lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251006100758.624934-1-lpieralisi@kernel.org>
Date: Mon,  6 Oct 2025 12:07:58 +0200
From: Lorenzo Pieralisi <lpieralisi@...nel.org>
To: linux-kernel@...r.kernel.org
Cc: linux-arm-kernel@...ts.infradead.org,
	Sascha Bischoff <sascha.bischoff@....com>,
	Will Deacon <will@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Catalin Marinas <catalin.marinas@....com>,
	Mark Rutland <mark.rutland@....com>,
	Marc Zyngier <maz@...nel.org>
Subject: [PATCH] irqchip/gic-v5: Fix GIC CDEOI instruction encoding

The GIC CDEOI system instruction requires the Rt field to be set to 0b11111
otherwise the instruction behaviour becomes CONSTRAINED UNPREDICTABLE.

Currenly, its usage is encoded as a system register write, with an immediate 0
value:

write_sysreg_s(0, GICV5_OP_GIC_CDEOI)

Whilst this might turn out to work if the compiler encodes the immediate 0
value into an XZR register in the MSR operation (ie that corresponds to
Rt == 0b11111), it is not reliable and actually it does not work when the
kernel is compiled with LLVM that does not yet understand the asm inline
constraints enabling direct XZR usage for system instruction encodings
(in write_sysreg_s()).

Rename the __SYS_BARRIER_INSN macro and use it to generate the required
GIC CDEOI encoding instead of relying on write_sysreg_s() with an immediate
0 value, fixing the issue.

Fixes: 7ec80fb3f025 ("irqchip/gic-v5: Add GICv5 PPI support")
Signed-off-by: Lorenzo Pieralisi <lpieralisi@...nel.org>
Cc: stable@...r.kernel.org
Cc: Sascha Bischoff <sascha.bischoff@....com>
Cc: Will Deacon <will@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Catalin Marinas <catalin.marinas@....com>
Cc: Mark Rutland <mark.rutland@....com>
Cc: Marc Zyngier <maz@...nel.org>
---
 arch/arm64/include/asm/sysreg.h | 20 +++++++++++++++-----
 drivers/irqchip/irq-gic-v5.c    |  4 ++--
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 6455db1b54fd..6cf8c46ddde5 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -113,14 +113,14 @@
 /* Register-based PAN access, for save/restore purposes */
 #define SYS_PSTATE_PAN			sys_reg(3, 0, 4, 2, 3)
 
-#define __SYS_BARRIER_INSN(op0, op1, CRn, CRm, op2, Rt)			\
+#define __SYS_INSN(op0, op1, CRn, CRm, op2, Rt)				\
 	__emit_inst(0xd5000000					|	\
 		    sys_insn((op0), (op1), (CRn), (CRm), (op2))	|	\
 		    ((Rt) & 0x1f))
 
-#define SB_BARRIER_INSN			__SYS_BARRIER_INSN(0, 3, 3, 0, 7, 31)
-#define GSB_SYS_BARRIER_INSN		__SYS_BARRIER_INSN(1, 0, 12, 0, 0, 31)
-#define GSB_ACK_BARRIER_INSN		__SYS_BARRIER_INSN(1, 0, 12, 0, 1, 31)
+#define SB_BARRIER_INSN			__SYS_INSN(0, 3, 3, 0, 7, 31)
+#define GSB_SYS_BARRIER_INSN		__SYS_INSN(1, 0, 12, 0, 0, 31)
+#define GSB_ACK_BARRIER_INSN		__SYS_INSN(1, 0, 12, 0, 1, 31)
 
 /* Data cache zero operations */
 #define SYS_DC_ISW			sys_insn(1, 0, 7, 6, 2)
@@ -1075,7 +1075,6 @@
 #define GICV5_OP_GIC_CDDIS		sys_insn(1, 0, 12, 1, 0)
 #define GICV5_OP_GIC_CDHM		sys_insn(1, 0, 12, 2, 1)
 #define GICV5_OP_GIC_CDEN		sys_insn(1, 0, 12, 1, 1)
-#define GICV5_OP_GIC_CDEOI		sys_insn(1, 0, 12, 1, 7)
 #define GICV5_OP_GIC_CDPEND		sys_insn(1, 0, 12, 1, 4)
 #define GICV5_OP_GIC_CDPRI		sys_insn(1, 0, 12, 1, 2)
 #define GICV5_OP_GIC_CDRCFG		sys_insn(1, 0, 12, 1, 5)
@@ -1129,6 +1128,17 @@
 #define gicr_insn(insn)			read_sysreg_s(GICV5_OP_GICR_##insn)
 #define gic_insn(v, insn)		write_sysreg_s(v, GICV5_OP_GIC_##insn)
 
+/*
+ * GIC CDEOI encoding requires Rt to be 0b11111.
+ * gic_insn() with an immediate value of 0 cannot be used to encode it
+ * because some compilers do not follow asm inline constraints in
+ * write_sysreg_s() to turn an immediate 0 value into an XZR as
+ * MSR source register.
+ * Use __SYS_INSN to specify its precise encoding explicitly.
+ */
+#define GICV5_CDEOI_INSN		__SYS_INSN(1, 0, 12, 1, 7, 31)
+#define gic_cdeoi()			asm volatile(GICV5_CDEOI_INSN)
+
 #define ARM64_FEATURE_FIELD_BITS	4
 
 #ifdef __ASSEMBLY__
diff --git a/drivers/irqchip/irq-gic-v5.c b/drivers/irqchip/irq-gic-v5.c
index 41ef286c4d78..b607c943c47d 100644
--- a/drivers/irqchip/irq-gic-v5.c
+++ b/drivers/irqchip/irq-gic-v5.c
@@ -218,14 +218,14 @@ static void gicv5_hwirq_eoi(u32 hwirq_id, u8 hwirq_type)
 
 	gic_insn(cddi, CDDI);
 
-	gic_insn(0, CDEOI);
+	gic_cdeoi();
 }
 
 static void gicv5_ppi_irq_eoi(struct irq_data *d)
 {
 	/* Skip deactivate for forwarded PPI interrupts */
 	if (irqd_is_forwarded_to_vcpu(d)) {
-		gic_insn(0, CDEOI);
+		gic_cdeoi();
 		return;
 	}
 
-- 
2.48.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ