Commit 3bb61aa6 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "I'm sad to say that we've got an unusually large arm64 fixes pull for
  rc7 which addresses numerous significant instrumentation issues with
  our entry code.

  Without these patches, lockdep is hopelessly unreliable in some
  configurations [1,2] and syzkaller is therefore not a lot of use
  because it's so noisy.

  Although much of this has always been broken, it appears to have been
  exposed more readily by other changes such as 044d0d6d ("lockdep:
  Only trace IRQ edges") and general lockdep improvements around IRQ
  tracing and NMIs.

  Fixing this properly required moving much of the instrumentation hooks
  from our entry assembly into C, which Mark has been working on for the
  last few weeks. We're not quite ready to move to the recently added
  generic functions yet, but the code here has been deliberately written
  to mimic that closely so we can look at cleaning things up once we
  have a bit more breathing room.

  Having said all that, the second version of these patches was posted
  last week and I pushed it into our CI (kernelci and cki) along with a
  commit which forced on PROVE_LOCKING, NOHZ_FULL and
  CONTEXT_TRACKING_FORCE. The result? We found a real bug in the
  md/raid10 code [3].

  Oh, and there's also a really silly typo patch that's unrelated.

  Summary:

   - Fix numerous issues with instrumentation and exception entry

   - Fix hideous typo in unused register field definition"

[1] https://lore.kernel.org/r/CACT4Y+aAzoJ48Mh1wNYD17pJqyEcDnrxGfApir=-j171TnQXhw@mail.gmail.com
[2] https://lore.kernel.org/r/20201119193819.GA2601289@elver.google.com
[3] https://lore.kernel.org/r/94c76d5e-466a-bc5f-e6c2-a11b65c39f83@redhat.com

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: mte: Fix typo in macro definition
  arm64: entry: fix EL1 debug transitions
  arm64: entry: fix NMI {user, kernel}->kernel transitions
  arm64: entry: fix non-NMI kernel<->kernel transitions
  arm64: ptrace: prepare for EL1 irq/rcu tracking
  arm64: entry: fix non-NMI user<->kernel transitions
  arm64: entry: move el1 irq/nmi logic to C
  arm64: entry: prepare ret_to_user for function call
  arm64: entry: move enter_from_user_mode to entry-common.c
  arm64: entry: mark entry code as noinstr
  arm64: mark idle code as noinstr
  arm64: syscall: exit userspace before unmasking exceptions
parents 2c6ffa9e 9e5344e0
...@@ -128,6 +128,9 @@ static inline void local_daif_inherit(struct pt_regs *regs) ...@@ -128,6 +128,9 @@ static inline void local_daif_inherit(struct pt_regs *regs)
{ {
unsigned long flags = regs->pstate & DAIF_MASK; unsigned long flags = regs->pstate & DAIF_MASK;
if (interrupts_enabled(regs))
trace_hardirqs_on();
/* /*
* We can't use local_daif_restore(regs->pstate) here as * We can't use local_daif_restore(regs->pstate) here as
* system_has_prio_mask_debugging() won't restore the I bit if it can * system_has_prio_mask_debugging() won't restore the I bit if it can
......
...@@ -31,7 +31,12 @@ static inline u32 disr_to_esr(u64 disr) ...@@ -31,7 +31,12 @@ static inline u32 disr_to_esr(u64 disr)
return esr; return esr;
} }
asmlinkage void noinstr enter_el1_irq_or_nmi(struct pt_regs *regs);
asmlinkage void noinstr exit_el1_irq_or_nmi(struct pt_regs *regs);
asmlinkage void enter_from_user_mode(void); asmlinkage void enter_from_user_mode(void);
asmlinkage void exit_to_user_mode(void);
void arm64_enter_nmi(struct pt_regs *regs);
void arm64_exit_nmi(struct pt_regs *regs);
void do_mem_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs); void do_mem_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs);
void do_undefinstr(struct pt_regs *regs); void do_undefinstr(struct pt_regs *regs);
void do_bti(struct pt_regs *regs); void do_bti(struct pt_regs *regs);
......
...@@ -193,6 +193,10 @@ struct pt_regs { ...@@ -193,6 +193,10 @@ struct pt_regs {
/* Only valid when ARM64_HAS_IRQ_PRIO_MASKING is enabled. */ /* Only valid when ARM64_HAS_IRQ_PRIO_MASKING is enabled. */
u64 pmr_save; u64 pmr_save;
u64 stackframe[2]; u64 stackframe[2];
/* Only valid for some EL1 exceptions. */
u64 lockdep_hardirqs;
u64 exit_rcu;
}; };
static inline bool in_syscall(struct pt_regs const *regs) static inline bool in_syscall(struct pt_regs const *regs)
......
...@@ -987,7 +987,7 @@ ...@@ -987,7 +987,7 @@
#define SYS_TFSR_EL1_TF0_SHIFT 0 #define SYS_TFSR_EL1_TF0_SHIFT 0
#define SYS_TFSR_EL1_TF1_SHIFT 1 #define SYS_TFSR_EL1_TF1_SHIFT 1
#define SYS_TFSR_EL1_TF0 (UL(1) << SYS_TFSR_EL1_TF0_SHIFT) #define SYS_TFSR_EL1_TF0 (UL(1) << SYS_TFSR_EL1_TF0_SHIFT)
#define SYS_TFSR_EL1_TF1 (UK(2) << SYS_TFSR_EL1_TF1_SHIFT) #define SYS_TFSR_EL1_TF1 (UL(1) << SYS_TFSR_EL1_TF1_SHIFT)
/* Safe value for MPIDR_EL1: Bit31:RES1, Bit30:U:0, Bit24:MT:0 */ /* Safe value for MPIDR_EL1: Bit31:RES1, Bit30:U:0, Bit24:MT:0 */
#define SYS_MPIDR_SAFE_VAL (BIT(31)) #define SYS_MPIDR_SAFE_VAL (BIT(31))
......
This diff is collapsed.
...@@ -30,18 +30,18 @@ ...@@ -30,18 +30,18 @@
#include <asm/unistd.h> #include <asm/unistd.h>
/* /*
* Context tracking subsystem. Used to instrument transitions * Context tracking and irqflag tracing need to instrument transitions between
* between user and kernel mode. * user and kernel mode.
*/ */
.macro ct_user_exit_irqoff .macro user_exit_irqoff
#ifdef CONFIG_CONTEXT_TRACKING #if defined(CONFIG_CONTEXT_TRACKING) || defined(CONFIG_TRACE_IRQFLAGS)
bl enter_from_user_mode bl enter_from_user_mode
#endif #endif
.endm .endm
.macro ct_user_enter .macro user_enter_irqoff
#ifdef CONFIG_CONTEXT_TRACKING #if defined(CONFIG_CONTEXT_TRACKING) || defined(CONFIG_TRACE_IRQFLAGS)
bl context_tracking_user_enter bl exit_to_user_mode
#endif #endif
.endm .endm
...@@ -298,9 +298,6 @@ alternative_if ARM64_HAS_IRQ_PRIO_MASKING ...@@ -298,9 +298,6 @@ alternative_if ARM64_HAS_IRQ_PRIO_MASKING
alternative_else_nop_endif alternative_else_nop_endif
ldp x21, x22, [sp, #S_PC] // load ELR, SPSR ldp x21, x22, [sp, #S_PC] // load ELR, SPSR
.if \el == 0
ct_user_enter
.endif
#ifdef CONFIG_ARM64_SW_TTBR0_PAN #ifdef CONFIG_ARM64_SW_TTBR0_PAN
alternative_if_not ARM64_HAS_PAN alternative_if_not ARM64_HAS_PAN
...@@ -637,16 +634,8 @@ SYM_CODE_START_LOCAL_NOALIGN(el1_irq) ...@@ -637,16 +634,8 @@ SYM_CODE_START_LOCAL_NOALIGN(el1_irq)
gic_prio_irq_setup pmr=x20, tmp=x1 gic_prio_irq_setup pmr=x20, tmp=x1
enable_da_f enable_da_f
#ifdef CONFIG_ARM64_PSEUDO_NMI mov x0, sp
test_irqs_unmasked res=x0, pmr=x20 bl enter_el1_irq_or_nmi
cbz x0, 1f
bl asm_nmi_enter
1:
#endif
#ifdef CONFIG_TRACE_IRQFLAGS
bl trace_hardirqs_off
#endif
irq_handler irq_handler
...@@ -665,26 +654,8 @@ alternative_else_nop_endif ...@@ -665,26 +654,8 @@ alternative_else_nop_endif
1: 1:
#endif #endif
#ifdef CONFIG_ARM64_PSEUDO_NMI mov x0, sp
/* bl exit_el1_irq_or_nmi
* When using IRQ priority masking, we can get spurious interrupts while
* PMR is set to GIC_PRIO_IRQOFF. An NMI might also have occurred in a
* section with interrupts disabled. Skip tracing in those cases.
*/
test_irqs_unmasked res=x0, pmr=x20
cbz x0, 1f
bl asm_nmi_exit
1:
#endif
#ifdef CONFIG_TRACE_IRQFLAGS
#ifdef CONFIG_ARM64_PSEUDO_NMI
test_irqs_unmasked res=x0, pmr=x20
cbnz x0, 1f
#endif
bl trace_hardirqs_on
1:
#endif
kernel_exit 1 kernel_exit 1
SYM_CODE_END(el1_irq) SYM_CODE_END(el1_irq)
...@@ -726,21 +697,14 @@ SYM_CODE_START_LOCAL_NOALIGN(el0_irq) ...@@ -726,21 +697,14 @@ SYM_CODE_START_LOCAL_NOALIGN(el0_irq)
kernel_entry 0 kernel_entry 0
el0_irq_naked: el0_irq_naked:
gic_prio_irq_setup pmr=x20, tmp=x0 gic_prio_irq_setup pmr=x20, tmp=x0
ct_user_exit_irqoff user_exit_irqoff
enable_da_f enable_da_f
#ifdef CONFIG_TRACE_IRQFLAGS
bl trace_hardirqs_off
#endif
tbz x22, #55, 1f tbz x22, #55, 1f
bl do_el0_irq_bp_hardening bl do_el0_irq_bp_hardening
1: 1:
irq_handler irq_handler
#ifdef CONFIG_TRACE_IRQFLAGS
bl trace_hardirqs_on
#endif
b ret_to_user b ret_to_user
SYM_CODE_END(el0_irq) SYM_CODE_END(el0_irq)
...@@ -759,7 +723,7 @@ SYM_CODE_START_LOCAL(el0_error) ...@@ -759,7 +723,7 @@ SYM_CODE_START_LOCAL(el0_error)
el0_error_naked: el0_error_naked:
mrs x25, esr_el1 mrs x25, esr_el1
gic_prio_kentry_setup tmp=x2 gic_prio_kentry_setup tmp=x2
ct_user_exit_irqoff user_exit_irqoff
enable_dbg enable_dbg
mov x0, sp mov x0, sp
mov x1, x25 mov x1, x25
...@@ -774,13 +738,17 @@ SYM_CODE_END(el0_error) ...@@ -774,13 +738,17 @@ SYM_CODE_END(el0_error)
SYM_CODE_START_LOCAL(ret_to_user) SYM_CODE_START_LOCAL(ret_to_user)
disable_daif disable_daif
gic_prio_kentry_setup tmp=x3 gic_prio_kentry_setup tmp=x3
ldr x1, [tsk, #TSK_TI_FLAGS] #ifdef CONFIG_TRACE_IRQFLAGS
and x2, x1, #_TIF_WORK_MASK bl trace_hardirqs_off
#endif
ldr x19, [tsk, #TSK_TI_FLAGS]
and x2, x19, #_TIF_WORK_MASK
cbnz x2, work_pending cbnz x2, work_pending
finish_ret_to_user: finish_ret_to_user:
user_enter_irqoff
/* Ignore asynchronous tag check faults in the uaccess routines */ /* Ignore asynchronous tag check faults in the uaccess routines */
clear_mte_async_tcf clear_mte_async_tcf
enable_step_tsk x1, x2 enable_step_tsk x19, x2
#ifdef CONFIG_GCC_PLUGIN_STACKLEAK #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
bl stackleak_erase bl stackleak_erase
#endif #endif
...@@ -791,11 +759,9 @@ finish_ret_to_user: ...@@ -791,11 +759,9 @@ finish_ret_to_user:
*/ */
work_pending: work_pending:
mov x0, sp // 'regs' mov x0, sp // 'regs'
mov x1, x19
bl do_notify_resume bl do_notify_resume
#ifdef CONFIG_TRACE_IRQFLAGS ldr x19, [tsk, #TSK_TI_FLAGS] // re-check for single-step
bl trace_hardirqs_on // enabled while in userspace
#endif
ldr x1, [tsk, #TSK_TI_FLAGS] // re-check for single-step
b finish_ret_to_user b finish_ret_to_user
SYM_CODE_END(ret_to_user) SYM_CODE_END(ret_to_user)
......
...@@ -67,18 +67,3 @@ void __init init_IRQ(void) ...@@ -67,18 +67,3 @@ void __init init_IRQ(void)
local_daif_restore(DAIF_PROCCTX_NOIRQ); local_daif_restore(DAIF_PROCCTX_NOIRQ);
} }
} }
/*
* Stubs to make nmi_enter/exit() code callable from ASM
*/
asmlinkage void notrace asm_nmi_enter(void)
{
nmi_enter();
}
NOKPROBE_SYMBOL(asm_nmi_enter);
asmlinkage void notrace asm_nmi_exit(void)
{
nmi_exit();
}
NOKPROBE_SYMBOL(asm_nmi_exit);
...@@ -72,13 +72,13 @@ EXPORT_SYMBOL_GPL(pm_power_off); ...@@ -72,13 +72,13 @@ EXPORT_SYMBOL_GPL(pm_power_off);
void (*arm_pm_restart)(enum reboot_mode reboot_mode, const char *cmd); void (*arm_pm_restart)(enum reboot_mode reboot_mode, const char *cmd);
static void __cpu_do_idle(void) static void noinstr __cpu_do_idle(void)
{ {
dsb(sy); dsb(sy);
wfi(); wfi();
} }
static void __cpu_do_idle_irqprio(void) static void noinstr __cpu_do_idle_irqprio(void)
{ {
unsigned long pmr; unsigned long pmr;
unsigned long daif_bits; unsigned long daif_bits;
...@@ -108,7 +108,7 @@ static void __cpu_do_idle_irqprio(void) ...@@ -108,7 +108,7 @@ static void __cpu_do_idle_irqprio(void)
* ensure that interrupts are not masked at the PMR (because the core will * ensure that interrupts are not masked at the PMR (because the core will
* not wake up if we block the wake up signal in the interrupt controller). * not wake up if we block the wake up signal in the interrupt controller).
*/ */
void cpu_do_idle(void) void noinstr cpu_do_idle(void)
{ {
if (system_uses_irq_prio_masking()) if (system_uses_irq_prio_masking())
__cpu_do_idle_irqprio(); __cpu_do_idle_irqprio();
...@@ -119,7 +119,7 @@ void cpu_do_idle(void) ...@@ -119,7 +119,7 @@ void cpu_do_idle(void)
/* /*
* This is our default idle handler. * This is our default idle handler.
*/ */
void arch_cpu_idle(void) void noinstr arch_cpu_idle(void)
{ {
/* /*
* This should do all the clock switching and wait for interrupt * This should do all the clock switching and wait for interrupt
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include <linux/uaccess.h> #include <linux/uaccess.h>
#include <asm/alternative.h> #include <asm/alternative.h>
#include <asm/exception.h>
#include <asm/kprobes.h> #include <asm/kprobes.h>
#include <asm/mmu.h> #include <asm/mmu.h>
#include <asm/ptrace.h> #include <asm/ptrace.h>
...@@ -223,16 +224,16 @@ static __kprobes unsigned long _sdei_handler(struct pt_regs *regs, ...@@ -223,16 +224,16 @@ static __kprobes unsigned long _sdei_handler(struct pt_regs *regs,
} }
asmlinkage __kprobes notrace unsigned long asmlinkage noinstr unsigned long
__sdei_handler(struct pt_regs *regs, struct sdei_registered_event *arg) __sdei_handler(struct pt_regs *regs, struct sdei_registered_event *arg)
{ {
unsigned long ret; unsigned long ret;
nmi_enter(); arm64_enter_nmi(regs);
ret = _sdei_handler(regs, arg); ret = _sdei_handler(regs, arg);
nmi_exit(); arm64_exit_nmi(regs);
return ret; return ret;
} }
...@@ -121,7 +121,6 @@ static void el0_svc_common(struct pt_regs *regs, int scno, int sc_nr, ...@@ -121,7 +121,6 @@ static void el0_svc_common(struct pt_regs *regs, int scno, int sc_nr,
cortex_a76_erratum_1463225_svc_handler(); cortex_a76_erratum_1463225_svc_handler();
local_daif_restore(DAIF_PROCCTX); local_daif_restore(DAIF_PROCCTX);
user_exit();
if (system_supports_mte() && (flags & _TIF_MTE_ASYNC_FAULT)) { if (system_supports_mte() && (flags & _TIF_MTE_ASYNC_FAULT)) {
/* /*
......
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
#include <asm/daifflags.h> #include <asm/daifflags.h>
#include <asm/debug-monitors.h> #include <asm/debug-monitors.h>
#include <asm/esr.h> #include <asm/esr.h>
#include <asm/exception.h>
#include <asm/extable.h> #include <asm/extable.h>
#include <asm/insn.h> #include <asm/insn.h>
#include <asm/kprobes.h> #include <asm/kprobes.h>
...@@ -753,8 +754,10 @@ const char *esr_get_class_string(u32 esr) ...@@ -753,8 +754,10 @@ const char *esr_get_class_string(u32 esr)
* bad_mode handles the impossible case in the exception vector. This is always * bad_mode handles the impossible case in the exception vector. This is always
* fatal. * fatal.
*/ */
asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr) asmlinkage void notrace bad_mode(struct pt_regs *regs, int reason, unsigned int esr)
{ {
arm64_enter_nmi(regs);
console_verbose(); console_verbose();
pr_crit("Bad mode in %s handler detected on CPU%d, code 0x%08x -- %s\n", pr_crit("Bad mode in %s handler detected on CPU%d, code 0x%08x -- %s\n",
...@@ -786,7 +789,7 @@ void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr) ...@@ -786,7 +789,7 @@ void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr)
DEFINE_PER_CPU(unsigned long [OVERFLOW_STACK_SIZE/sizeof(long)], overflow_stack) DEFINE_PER_CPU(unsigned long [OVERFLOW_STACK_SIZE/sizeof(long)], overflow_stack)
__aligned(16); __aligned(16);
asmlinkage void handle_bad_stack(struct pt_regs *regs) asmlinkage void noinstr handle_bad_stack(struct pt_regs *regs)
{ {
unsigned long tsk_stk = (unsigned long)current->stack; unsigned long tsk_stk = (unsigned long)current->stack;
unsigned long irq_stk = (unsigned long)this_cpu_read(irq_stack_ptr); unsigned long irq_stk = (unsigned long)this_cpu_read(irq_stack_ptr);
...@@ -794,6 +797,8 @@ asmlinkage void handle_bad_stack(struct pt_regs *regs) ...@@ -794,6 +797,8 @@ asmlinkage void handle_bad_stack(struct pt_regs *regs)
unsigned int esr = read_sysreg(esr_el1); unsigned int esr = read_sysreg(esr_el1);
unsigned long far = read_sysreg(far_el1); unsigned long far = read_sysreg(far_el1);
arm64_enter_nmi(regs);
console_verbose(); console_verbose();
pr_emerg("Insufficient stack space to handle exception!"); pr_emerg("Insufficient stack space to handle exception!");
...@@ -865,23 +870,16 @@ bool arm64_is_fatal_ras_serror(struct pt_regs *regs, unsigned int esr) ...@@ -865,23 +870,16 @@ bool arm64_is_fatal_ras_serror(struct pt_regs *regs, unsigned int esr)
} }
} }
asmlinkage void do_serror(struct pt_regs *regs, unsigned int esr) asmlinkage void noinstr do_serror(struct pt_regs *regs, unsigned int esr)
{ {
nmi_enter(); arm64_enter_nmi(regs);
/* non-RAS errors are not containable */ /* non-RAS errors are not containable */
if (!arm64_is_ras_serror(esr) || arm64_is_fatal_ras_serror(regs, esr)) if (!arm64_is_ras_serror(esr) || arm64_is_fatal_ras_serror(regs, esr))
arm64_serror_panic(regs, esr); arm64_serror_panic(regs, esr);
nmi_exit(); arm64_exit_nmi(regs);
}
asmlinkage void enter_from_user_mode(void)
{
CT_WARN_ON(ct_state() != CONTEXT_USER);
user_exit_irqoff();
} }
NOKPROBE_SYMBOL(enter_from_user_mode);
/* GENERIC_BUG traps */ /* GENERIC_BUG traps */
......
...@@ -789,25 +789,6 @@ void __init hook_debug_fault_code(int nr, ...@@ -789,25 +789,6 @@ void __init hook_debug_fault_code(int nr,
*/ */
static void debug_exception_enter(struct pt_regs *regs) static void debug_exception_enter(struct pt_regs *regs)
{ {
/*
* Tell lockdep we disabled irqs in entry.S. Do nothing if they were
* already disabled to preserve the last enabled/disabled addresses.
*/
if (interrupts_enabled(regs))
trace_hardirqs_off();
if (user_mode(regs)) {
RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU");
} else {
/*
* We might have interrupted pretty much anything. In
* fact, if we're a debug exception, we can even interrupt
* NMI processing. We don't want this code makes in_nmi()
* to return true, but we need to notify RCU.
*/
rcu_nmi_enter();
}
preempt_disable(); preempt_disable();
/* This code is a bit fragile. Test it. */ /* This code is a bit fragile. Test it. */
...@@ -818,12 +799,6 @@ NOKPROBE_SYMBOL(debug_exception_enter); ...@@ -818,12 +799,6 @@ NOKPROBE_SYMBOL(debug_exception_enter);
static void debug_exception_exit(struct pt_regs *regs) static void debug_exception_exit(struct pt_regs *regs)
{ {
preempt_enable_no_resched(); preempt_enable_no_resched();
if (!user_mode(regs))
rcu_nmi_exit();
if (interrupts_enabled(regs))
trace_hardirqs_on();
} }
NOKPROBE_SYMBOL(debug_exception_exit); NOKPROBE_SYMBOL(debug_exception_exit);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment