[PATCH v5 05/27] arm64: Use daifflag_restore after bp_hardening

[PATCH v5 00/27] arm64: provide pseudo NMI with GICv3 · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 01/27] arm64: cpufeature: Set SYSREG_GIC_CPUIF as a boot system feature · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 01/27] arm64: cpufeature: Set SYSREG_GIC_CPUIF as a boot system feature · Marc Zyngier <hidden> · 2018-09-21
[PATCH v5 01/27] arm64: cpufeature: Set SYSREG_GIC_CPUIF as a boot system feature · Yao Lihua <hidden> · 2018-09-25
Re: [PATCH v5 01/27] arm64: cpufeature: Set SYSREG_GIC_CPUIF as a boot system feature · Marc Zyngier <hidden> · 2018-09-25
[PATCH v5 01/27] arm64: cpufeature: Set SYSREG_GIC_CPUIF as a boot system feature · Yao Lihua <hidden> · 2018-09-25
[PATCH v5 02/27] arm64: cpufeature: Use alternatives for VHE cpu_enable · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 02/27] arm64: cpufeature: Use alternatives for VHE cpu_enable · James Morse <james.morse@arm.com> · 2018-09-12
Re: [PATCH v5 02/27] arm64: cpufeature: Use alternatives for VHE cpu_enable · Julien Thierry <hidden> · 2018-09-12
Re: [PATCH v5 02/27] arm64: cpufeature: Use alternatives for VHE cpu_enable · James Morse <james.morse@arm.com> · 2018-09-18
Re: [PATCH v5 02/27] arm64: cpufeature: Use alternatives for VHE cpu_enable · Suzuki K Poulose <Suzuki.Poulose@arm.com> · 2018-09-12
[PATCH v5 03/27] arm64: alternative: Apply alternatives early in boot process · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 03/27] arm64: alternative: Apply alternatives early in boot process · James Morse <james.morse@arm.com> · 2018-09-12
Re: [PATCH v5 03/27] arm64: alternative: Apply alternatives early in boot process · Julien Thierry <hidden> · 2018-09-12
Re: [PATCH v5 03/27] arm64: alternative: Apply alternatives early in boot process · Daniel Thompson <hidden> · 2018-09-17
Re: [PATCH v5 03/27] arm64: alternative: Apply alternatives early in boot process · Julien Thierry <hidden> · 2018-09-18
Re: [PATCH v5 03/27] arm64: alternative: Apply alternatives early in boot process · James Morse <james.morse@arm.com> · 2018-09-18
Re: [PATCH v5 03/27] arm64: alternative: Apply alternatives early in boot process · Marc Zyngier <hidden> · 2018-09-21
[PATCH v5 04/27] arm64: daifflags: Use irqflags functions for daifflags · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 04/27] arm64: daifflags: Use irqflags functions for daifflags · James Morse <james.morse@arm.com> · 2018-09-12
Re: [PATCH v5 04/27] arm64: daifflags: Use irqflags functions for daifflags · Catalin Marinas <catalin.marinas@arm.com> · 2018-10-03
[PATCH v5 05/27] arm64: Use daifflag_restore after bp_hardening · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 05/27] arm64: Use daifflag_restore after bp_hardening · James Morse <james.morse@arm.com> · 2018-09-12
Re: [PATCH v5 05/27] arm64: Use daifflag_restore after bp_hardening · Julien Thierry <hidden> · 2018-09-12
Re: [PATCH v5 05/27] arm64: Use daifflag_restore after bp_hardening · James Morse <james.morse@arm.com> · 2018-09-12
Re: [PATCH v5 05/27] arm64: Use daifflag_restore after bp_hardening · Julien Thierry <hidden> · 2018-09-12
Re: [PATCH v5 05/27] arm64: Use daifflag_restore after bp_hardening · Catalin Marinas <catalin.marinas@arm.com> · 2018-10-03
[PATCH v5 06/27] arm64: Delay daif masking for user return · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 06/27] arm64: Delay daif masking for user return · James Morse <james.morse@arm.com> · 2018-09-12
Re: [PATCH v5 06/27] arm64: Delay daif masking for user return · Julien Thierry <hidden> · 2018-09-12
[PATCH v5 07/27] arm64: xen: Use existing helper to check interrupt status · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 07/27] arm64: xen: Use existing helper to check interrupt status · Stefano Stabellini <sstabellini@kernel.org> · 2018-08-29
Re: [PATCH v5 07/27] arm64: xen: Use existing helper to check interrupt status · Catalin Marinas <catalin.marinas@arm.com> · 2018-10-03
[PATCH v5 08/27] irqchip/gic: Unify GIC priority definitions · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 08/27] irqchip/gic: Unify GIC priority definitions · Marc Zyngier <hidden> · 2018-10-03
[PATCH v5 09/27] irqchip/gic: Lower priority of GIC interrupts · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 10/27] arm64: cpufeature: Add cpufeature for IRQ priority masking · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 11/27] arm64: Make PMR part of task context · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 12/27] arm64: Unmask PMR before going idle · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 13/27] arm/arm64: gic-v3: Add helper functions to manage IRQ priorities · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 14/27] arm64: kvm: Unmask PMR before entering guest · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 15/27] arm64: irqflags: Use ICC_PMR_EL1 for interrupt masking · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 15/27] arm64: irqflags: Use ICC_PMR_EL1 for interrupt masking · Julien Thierry <hidden> · 2018-09-21
Re: [PATCH v5 15/27] arm64: irqflags: Use ICC_PMR_EL1 for interrupt masking · Julien Thierry <hidden> · 2018-09-21
[PATCH v5 16/27] arm64: daifflags: Include PMR in daifflags restore operations · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 17/27] irqchip/gic-v3: Factor group0 detection into functions · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 18/27] irqchip/gic-v3: Do not overwrite PMR value · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 19/27] irqchip/gic-v3: Remove acknowledge loop · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 19/27] irqchip/gic-v3: Remove acknowledge loop · Marc Zyngier <hidden> · 2018-10-03
[PATCH v5 20/27] irqchip/gic-v3: Switch to PMR masking after IRQ acknowledge · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 21/27] arm64: Switch to PMR masking when starting CPUs · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 22/27] arm64: Add build option for IRQ masking via priority · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 23/27] arm64: Handle serror in NMI context · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 24/27] irqchip/gic-v3: Detect current view of GIC priorities · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 25/27] irqchip/gic-v3: Add base support for pseudo-NMI · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 27/27] irqchip/gic-v3: Allow interrupts to be set as pseudo-NMI · Julien Thierry <hidden> · 2018-08-28
[PATCH v5 26/27] irqchip/gic: Add functions to access irq priorities · Julien Thierry <hidden> · 2018-08-28
Re: [PATCH v5 00/27] arm64: provide pseudo NMI with GICv3 · Daniel Thompson <hidden> · 2018-08-29
Re: [PATCH v5 00/27] arm64: provide pseudo NMI with GICv3 · Julien Thierry <hidden> · 2018-08-29

From: Julien Thierry <hidden>
Date: 2018-09-12 13:03:49
Also in: lkml

On 12/09/18 13:28, James Morse wrote:

On 12/09/18 12:11, Julien Thierry wrote:

quoted

On 12/09/18 11:32, James Morse wrote:

quoted

On 28/08/18 16:51, Julien Thierry wrote:

quoted

For EL0 entries requiring bp_hardening, daif status is kept at
DAIF_PROCCTX_NOIRQ until after hardening has been done. Then interrupts
are enabled through local_irq_enable().

Before using local_irq_* functions, daifflags should be properly restored
to a state where IRQs are enabled.

quoted

Enable IRQs by restoring DAIF_PROCCTX state after bp hardening.

Is this just for symmetry, or are you going on to add something to the daifflags
state that local_irq_* functions won't change? (if so, could you allude to that
in the commit message)

quoted

What happens is that once we use ICC_PMR_EL1, local_irq_enable will not touch
PSR.I. And we are coming back from an entry where PSR.I was kept to 1 so
local_irq_enable was not actually enabling the interrupts. On the otherhand,
restore will affect both.

Got it. Thanks!

Does this mean stop_machine()s local_save_flags()/local_irq_restore() will not
be symmetric around __apply_alternatives_multi_stop()?
I see you add alternatives in these in patch 15, but I haven't got that far yet)

It's a good point but it should be fine.
The changes to the irqflags make save/restore takes everything into 
consideration (PMR + PSR.I) because of situtations like this, 
enable/disable only toggle the PMR (so the goal is to not have PSR.I set 
before reaching path calling enable/disable).
Maybe I should add a comment for this in asm/irqflags.f when I add the 
alternatives, so that at least arch code can be wary of this.

quoted

Another option is to have the asm macro "enable_da_f" also switch to PMR usage
(i.e. "just keep normal interrupts disabled"). Overall it would probably be
easier to reason with, but I'm just unsure whether it is acceptable to receive a
Pseudo NMI before having applied the bp_hardening.

Wouldn't this give the interrupt controller a headache? I assume IRQs really are
masked when handle_arch_irq is called. (I know nothing about the gic)

Yes, you're right, I missed that da_f gets unmasked right before the 
irq_handler... So unless I do some special case for irqs, enable_da_f is 
not the way to go.

Thanks,

-- 
Julien Thierry

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help