.h
> +++ b/include/linux/hrtimer.h
> @@ -20,6 +20,7 @@
>  #include <linux/seqlock.h>
>  #include <linux/timer.h>
>  #include <linux/timerqueue.h>
> +#include <linux/indirect_call_wrapper.h>
>  
>  struct hrtimer_clock_base;
>  struct hrtimer_cpu_base;
> @@ -297,14 +298,17 @@ static inline s64 hrtimer_get_expires_ns(const struct hrtimer *timer)
>  	return ktime_to_ns(timer->node.expires);
>  }
>  
> +INDIRECT_CALLABLE_DECLARE(extern ktime_t ktime_get(void));
> +
>  static inline ktime_t hrtimer_expires_remaining(const struct hrtimer *timer)
>  {
> -	return ktime_sub(timer->node.expires, timer->base->get_time());
> +	return ktime_sub(timer->node.expires,
> +			INDIRECT_CALL_1(timer->base->get_time, ktime_get));

This wants a proper explanation in a changelog for the hrtimer check,
why this is optimized for ktime_get().

>  }
>  
>  static inline ktime_t hrtimer_cb_get_time(struct hrtimer *timer)
>  {
> -	return timer->base->get_time();
> +	return INDIRECT_CALL_1(timer->base->get_time, ktime_get);
>  }
>  
>  static inline int hrtimer_is_hres_active(struct hrtimer *timer)
> @@ -503,7 +507,9 @@ hrtimer_forward(struct hrtimer *timer, ktime_t now, ktime_t interval);
>  static inline u64 hrtimer_forward_now(struct hrtimer *timer,
>  				      ktime_t interval)
>  {
> -	return hrtimer_forward(timer, timer->base->get_time(), interval);
> +	return hrtimer_forward(timer,
> +			INDIRECT_CALL_1(timer->base->get_time, ktime_get),
> +			interval);
>  }
>  
>  /* Precise sleep: */
> @@ -536,4 +542,11 @@ int hrtimers_dead_cpu(unsigned int cpu);
>  #define hrtimers_dead_cpu	NULL
>  #endif
>  
> +struct clock_event_device;
> +INDIRECT_CALLABLE_DECLARE(extern __weak u64 read_tsc(struct clocksource *cs));
> +INDIRECT_CALLABLE_DECLARE(extern int thread_cpu_clock_get(
> +		const clockid_t which_clock, struct timespec64 *tp));
> +INDIRECT_CALLABLE_DECLARE(extern __weak int lapic_next_deadline(
> +		unsigned long delta, struct clock_event_device *evt));
> +

No. This is not how it works. This is a generic header and x86 specific
muck has no place here.

>  #endif
> diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c
> index 003ccf338d20..ac15412e87c4 100644
> --- a/kernel/time/clockevents.c
> +++ b/kernel/time/clockevents.c
> @@ -245,7 +245,8 @@ static int clockevents_program_min_delta(struct clock_event_device *dev)
>  
>  		dev->retries++;
>  		clc = ((unsigned long long) delta * dev->mult) >> dev->shift;
> -		if (dev->set_next_event((unsigned long) clc, dev) == 0)
> +		if (INDIRECT_CALL_1(dev->set_next_event, lapic_next_deadline,
> +				  (unsigned long) clc, dev) == 0)

No. We are not sprinkling x86'isms into generic code.

> diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c
> index 96b4e7810426..d8bf325fa84e 100644
> --- a/kernel/time/posix-cpu-timers.c
> +++ b/kernel/time/posix-cpu-timers.c
> @@ -1596,8 +1596,8 @@ static int thread_cpu_clock_getres(const clockid_t which_clock,
>  {
>  	return posix_cpu_clock_getres(THREAD_CLOCK, tp);
>  }
> -static int thread_cpu_clock_get(const clockid_t which_clock,
> -				struct timespec64 *tp)
> +INDIRECT_CALLABLE_SCOPE
> +int thread_cpu_clock_get(const clockid_t which_clock, struct timespec64 *tp)
>  {
>  	return posix_cpu_clock_get(THREAD_CLOCK, tp);
>  }
> diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
> index 1cd10b102c51..35eac10ee796 100644
> --- a/kernel/time/posix-timers.c
> +++ b/kernel/time/posix-timers.c
> @@ -1089,7 +1089,8 @@ SYSCALL_DEFINE2(clock_gettime, const clockid_t, which_clock,
>  	if (!kc)
>  		return -EINVAL;
>  
> -	error = kc->clock_get_timespec(which_clock, &kernel_tp);
> +	error = INDIRECT_CALL_1(kc->clock_get_timespec, thread_cpu_clock_get,
> +				which_clock, &kernel_tp);

The argument for selecting thread_cpu_clock_get() as optimization target
is?

>  
>  	if (!error && put_timespec64(&kernel_tp, tp))
>  		error = -EFAULT;
> diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
> index dcdcb85121e4..2b1a3b146614 100644
> --- a/kernel/time/timekeeping.c
> +++ b/kernel/time/timekeeping.c
> @@ -190,7 +190,7 @@ static inline u64 tk_clock_read(const struct tk_read_base *tkr)
>  {
>  	struct clocksource *clock = READ_ONCE(tkr->clock);
>  
> -	return clock->read(clock);
> +	return INDIRECT_CALL_1(clock->read, read_tsc, clock);

Again. No X86 muck here.

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ