lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d8575593-588d-406e-bcd3-eaec93e43e2c@sifive.com>
Date: Thu, 13 Jun 2024 11:59:55 -0500
From: Samuel Holland <samuel.holland@...ive.com>
To: Deepak Gupta <debug@...osinc.com>
Cc: linux-riscv@...ts.infradead.org, Palmer Dabbelt <palmer@...belt.com>,
 Andrew Jones <ajones@...tanamicro.com>, Conor Dooley <conor@...nel.org>,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] riscv: Add support for per-thread envcfg CSR values

Hi Deepak,

On 2024-06-07 4:59 PM, Deepak Gupta wrote:
> On Wed, Jun 05, 2024 at 01:56:46PM -0700, Samuel Holland wrote:
>> Some bits in the [ms]envcfg CSR, such as the CFI state and pointer
>> masking mode, need to be controlled on a per-thread basis. Support this
>> by keeping a copy of the CSR value in struct thread_struct and writing
>> it during context switches. It is safe to discard the old CSR value
>> during the context switch because the CSR is modified only by software,
>> so the CSR will remain in sync with the copy in thread_struct.
>>
>> Use ALTERNATIVE directly instead of riscv_has_extension_unlikely() to
>> minimize branchiness in the context switching code.
>>
>> Since thread_struct is copied during fork(), setting the value for the
>> init task sets the default value for all other threads.
>>
>> Signed-off-by: Samuel Holland <samuel.holland@...ive.com>
>> ---
>>
>> arch/riscv/include/asm/processor.h | 1 +
>> arch/riscv/include/asm/switch_to.h | 8 ++++++++
>> arch/riscv/kernel/cpufeature.c     | 2 +-
>> 3 files changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/riscv/include/asm/processor.h
>> b/arch/riscv/include/asm/processor.h
>> index 68c3432dc6ea..0838922bd1c8 100644
>> --- a/arch/riscv/include/asm/processor.h
>> +++ b/arch/riscv/include/asm/processor.h
>> @@ -118,6 +118,7 @@ struct thread_struct {
>>     unsigned long s[12];    /* s[0]: frame pointer */
>>     struct __riscv_d_ext_state fstate;
>>     unsigned long bad_cause;
>> +    unsigned long envcfg;
>>     u32 riscv_v_flags;
>>     u32 vstate_ctrl;
>>     struct __riscv_v_ext_state vstate;
>> diff --git a/arch/riscv/include/asm/switch_to.h
>> b/arch/riscv/include/asm/switch_to.h
>> index 7594df37cc9f..9685cd85e57c 100644
>> --- a/arch/riscv/include/asm/switch_to.h
>> +++ b/arch/riscv/include/asm/switch_to.h
>> @@ -70,6 +70,13 @@ static __always_inline bool has_fpu(void) { return false; }
>> #define __switch_to_fpu(__prev, __next) do { } while (0)
>> #endif
>>
>> +static inline void __switch_to_envcfg(struct task_struct *next)
>> +{
>> +    asm volatile (ALTERNATIVE("nop", "csrw " __stringify(CSR_ENVCFG) ", %0",
>> +                  0, RISCV_ISA_EXT_XLINUXENVCFG, 1)
>> +            :: "r" (next->thread.envcfg) : "memory");
>> +}
>> +
>> extern struct task_struct *__switch_to(struct task_struct *,
>>                        struct task_struct *);
>>
>> @@ -103,6 +110,7 @@ do {                            \
>>         __switch_to_vector(__prev, __next);    \
>>     if (switch_to_should_flush_icache(__next))    \
>>         local_flush_icache_all();        \
>> +    __switch_to_envcfg(__next);            \
>>     ((last) = __switch_to(__prev, __next));        \
>> } while (0)
> 
> Suggestion:
> Probably make this patch 1
> 
>>
>> diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c
>> index 2879e26dbcd8..1153b96346ae 100644
>> --- a/arch/riscv/kernel/cpufeature.c
>> +++ b/arch/riscv/kernel/cpufeature.c
>> @@ -728,7 +728,7 @@ unsigned long riscv_get_elf_hwcap(void)
>> void riscv_user_isa_enable(void)
>> {
>>     if (riscv_has_extension_unlikely(RISCV_ISA_EXT_ZICBOZ))
>> -        csr_set(CSR_ENVCFG, ENVCFG_CBZE);
>> +        current->thread.envcfg |= ENVCFG_CBZE;
> 
> Suggestion:
> Squash this with current patch 1 and call it patch 2.

This reorganization doesn't work. If I add __switch_to_envcfg() first without
this change, then the CSR would get zeroed out during the first context switch,
so userspace cbo.zero would be broken after the first patch.

Regards,
Samuel

>>     else if (any_cpu_has_zicboz)
>>         pr_warn_once("Zicboz disabled as it is unavailable on some harts\n");
>> }
>> -- 
>> 2.44.1
>>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ