From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Joey Gouly <joey.gouly@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Sasha Levin <sashal@kernel.org>,
ardb@kernel.org, tabba@google.com,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH AUTOSEL 5.17 28/49] arm64: alternatives: mark patch_alternative() as `noinstr`
Date: Mon, 11 Apr 2022 20:43:46 -0400 [thread overview]
Message-ID: <20220412004411.349427-28-sashal@kernel.org> (raw)
In-Reply-To: <20220412004411.349427-1-sashal@kernel.org>
From: Joey Gouly <joey.gouly@arm.com>
[ Upstream commit a2c0b0fbe01419f8f5d1c0b9c581631f34ffce8b ]
The alternatives code must be `noinstr` such that it does not patch itself,
as the cache invalidation is only performed after all the alternatives have
been applied.
Mark patch_alternative() as `noinstr`. Mark branch_insn_requires_update()
and get_alt_insn() with `__always_inline` since they are both only called
through patch_alternative().
Booting a kernel in QEMU TCG with KCSAN=y and ARM64_USE_LSE_ATOMICS=y caused
a boot hang:
[ 0.241121] CPU: All CPU(s) started at EL2
The alternatives code was patching the atomics in __tsan_read4() from LL/SC
atomics to LSE atomics.
The following fragment is using LL/SC atomics in the .text section:
| <__tsan_unaligned_read4+304>: ldxr x6, [x2]
| <__tsan_unaligned_read4+308>: add x6, x6, x5
| <__tsan_unaligned_read4+312>: stxr w7, x6, [x2]
| <__tsan_unaligned_read4+316>: cbnz w7, <__tsan_unaligned_read4+304>
This LL/SC atomic sequence was to be replaced with LSE atomics. However since
the alternatives code was instrumentable, __tsan_read4() was being called after
only the first instruction was replaced, which led to the following code in memory:
| <__tsan_unaligned_read4+304>: ldadd x5, x6, [x2]
| <__tsan_unaligned_read4+308>: add x6, x6, x5
| <__tsan_unaligned_read4+312>: stxr w7, x6, [x2]
| <__tsan_unaligned_read4+316>: cbnz w7, <__tsan_unaligned_read4+304>
This caused an infinite loop as the `stxr` instruction never completed successfully,
so `w7` was always 0.
Signed-off-by: Joey Gouly <joey.gouly@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20220405104733.11476-1-joey.gouly@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/alternative.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c
index 3fb79b76e9d9..7bbf5104b7b7 100644
--- a/arch/arm64/kernel/alternative.c
+++ b/arch/arm64/kernel/alternative.c
@@ -42,7 +42,7 @@ bool alternative_is_applied(u16 cpufeature)
/*
* Check if the target PC is within an alternative block.
*/
-static bool branch_insn_requires_update(struct alt_instr *alt, unsigned long pc)
+static __always_inline bool branch_insn_requires_update(struct alt_instr *alt, unsigned long pc)
{
unsigned long replptr = (unsigned long)ALT_REPL_PTR(alt);
return !(pc >= replptr && pc <= (replptr + alt->alt_len));
@@ -50,7 +50,7 @@ static bool branch_insn_requires_update(struct alt_instr *alt, unsigned long pc)
#define align_down(x, a) ((unsigned long)(x) & ~(((unsigned long)(a)) - 1))
-static u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnptr)
+static __always_inline u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnptr)
{
u32 insn;
@@ -95,7 +95,7 @@ static u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnp
return insn;
}
-static void patch_alternative(struct alt_instr *alt,
+static noinstr void patch_alternative(struct alt_instr *alt,
__le32 *origptr, __le32 *updptr, int nr_inst)
{
__le32 *replptr;
--
2.35.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Joey Gouly <joey.gouly@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Sasha Levin <sashal@kernel.org>,
ardb@kernel.org, tabba@google.com,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH AUTOSEL 5.17 28/49] arm64: alternatives: mark patch_alternative() as `noinstr`
Date: Mon, 11 Apr 2022 20:43:46 -0400 [thread overview]
Message-ID: <20220412004411.349427-28-sashal@kernel.org> (raw)
In-Reply-To: <20220412004411.349427-1-sashal@kernel.org>
From: Joey Gouly <joey.gouly@arm.com>
[ Upstream commit a2c0b0fbe01419f8f5d1c0b9c581631f34ffce8b ]
The alternatives code must be `noinstr` such that it does not patch itself,
as the cache invalidation is only performed after all the alternatives have
been applied.
Mark patch_alternative() as `noinstr`. Mark branch_insn_requires_update()
and get_alt_insn() with `__always_inline` since they are both only called
through patch_alternative().
Booting a kernel in QEMU TCG with KCSAN=y and ARM64_USE_LSE_ATOMICS=y caused
a boot hang:
[ 0.241121] CPU: All CPU(s) started at EL2
The alternatives code was patching the atomics in __tsan_read4() from LL/SC
atomics to LSE atomics.
The following fragment is using LL/SC atomics in the .text section:
| <__tsan_unaligned_read4+304>: ldxr x6, [x2]
| <__tsan_unaligned_read4+308>: add x6, x6, x5
| <__tsan_unaligned_read4+312>: stxr w7, x6, [x2]
| <__tsan_unaligned_read4+316>: cbnz w7, <__tsan_unaligned_read4+304>
This LL/SC atomic sequence was to be replaced with LSE atomics. However since
the alternatives code was instrumentable, __tsan_read4() was being called after
only the first instruction was replaced, which led to the following code in memory:
| <__tsan_unaligned_read4+304>: ldadd x5, x6, [x2]
| <__tsan_unaligned_read4+308>: add x6, x6, x5
| <__tsan_unaligned_read4+312>: stxr w7, x6, [x2]
| <__tsan_unaligned_read4+316>: cbnz w7, <__tsan_unaligned_read4+304>
This caused an infinite loop as the `stxr` instruction never completed successfully,
so `w7` was always 0.
Signed-off-by: Joey Gouly <joey.gouly@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20220405104733.11476-1-joey.gouly@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/alternative.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c
index 3fb79b76e9d9..7bbf5104b7b7 100644
--- a/arch/arm64/kernel/alternative.c
+++ b/arch/arm64/kernel/alternative.c
@@ -42,7 +42,7 @@ bool alternative_is_applied(u16 cpufeature)
/*
* Check if the target PC is within an alternative block.
*/
-static bool branch_insn_requires_update(struct alt_instr *alt, unsigned long pc)
+static __always_inline bool branch_insn_requires_update(struct alt_instr *alt, unsigned long pc)
{
unsigned long replptr = (unsigned long)ALT_REPL_PTR(alt);
return !(pc >= replptr && pc <= (replptr + alt->alt_len));
@@ -50,7 +50,7 @@ static bool branch_insn_requires_update(struct alt_instr *alt, unsigned long pc)
#define align_down(x, a) ((unsigned long)(x) & ~(((unsigned long)(a)) - 1))
-static u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnptr)
+static __always_inline u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnptr)
{
u32 insn;
@@ -95,7 +95,7 @@ static u32 get_alt_insn(struct alt_instr *alt, __le32 *insnptr, __le32 *altinsnp
return insn;
}
-static void patch_alternative(struct alt_instr *alt,
+static noinstr void patch_alternative(struct alt_instr *alt,
__le32 *origptr, __le32 *updptr, int nr_inst)
{
__le32 *replptr;
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-04-12 0:47 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-12 0:43 [PATCH AUTOSEL 5.17 01/49] KVM: PPC: Book3S HV P9: Fix "lost kick" race Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 02/49] drm/amd: Add USBC connector ID Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 03/49] btrfs: fix fallocate to use file_modified to update permissions consistently Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 04/49] btrfs: do not warn for free space inode in cow_file_range Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 05/49] drm/amdgpu: conduct a proper cleanup of PDB bo Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 06/49] drm/amdgpu/gmc: use PCI BARs for APUs in passthrough Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 07/49] drm/amd/display: fix audio format not updated after edid updated Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 08/49] drm/amd/display: FEC check in timing validation Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 09/49] drm/amd/display: Update VTEM Infopacket definition Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 10/49] drm/amdkfd: Fix Incorrect VMIDs passed to HWS Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 11/49] drm/amdgpu/vcn: improve vcn dpg stop procedure Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 12/49] drm/amdkfd: Check for potential null return of kmalloc_array() Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 13/49] Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 14/49] Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 15/49] PCI: hv: Propagate coherence from VMbus device to PCI device Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 16/49] Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 17/49] scsi: target: tcmu: Fix possible page UAF Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 18/49] scsi: lpfc: Improve PCI EEH Error and Recovery Handling Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 19/49] scsi: lpfc: Fix unload hang after back to back PCI EEH faults Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 20/49] scsi: lpfc: Fix queue failures when recovering from PCI parity error Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 21/49] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 22/49] net: micrel: fix KS8851_MLL Kconfig Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 23/49] ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 24/49] gpu: ipu-v3: Fix dev_dbg frequency output Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 25/49] regulator: wm8994: Add an off-on delay for WM8994 variant Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 26/49] Revert "ACPI: processor: idle: Only flush cache on entering C3" Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 27/49] static_call: Properly initialise DEFINE_STATIC_CALL_RET0() Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin [this message]
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 28/49] arm64: alternatives: mark patch_alternative() as `noinstr` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 29/49] tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 30/49] net: axienet: setup mdio unconditionally Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 31/49] Drivers: hv: balloon: Disable balloon and hot-add accordingly Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 32/49] net: usb: aqc111: Fix out-of-bounds accesses in RX fixup Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 33/49] myri10ge: fix an incorrect free for skb in myri10ge_sw_tso Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 34/49] spi: cadence-quadspi: fix protocol setup for non-1-1-X operations Sasha Levin
2022-04-12 11:49 ` Matthias Schiffer
2022-04-12 12:07 ` Mark Brown
2022-04-17 21:33 ` Sasha Levin
2022-04-19 13:15 ` Mark Brown
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 35/49] drm/amd/display: Correct Slice reset calculation Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 36/49] drm/amd/display: Enable power gating before init_pipes Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 37/49] drm/amd/display: Revert FEC check in validation Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 38/49] drm/amd/display: Fix allocate_mst_payload assert on resume Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 39/49] drbd: set QUEUE_FLAG_STABLE_WRITES Sasha Levin
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 40/49] powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit Sasha Levin
2022-04-12 0:43 ` Sasha Levin
2022-04-12 6:35 ` Michael Ellerman
2022-04-12 6:35 ` Michael Ellerman
2022-04-12 0:43 ` [PATCH AUTOSEL 5.17 41/49] scsi: mpt3sas: Fail reset operation if config request timed out Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 42/49] scsi: mvsas: Add PCI ID of RocketRaid 2640 Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 43/49] scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 44/49] drivers: net: slip: fix NPD bug in sl_tx_timeout() Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 45/49] x86,bpf: Avoid IBT objtool warning Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 46/49] io_uring: zero tag on rsrc removal Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 47/49] io_uring: use nospec annotation for more indexes Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 48/49] arm64: Add part number for Arm Cortex-A78AE Sasha Levin
2022-04-12 0:44 ` Sasha Levin
2022-04-12 0:44 ` [PATCH AUTOSEL 5.17 49/49] perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant Sasha Levin
2022-04-12 0:44 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220412004411.349427-28-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=joey.gouly@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=stable@vger.kernel.org \
--cc=tabba@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.