Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
From:   Lecopzer Chen <lecopzer.chen@mediatek.com>
To:     <linux@armlinux.org.uk>
CC:     <akpm@linux-foundation.org>, <bigeasy@linutronix.de>,
        <gregkh@linuxfoundation.org>, <lecopzer.chen@mediatek.com>,
        <linux-arm-kernel@lists.infradead.org>,
        <linux-kernel@vger.kernel.org>, <marc.zyngier@arm.com>,
        <peterx@redhat.com>, <rppt@kernel.org>, <tglx@linutronix.de>,
        <walken@google.com>, <yj.chiang@mediatek.com>
Subject: Re: [PATCH] ARM: mm: harden branch predictor before opening interrupts during fault
Date:   Wed, 27 Jan 2021 00:03:03 +0800
Message-ID: <20210126160303.16157-1-lecopzer.chen@mediatek.com>
In-Reply-To: <20210126152916.GJ1551@shell.armlinux.org.uk>
References: <20210126152916.GJ1551@shell.armlinux.org.uk>
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk

> On Tue, Jan 26, 2021 at 11:01:50PM +0800, Lecopzer Chen wrote:
> > > On 2021-01-26 10:59:32 [+0000], Russell King - ARM Linux admin wrote:
> > > > On Tue, Jan 26, 2021 at 05:17:08PM +0800, Lecopzer Chen wrote:
> > > > > Hi all,
> > > > > 
> > > > > I don't see any fix for this issue now(maybe I missed it..?),
> > > > > could we fix this if there is better solution?
> > > > > This issue exists almost two years.
> > > > 
> > > > I don't think anyone provided an acceptable patch.
> > > > 
> > > > The first patch moved the hardening out of the translation/section
> > > > fault handling. Since the kernel is mapped with sections, these
> > > > are above TASK_SIZE, and the whole point of the branch prediction
> > > > hardening is to prevent the prediction in the kernel being exploited,
> > > > missing the hardening effectively makes the mitigation useless.
> > > > 
> > > > The discussion in February 2019 never concluded from what I can see.
> > > 
> > > My memory is that I never got a reply which I understood.
> > > Let me try again this week with the information above.
> > 
> > 
> > NOTE:
> > Before sending this mail, I had searched the relative threads and
> > there are two solutions in general:
> >     1. Add get_pcpu()/put_cpu() https://lkml.org/lkml/2019/6/3/426
> >        Reject by Marc:
> >        > The right fix would be to move the call to a point where we haven't
> >        > enabled preemption yet.
> > 
> >     2. Move out like the patch from Sebastian:
> >        This seems follow the concept of 1.
> >        (move the call to a point where we haven't enabled preemption yet).
> >        But I can't find any reply in the thread.
> > 
> > Now the CONFIG_HARDEN_BRANCH_PREDICTOR has already backported to LTS,
> > and after upgrading ARM CONFIG_CPU_V7 products to latest LTS, the
> > CONFIG_HARDEN_BRANCH_PREDICTOR will be default y and this issue makes
> > our devices panic and we have to either disable HARDEN_BRANCH_PREDICTOR
> > or hack in-house to avoid the kernel panic.
> 
> It does _not_ cause the kernel to panic, ever. A kernel panic takes
> out the system. This is not the case here.
> 
> It merely causes a noisy message to be emitted in the kernel log, and
> the system survives. That is way more preferable than breaking the
> effect of branch predictor hardening.
> 
> If it is taking out your kernel with a real panic, then there is
> something wrong elsewhere - and this is _not_ something that should
> be happening during normal system operation.

Oh, yes, you're right;

After reread the panic log, our panic happened because
-> invalid userspace memory access
-> debug_preempt log
-> the program seg fault
-> main service need the program but it crash
-> panic

Sorry for wrong information and thanks a lot for the correctness.
I think I have to see why the in-house hacking is working...

Thanks!!

BRs,
Lecopzer