| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2190a195-53bb-09a8-9130-101c040edd09@loongson.cn>
Date: Fri, 30 Dec 2022 13:58:18 +0800
From: Jinyang He <hejinyang@...ngson.cn>
To: Qi Hu <huqi@...ngson.cn>, Huacai Chen <chenhuacai@...nel.org>
Cc: WANG Xuerui <kernel@...0n.name>,
Tiezhu Yang <yangtiezhu@...ngson.cn>,
loongarch@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] LoongArch: Fix irq enable in exception handlers
On 2022-12-29 14:54, Qi Hu wrote:
>
> On 2022/12/29 14:13, Jinyang He wrote:
>> On 2022-12-29 00:51, Qi Hu wrote:
>>
>>>
>>> On 2022/12/27 18:10, Jinyang He wrote:
>>>> On 2022-12-27 17:52, Huacai Chen wrote:
>>>>
>>>>> On Tue, Dec 27, 2022 at 5:30 PM Jinyang He <hejinyang@...ngson.cn>
>>>>> wrote:
>>>>>>
>>>>>> On 2022-12-27 15:37, Huacai Chen wrote:
>>>>>>> Hi, Jinyang,
>>>>>>>
>>>>>>> Move die_if_kernel to irq disabled context to solve what?
>>>>>> For more strict logical. If the code flow go to die in
>>>>>> die_if_kernel(),
>>>>>> its interrupt state is enable, that means it may cause schedule.
>>>>>> So I think it is better to call die_if_kernel() firstly.
>>>>> die_if_kernel is called with irq enabled in old kernels for several
>>>>> years, and has no problems.
>>>>
>>>>
>>>> I think because it never call die() in die_if_kernel(). What I do
>>>> emphasize is that there needs to be more strict logic here than
>>>> it worked well in the past. I bet if die_if_kernel() was removed,
>>>> it will still work well in the future.
>>>>
>>>>
>>>>>
>>>>>>
>>>>>>> And LBT is
>>>>>>> surely allowed to be triggered in kernel context.
>>>>>> I'm not familar with lbt, I just not see any lbt codes in kernel.
>>>>>> Plz,
>>>>>> how lbt exception triggered, and how kernel trigger lbt exception?
>>>>> You can ask Huqi for more details, and this was discussed publicly
>>>>> last week.
>>>>
>>>> To: Qi Hu
>>>>
>>>>
>>>> Hi,
>>>>
>>>>
>>>> We really need some help. Can you give us some ideas?
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Jinyang
>>>>
>>> Huacai is correct. The LBT disable exception (BTD) can be triggered
>>> in kernel context.
>>>
>>> If the CSR.ENEU.BTE == 0 [^1], the LBT instructions (these [^2] will
>>> be used in the kernel) will trigger the exception.
>>>
>>> Unfortunately, when you want to do some fpu_{save, restore}, you
>>> need to use some LBT instructions [^3] [^4]. So if FPD is triggered,
>>> LBT might still not be enabled, and the 'do_lbt' will be called in
>>> the kernel context.
>>>
>>> Hope the information can help. Thanks.
>>>
>>>
>>> [1]
>>> https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#extended-component-unit-enable
>>>
>>> [2]
>>> https://github.com/loongson/linux/pull/4/files#diff-381d03cf86e2796d280e2fc82c005409d5e44b4bbbf90dd0dc17f5f0fa5553f1R140-R184
>>>
>>> [3]
>>> https://github.com/loongson/linux/pull/4/files#diff-381d03cf86e2796d280e2fc82c005409d5e44b4bbbf90dd0dc17f5f0fa5553f1R218-R230
>>>
>>> [4]
>>> https://github.com/loongson/linux/pull/4/files#diff-381d03cf86e2796d280e2fc82c005409d5e44b4bbbf90dd0dc17f5f0fa5553f1R236-R263
>>>
>>>
>> Hi,
>>
>>
>> That's helpful. Thanks!
>>
>>
>> But I still wonder if SXD or ASXD have the same possibility of being
>> triggered in the kernel mode by sc_save_{lsx, lasx} or other place.
>> Do we need remove these die_if_kernel codes in do_lasx() and do_lsx()?
>>
>>
>> Jinyang
>>
> Hi Jinyang,
>
> I think only BTD has this tricky situation, because there is some
> overlap between FPD/SXD/ASXD and BTD.
>
> So, in my view, SXD or ASXD will not be triggered in kernel mode.
>
> Thanks.
>
>
> Qi
Got it. Thanks for your help. And I'll fix my patch in next version.
Jinyang
>
>>
>>> Qi
>>>
>>>>
>>>>> Huacai
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Jinyang
>>>>>>
>>>>>>
>>>>>>> Huacai
>>>>>>>
>>>>>>> On Wed, Dec 21, 2022 at 3:43 PM Jinyang He
>>>>>>> <hejinyang@...ngson.cn> wrote:
>>>>>>>> The interrupt state can be got by regs->csr_prmd. Once previous
>>>>>>>> interrupt state is disable, we shouldn't enable interrupt if we
>>>>>>>> triggered exception which can be triggered in kernel mode. So
>>>>>>>> conditionally enable interrupt. For those do_\exception which
>>>>>>>> can not triggered in kernel mode but need enable interrupt, call
>>>>>>>> die_if_kernel() firstly. And for do_lsx, do_lasx and do_lbt cannot
>>>>>>>> triggered in kernel mode, too.
>>>>>>>>
>>>>>>>> Signed-off-by: Jinyang He <hejinyang@...ngson.cn>
>>>>>>>> ---
>>>>>>>> arch/loongarch/kernel/traps.c | 19 ++++++++++---------
>>>>>>>> 1 file changed, 10 insertions(+), 9 deletions(-)
>>>>>>>>
>>>>>>>> diff --git a/arch/loongarch/kernel/traps.c
>>>>>>>> b/arch/loongarch/kernel/traps.c
>>>>>>>> index 1ea14f6c18d3..3ac7b32d1e15 100644
>>>>>>>> --- a/arch/loongarch/kernel/traps.c
>>>>>>>> +++ b/arch/loongarch/kernel/traps.c
>>>>>>>> @@ -340,9 +340,9 @@ asmlinkage void noinstr do_fpe(struct
>>>>>>>> pt_regs *regs, unsigned long fcsr)
>>>>>>>>
>>>>>>>> /* Clear FCSR.Cause before enabling interrupts */
>>>>>>>> write_fcsr(LOONGARCH_FCSR0, fcsr & ~mask_fcsr_x(fcsr));
>>>>>>>> - local_irq_enable();
>>>>>>>>
>>>>>>>> die_if_kernel("FP exception in kernel code", regs);
>>>>>>>> + local_irq_enable();
>>>>>>>>
>>>>>>>> sig = SIGFPE;
>>>>>>>> fault_addr = (void __user *) regs->csr_era;
>>>>>>>> @@ -432,7 +432,8 @@ asmlinkage void noinstr do_bp(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> unsigned long era = exception_era(regs);
>>>>>>>> irqentry_state_t state = irqentry_enter(regs);
>>>>>>>>
>>>>>>>> - local_irq_enable();
>>>>>>>> + if (regs->csr_prmd & CSR_PRMD_PIE)
>>>>>>>> + local_irq_enable();
>>>>>>>> current->thread.trap_nr = read_csr_excode();
>>>>>>>> if (__get_inst(&opcode, (u32 *)era, user))
>>>>>>>> goto out_sigsegv;
>>>>>>>> @@ -514,7 +515,8 @@ asmlinkage void noinstr do_ri(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> unsigned int __user *era = (unsigned int __user
>>>>>>>> *)exception_era(regs);
>>>>>>>> irqentry_state_t state = irqentry_enter(regs);
>>>>>>>>
>>>>>>>> - local_irq_enable();
>>>>>>>> + if (regs->csr_prmd & CSR_PRMD_PIE)
>>>>>>>> + local_irq_enable();
>>>>>>>> current->thread.trap_nr = read_csr_excode();
>>>>>>>>
>>>>>>>> if (notify_die(DIE_RI, "RI Fault", regs, 0,
>>>>>>>> current->thread.trap_nr,
>>>>>>>> @@ -606,8 +608,8 @@ asmlinkage void noinstr do_fpu(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> {
>>>>>>>> irqentry_state_t state = irqentry_enter(regs);
>>>>>>>>
>>>>>>>> - local_irq_enable();
>>>>>>>> die_if_kernel("do_fpu invoked from kernel context!",
>>>>>>>> regs);
>>>>>>>> + local_irq_enable();
>>>>>>>> BUG_ON(is_lsx_enabled());
>>>>>>>> BUG_ON(is_lasx_enabled());
>>>>>>>>
>>>>>>>> @@ -623,13 +625,13 @@ asmlinkage void noinstr do_lsx(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> {
>>>>>>>> irqentry_state_t state = irqentry_enter(regs);
>>>>>>>>
>>>>>>>> + die_if_kernel("do_lsx invoked from kernel context!",
>>>>>>>> regs);
>>>>>>>> local_irq_enable();
>>>>>>>> if (!cpu_has_lsx) {
>>>>>>>> force_sig(SIGILL);
>>>>>>>> goto out;
>>>>>>>> }
>>>>>>>>
>>>>>>>> - die_if_kernel("do_lsx invoked from kernel context!",
>>>>>>>> regs);
>>>>>>>> BUG_ON(is_lasx_enabled());
>>>>>>>>
>>>>>>>> preempt_disable();
>>>>>>>> @@ -645,14 +647,13 @@ asmlinkage void noinstr do_lasx(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> {
>>>>>>>> irqentry_state_t state = irqentry_enter(regs);
>>>>>>>>
>>>>>>>> + die_if_kernel("do_lasx invoked from kernel context!",
>>>>>>>> regs);
>>>>>>>> local_irq_enable();
>>>>>>>> if (!cpu_has_lasx) {
>>>>>>>> force_sig(SIGILL);
>>>>>>>> goto out;
>>>>>>>> }
>>>>>>>>
>>>>>>>> - die_if_kernel("do_lasx invoked from kernel context!",
>>>>>>>> regs);
>>>>>>>> -
>>>>>>>> preempt_disable();
>>>>>>>> init_restore_lasx();
>>>>>>>> preempt_enable();
>>>>>>>> @@ -666,6 +667,7 @@ asmlinkage void noinstr do_lbt(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> {
>>>>>>>> irqentry_state_t state = irqentry_enter(regs);
>>>>>>>>
>>>>>>>> + die_if_kernel("do_lbt invoked from kernel context!",
>>>>>>>> regs);
>>>>>>>> local_irq_enable();
>>>>>>>> force_sig(SIGILL);
>>>>>>>> local_irq_disable();
>>>>>>>> @@ -677,7 +679,6 @@ asmlinkage void noinstr do_reserved(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> {
>>>>>>>> irqentry_state_t state = irqentry_enter(regs);
>>>>>>>>
>>>>>>>> - local_irq_enable();
>>>>>>>> /*
>>>>>>>> * Game over - no way to handle this if it ever
>>>>>>>> occurs. Most probably
>>>>>>>> * caused by a fatal error after another
>>>>>>>> hardware/software error.
>>>>>>>> @@ -685,8 +686,8 @@ asmlinkage void noinstr do_reserved(struct
>>>>>>>> pt_regs *regs)
>>>>>>>> pr_err("Caught reserved exception %u on pid:%d [%s] -
>>>>>>>> should not happen\n",
>>>>>>>> read_csr_excode(), current->pid, current->comm);
>>>>>>>> die_if_kernel("do_reserved exception", regs);
>>>>>>>> + local_irq_enable();
>>>>>>>> force_sig(SIGUNUSED);
>>>>>>>> -
>>>>>>>> local_irq_disable();
>>>>>>>>
>>>>>>>> irqentry_exit(regs, state);
>>>>>>>> --
>>>>>>>> 2.34.3
>>>>>>>>
>>>>>>
>>>>
>>>
>>
Powered by blists - more mailing lists