Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp3992599rwe; Tue, 30 Aug 2022 02:37:59 -0700 (PDT) X-Google-Smtp-Source: AA6agR5dDOyt5JfrD/u+CA6FxTN9JC/skHJTYK+6u8cZqyjfYcE6stHoK5Vcyx3h6MevdmgJgw/Z X-Received: by 2002:a05:6402:754:b0:448:4fbf:9fcb with SMTP id p20-20020a056402075400b004484fbf9fcbmr9020435edy.44.1661852279679; Tue, 30 Aug 2022 02:37:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661852279; cv=none; d=google.com; s=arc-20160816; b=BpNWZsVRPvQTF1BXZUVWDB1F3C15fjQHI8y8RehxDdwu3+HXxIWUk/nC+Hd9vtA6kg 9Z+zcul9aUH+L4zCLQvQAl2kgN6wa9MHghTPhCEhjwHVU3nI5Pp7FIpt4+15kn3faDzs J6iAZWIE30ZrzNMzCTrqkFb4kiysWbcdMKVGuCmNg017zxyoPdkJL7wIwajJ/FR/F44r 1x1YiwYNypAeKHefS1yeuZbyiRvepPBymHkccKptrduuL1C88eARB8hCSZY0ZR86nE5/ EwBDHkJcsa0L8IzkgNStzvaymhaq4cVU3LTgZHMKk/M7L0cXIlS89oD6cCcR2lRt6kAY mVCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:references:to:from:subject:cc :message-id:date:content-transfer-encoding:mime-version :dkim-signature; bh=ZsM+Pubh86dNJZPbNsb1xubr5PluY9cW5aAlTnyyxiM=; b=Ds6l6Sh4dKF8yr1mns1FMBS6EYYodHTPdzM+Fc8Uzc/28ciuPlSKw1DFG6UW+M/1DK kyNAoojCWaiCE9pTKyOHXyfmAjyjm7Wj5Z6X0kfdZi6+PhoCgUzvX6jYDhFU0EawDt1t 20NWkH/ULLl+DeGLVF6gfGwkSQ/XDSiF7r1m9UoOJAD43+nvFYFrHLai4NXbjGRQpmp0 4RkDCT5gptWqoznPeJPOwcO17goZGmdA9wJYtKT7L2XtZzu01KTUFKLLS+FhLLQlYPcL AVVumjiIKGnpNEeZ9hHpVHbWL585V16n4RXuQNCh2AaI+YafV3HnEt5KHrS14/yR8knB 30Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ksrEMwGo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gs6-20020a1709072d0600b0073d7884a3c8si8463329ejc.594.2022.08.30.02.37.34; Tue, 30 Aug 2022 02:37:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ksrEMwGo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230093AbiH3JBr (ORCPT + 99 others); Tue, 30 Aug 2022 05:01:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229716AbiH3JBq (ORCPT ); Tue, 30 Aug 2022 05:01:46 -0400 Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A28F89F1A6 for ; Tue, 30 Aug 2022 02:01:45 -0700 (PDT) Received: by mail-pl1-x62e.google.com with SMTP id j5so6596615plj.5 for ; Tue, 30 Aug 2022 02:01:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:from:to:cc; bh=ZsM+Pubh86dNJZPbNsb1xubr5PluY9cW5aAlTnyyxiM=; b=ksrEMwGox/KdS8tnvTJL1LuPVoMIKREyu/DU/fJRvdnheYItSIfp/iQzhq338blCNr eNRkBd60PyxI4prFnqg1qvB6eb8MU1U2tvgwskptoNmSL2oZGs22/tJmLIWeUJu8h8gl yMN5FHBHPyewwbe5irx28Cq7oN3zpeUMtvwR+YCpEaM1Gja/OG7QHDfaLxmqd14JDN0h XwR0xnKYyXP10vrC4ofLR/aUACg2Hr6GuJ/6hnEPe3YvTNS1DYrd5kkQh8Wi6HsW15kC 94Ok8a1MnYr8aBjMZU7S2c9sRXzPorWr8pD9RBk9CqwOG7gIVrVq94t1gMUuBFNo5T2I erKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:x-gm-message-state:from:to :cc; bh=ZsM+Pubh86dNJZPbNsb1xubr5PluY9cW5aAlTnyyxiM=; b=idKVhcWYnWPJck6OkmVdeRc7sgrAspvRctWGadzaLQS2+tbrC4f/89FlREp7FhpmJT 6CeEeiCj+s9ck9cth6HRNqmr1Nwe0UgsYUYVYZNR80ATrgtmf3XvGO74H92jC5g9/4lC xoanOQqhbeUPLRvipY62RWVxIf202PXfhNGF5ibQtQZ5vswJxnEJj/2qgMY5FM0oBf5s BqlCWErv8HvN0gMqbZGvG43Boej1U3If6aimbWxvMFqYi03YuxDKesHf8beAnJXyg5U+ aKKtHQmU/RHsfu4dufjnkfApOgwclRPEM9ifwfFDGbKGyoVhl+udCwiGCvPGuN4m6VKq 7adA== X-Gm-Message-State: ACgBeo1OvIoz7f02whSELJSTj2kX0B2ko8algrRIz+0y5Ctf3+79q4E0 KqjcPH3jmFuMjgdwSU8xlUTj789FFac= X-Received: by 2002:a17:902:70c6:b0:173:c64:c03b with SMTP id l6-20020a17090270c600b001730c64c03bmr19752192plt.34.1661850105106; Tue, 30 Aug 2022 02:01:45 -0700 (PDT) Received: from localhost (110-175-65-113.tpgi.com.au. [110.175.65.113]) by smtp.gmail.com with ESMTPSA id a13-20020a170902b58d00b00172f4835f60sm8974438pls.189.2022.08.30.02.01.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Aug 2022 02:01:44 -0700 (PDT) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 30 Aug 2022 19:01:39 +1000 Message-Id: Cc: "linux-kernel@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" , "Zhouyi Zhou" Subject: Re: [PATCH v2] powerpc: Fix irq_soft_mask_set() and irq_soft_mask_return() with sanitizer From: "Nicholas Piggin" To: "Christophe Leroy" , "Michael Ellerman" , "Segher Boessenkool" X-Mailer: aerc 0.11.0 References: In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue Aug 30, 2022 at 3:24 PM AEST, Christophe Leroy wrote: > > > Le 30/08/2022 =C3=A0 07:15, Nicholas Piggin a =C3=A9crit=C2=A0: > > On Wed Aug 24, 2022 at 2:39 AM AEST, Christophe Leroy wrote: > >> In ppc, compiler based sanitizer will generate instrument instructions > >> around statement WRITE_ONCE(local_paca->irq_soft_mask, mask): > >> > > [...] > > >> > >> If there is a context switch before "stb r9,2354(r31)", r31 may > >> not equal to r13, in such case, irq soft mask will not work. > >> > >> The same problem occurs in irq_soft_mask_return() with > >> READ_ONCE(local_paca->irq_soft_mask). > >=20 > > WRITE_ONCE doesn't require address generation to be atomic with the > > store so this is a bug without sanitizer too. I have seen gcc put r13 > > into a nvgpr before. > >=20 > > READ_ONCE maybe could be argued is safe in this case because data > > could be stale when you use it anyway, but pointless and risky > > in some cases (imagine cpu offline -> store poison value to irq soft > > mask. > >=20 > >> This patch partially reverts commit ef5b570d3700 ("powerpc/irq: Don't > >> open code irq_soft_mask helpers") with a more modern inline assembly. > >> > >> Reported-by: Zhouyi Zhou > >> Fixes: ef5b570d3700 ("powerpc/irq: Don't open code irq_soft_mask helpe= rs") > >> Signed-off-by: Christophe Leroy > >> --- > >> v2: Use =3Dm constraint for stb instead of m constraint > >> --- > >> arch/powerpc/include/asm/hw_irq.h | 9 ++++++--- > >> 1 file changed, 6 insertions(+), 3 deletions(-) > >> > >> diff --git a/arch/powerpc/include/asm/hw_irq.h b/arch/powerpc/include/= asm/hw_irq.h > >> index 26ede09c521d..815420988ef3 100644 > >> --- a/arch/powerpc/include/asm/hw_irq.h > >> +++ b/arch/powerpc/include/asm/hw_irq.h > >> @@ -113,7 +113,11 @@ static inline void __hard_RI_enable(void) > >> =20 > >> static inline notrace unsigned long irq_soft_mask_return(void) > >> { > >> - return READ_ONCE(local_paca->irq_soft_mask); > >> + unsigned long flags; > >> + > >> + asm volatile("lbz%X1 %0,%1" : "=3Dr" (flags) : "m" (local_paca->irq_= soft_mask)); > >> + > >> + return flags; > >> } > >> =20 > >> /* > >> @@ -140,8 +144,7 @@ static inline notrace void irq_soft_mask_set(unsig= ned long mask) > >> if (IS_ENABLED(CONFIG_PPC_IRQ_SOFT_MASK_DEBUG)) > >> WARN_ON(mask && !(mask & IRQS_DISABLED)); > >> =20 > >> - WRITE_ONCE(local_paca->irq_soft_mask, mask); > >> - barrier(); > >> + asm volatile("stb%X0 %1,%0" : "=3Dm" (local_paca->irq_soft_mask) : "= r" (mask) : "memory"); > >=20 > > This is still slightly concerning to me. Is there any guarantee that th= e > > compiler would not use a different sequence for the address here? > >=20 > > Maybe explicit r13 is required. > >=20 > > local_paca is defined as: > > register struct paca_struct *local_paca asm("r13"); > > Why would the compiler use another register ? Hopefully it doesn't. Is it guaranteed that it won't? > If so, do we also have an=20 > issue with the use of current_stack_pointer in irq.c ? What problems do you think it might have? I think it may be okay because we're only using it to check what stack we are using so doesn't really matter what value it is when we sample it. The overflow check similarly probably doesn't matter the exact value. > Segher ? I'm sure Segher will be delighted with the creative asm in __do_IRQ and call_do_irq :) *Grabs popcorn* Thanks, Nick