| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260103152400.552-1-naohiko.shimizu@gmail.com> Date: Sun, 4 Jan 2026 00:23:57 +0900 From: Naohiko Shimizu <naohiko.shimizu@...il.com> To: pjw@...nel.org, palmer@...belt.com, aou@...s.berkeley.edu Cc: alex@...ti.fr, anup@...infault.org, atish.patra@...ux.dev, daniel.lezcano@...aro.org, tglx@...utronix.de, nick.hu@...ive.com, linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, kvm-riscv@...ts.infradead.org, Naohiko Shimizu <naohiko.shimizu@...il.com> Subject: [PATCH v2 0/3] riscv: Fix potential spurious timer interrupts on RV32 This patch series addresses a potential race condition when updating 64-bit timer comparison registers (stimecmp/vstimecmp) on RV32 systems. According to the RISC-V Privileged Specification (specifically section 3.2.1 for mtimecmp, which applies logically to stimcmp as well), updating a 64-bit comparison register via two 32-bit writes can cause a spurious interrupt if the intermediate state is evaluated by the hardware. Currently, the Linux kernel (including v6.12) often writes the LSB first or does not use the recommended 3-step sequence (setting LSB to 0xFFFFFFFF first) on RV32. This can lead to a transient state where Time >= Compare is incorrectly true, triggering a "ghost" pending interrupt. Changes: 1. Fix suspend_restore_csrs to use the 3-step sequence for stimecmp. 2. Fix KVM vcpu timer updates to prevent vstimecmp hazards. 3. Fix riscv_clock_next_event in the clocksource driver. Although this hazard is difficult to observe in QEMU due to its instruction-boundary interrupt polling, it is a critical correctness issue for physical RV32 hardware implementations with asynchronous comparators. --- Changes in v2: - Added detailed architectural background in commit descriptions as requested by Anup. - Cited RISC-V Privileged Specification regarding 64-bit timer updates on RV32. Signed-off-by: Naohiko Shimizu <naohiko.shimizu@...il.com> Naohiko Shimizu (3): riscv: clocksource: Fix stimecmp update hazard on RV32 riscv: kvm: Fix vstimecmp update hazard on RV32 riscv: suspend: Fix stimecmp update hazard on RV32 arch/riscv/kernel/suspend.c | 3 ++- arch/riscv/kvm/vcpu_timer.c | 6 ++++-- drivers/clocksource/timer-riscv.c | 3 ++- 3 files changed, 8 insertions(+), 4 deletions(-) -- 2.39.5
Powered by blists - more mailing lists