lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1f6f2c41-54a3-07d2-4949-1b4abfb1498f@sholland.org>
Date:   Sat, 28 May 2022 20:27:48 -0500
From:   Samuel Holland <samuel@...lland.org>
To:     Heiko Stuebner <heiko@...ech.de>, palmer@...belt.com,
        paul.walmsley@...ive.com
Cc:     linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
        wefu@...hat.com, guoren@...nel.org, mick@....forth.gr,
        cmuellner@...ux.com, philipp.tomsich@...ll.eu, hch@....de
Subject: Re: [PATCH v2 5/5] riscv: remove usage of function-pointers from
 cpufeatures and t-head errata

On 5/26/22 3:56 PM, Heiko Stuebner wrote:
> Having a list of alternatives to check with a per-entry function pointer
> to a check function is nice style-wise. But in case of early-alternatives
> it can clash with the non-relocated kernel and the function pointer in
> the list pointing to a completely wrong location.
> 
> This isn't an issue with one or two list entries, as in that case the
> compiler seems to unroll the loop and even usage of the list structure
> and then only does relative jumps into the check functions based on this.
> 
> When adding a third entry to either list though, the issue that was
> hiding there from the beginning is triggered resulting a jump to a
> memory address that isn't part of the kernel at all.
> 
> The list of features/erratas only contained an unused name and the
> pointer to the check function, so an easy solution for the problem
> is to just unroll the loop in code, dismantle the whole list structure
> and just call the relevant check functions one by one ourself.
> 
> For the T-Head errata this includes moving the stage-check inside
> the check functions.
> 
> The issue is only relevant for things that might be called for early-
> alternatives (T-Head and possible future main extensions), so the
> SiFive erratas were not affected from the beginning, as they got
> an early return for early-alternatives in the original patchset.
> 
> Signed-off-by: Heiko Stuebner <heiko@...ech.de>
> ---
>  arch/riscv/errata/thead/errata.c | 38 ++++++++++----------------------
>  arch/riscv/kernel/cpufeature.c   | 32 +++++++++------------------
>  2 files changed, 22 insertions(+), 48 deletions(-)
> 
> diff --git a/arch/riscv/errata/thead/errata.c b/arch/riscv/errata/thead/errata.c
> index e5d75270b99c..cc155228247d 100644
> --- a/arch/riscv/errata/thead/errata.c
> +++ b/arch/riscv/errata/thead/errata.c
> @@ -14,40 +14,26 @@
>  #include <asm/patch.h>
>  #include <asm/vendorid_list.h>
>  
> -struct errata_info {
> -	char name[ERRATA_STRING_LENGTH_MAX];
> -	bool (*check_func)(unsigned long arch_id, unsigned long impid);
> -	unsigned int stage;
> -};
> -
> -static bool errata_mt_check_func(unsigned long  arch_id, unsigned long impid)
> +static bool errata_probe_pbmt(unsigned int stage,
> +			      unsigned long arch_id, unsigned long impid)
>  {
>  	if (arch_id != 0 || impid != 0)
>  		return false;
> -	return true;
> -}
>  
> -static const struct errata_info errata_list[ERRATA_THEAD_NUMBER] = {
> -	{
> -		.name = "memory-types",
> -		.stage = RISCV_ALTERNATIVES_EARLY_BOOT,
> -		.check_func = errata_mt_check_func
> -	},
> -};
> +	if (stage == RISCV_ALTERNATIVES_EARLY_BOOT ||
> +	    stage == RISCV_ALTERNATIVES_MODULE)
> +		return true;
> +
> +	return false;
> +}
>  
> -static u32 thead_errata_probe(unsigned int stage, unsigned long archid, unsigned long impid)
> +static u32 thead_errata_probe(unsigned int stage,
> +			      unsigned long archid, unsigned long impid)
>  {
> -	const struct errata_info *info;
>  	u32 cpu_req_errata = 0;
> -	int idx;
> -
> -	for (idx = 0; idx < ERRATA_THEAD_NUMBER; idx++) {
> -		info = &errata_list[idx];
>  
> -		if ((stage == RISCV_ALTERNATIVES_MODULE ||
> -		     info->stage == stage) && info->check_func(archid, impid))
> -			cpu_req_errata |= (1U << idx);
> -	}
> +	if (errata_probe_pbmt(stage, archid, impid))
> +		cpu_req_errata |= (1U << ERRATA_THEAD_PBMT);
>  
>  	return cpu_req_errata;
>  }
> diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c
> index b33564df81e1..b63c25c55bf1 100644
> --- a/arch/riscv/kernel/cpufeature.c
> +++ b/arch/riscv/kernel/cpufeature.c
> @@ -246,12 +246,7 @@ void __init riscv_fill_hwcap(void)
>  }
>  
>  #ifdef CONFIG_RISCV_ALTERNATIVE
> -struct cpufeature_info {
> -	char name[ERRATA_STRING_LENGTH_MAX];
> -	bool (*check_func)(unsigned int stage);
> -};
> -
> -static bool __init_or_module cpufeature_svpbmt_check_func(unsigned int stage)
> +static bool __init_or_module cpufeature_probe_svpbmt(unsigned int stage)

Now that this function isn't used as a function pointer anymore, it doesn't need
to be specific to SVPBMT. I think the logic here is the same for ZICBOM. Does it
make sense to move it to the calling function?

With the conflicts between this and the CMO series manually fixed:

Tested-by: Samuel Holland <samuel@...lland.org>

Regards,
Samuel

>  {
>  #ifdef CONFIG_RISCV_ISA_SVPBMT
>  	switch (stage) {
> @@ -265,26 +260,19 @@ static bool __init_or_module cpufeature_svpbmt_check_func(unsigned int stage)
>  	return false;
>  }
>  
> -static const struct cpufeature_info __initdata_or_module
> -cpufeature_list[CPUFEATURE_NUMBER] = {
> -	{
> -		.name = "svpbmt",
> -		.check_func = cpufeature_svpbmt_check_func
> -	},
> -};
> -
> +/*
> + * Probe presence of individual extensions.
> + *
> + * This code may also be executed before kernel relocation, so we cannot use
> + * addresses generated by the address-of operator as they won't be valid in
> + * this context.
> + */
>  static u32 __init_or_module cpufeature_probe(unsigned int stage)
>  {
> -	const struct cpufeature_info *info;
>  	u32 cpu_req_feature = 0;
> -	int idx;
> -
> -	for (idx = 0; idx < CPUFEATURE_NUMBER; idx++) {
> -		info = &cpufeature_list[idx];
>  
> -		if (info->check_func(stage))
> -			cpu_req_feature |= (1U << idx);
> -	}
> +	if (cpufeature_probe_svpbmt(stage))
> +		cpu_req_feature |= (1U << CPUFEATURE_SVPBMT);
>  
>  	return cpu_req_feature;
>  }
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ