1. 22 May, 2024 2 commits
    • Ard Biesheuvel's avatar
      arm64/fpsimd: Avoid erroneous elide of user state reload · e92bee9f
      Ard Biesheuvel authored
      TIF_FOREIGN_FPSTATE is a 'convenience' flag that should reflect whether
      the current CPU holds the most recent user mode FP/SIMD state of the
      current task. It combines two conditions:
      - whether the current CPU's FP/SIMD state belongs to the task;
      - whether that state is the most recent associated with the task (as a
        task may have executed on other CPUs as well).
      
      When a task is scheduled in and TIF_KERNEL_FPSTATE is set, it means the
      task was in a kernel mode NEON section when it was scheduled out, and so
      the kernel mode FP/SIMD state is restored. Since this implies that the
      current CPU is *not* holding the most recent user mode FP/SIMD state of
      the current task, the TIF_FOREIGN_FPSTATE flag is set too, so that the
      user mode FP/SIMD state is reloaded from memory when returning to
      userland.
      
      However, the task may be scheduled out after completing the kernel mode
      NEON section, but before returning to userland. When this happens, the
      TIF_FOREIGN_FPSTATE flag will not be preserved, but will be set as usual
      the next time the task is scheduled in, and will be based on the above
      conditions.
      
      This means that, rather than setting TIF_FOREIGN_FPSTATE when scheduling
      in a task with TIF_KERNEL_FPSTATE set, the underlying state should be
      updated so that TIF_FOREIGN_FPSTATE will assume the expected value as a
      result.
      
      So instead, call fpsimd_flush_cpu_state(), which takes care of this.
      
      Closes: https://lore.kernel.org/all/cb8822182231850108fa43e0446a4c7f@kernel.orgReported-by: default avatarJohannes Nixdorf <mixi@shadowice.org>
      Fixes: aefbab8e ("arm64: fpsimd: Preserve/restore kernel mode NEON at context switch")
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Dave Martin <Dave.Martin@arm.com>
      Cc: Janne Grunau <j@jannau.net>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Tested-by: default avatarJanne Grunau <j@jannau.net>
      Tested-by: default avatarJohannes Nixdorf <mixi@shadowice.org>
      Reviewed-by: default avatarMark Brown <broonie@kernel.org>
      Link: https://lore.kernel.org/r/20240522091335.335346-2-ardb+git@google.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      e92bee9f
    • Will Deacon's avatar
      Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" · f481bb32
      Will Deacon authored
      This reverts commit b8995a18.
      
      Ard managed to reproduce the dm-crypt corruption problem and got to the
      bottom of it, so re-apply the problematic patch in preparation for
      fixing things properly.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarWill Deacon <will@kernel.org>
      f481bb32
  2. 21 May, 2024 1 commit
    • Jiangfeng Xiao's avatar
      arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY · ffbf4fb9
      Jiangfeng Xiao authored
      When CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes
      to bug_table entries, and as a result the last entry in a bug table will
      be ignored, potentially leading to an unexpected panic(). All prior
      entries in the table will be handled correctly.
      
      The arm64 ABI requires that struct fields of up to 8 bytes are
      naturally-aligned, with padding added within a struct such that struct
      are suitably aligned within arrays.
      
      When CONFIG_DEBUG_BUGVERPOSE=y, the layout of a bug_entry is:
      
      	struct bug_entry {
      		signed int      bug_addr_disp;	// 4 bytes
      		signed int      file_disp;	// 4 bytes
      		unsigned short  line;		// 2 bytes
      		unsigned short  flags;		// 2 bytes
      	}
      
      ... with 12 bytes total, requiring 4-byte alignment.
      
      When CONFIG_DEBUG_BUGVERBOSE=n, the layout of a bug_entry is:
      
      	struct bug_entry {
      		signed int      bug_addr_disp;	// 4 bytes
      		unsigned short  flags;		// 2 bytes
      		< implicit padding >		// 2 bytes
      	}
      
      ... with 8 bytes total, with 6 bytes of data and 2 bytes of trailing
      padding, requiring 4-byte alginment.
      
      When we create a bug_entry in assembly, we align the start of the entry
      to 4 bytes, which implicitly handles padding for any prior entries.
      However, we do not align the end of the entry, and so when
      CONFIG_DEBUG_BUGVERBOSE=n, the final entry lacks the trailing padding
      bytes.
      
      For the main kernel image this is not a problem as find_bug() doesn't
      depend on the trailing padding bytes when searching for entries:
      
      	for (bug = __start___bug_table; bug < __stop___bug_table; ++bug)
      		if (bugaddr == bug_addr(bug))
      			return bug;
      
      However for modules, module_bug_finalize() depends on the trailing
      bytes when calculating the number of entries:
      
      	mod->num_bugs = sechdrs[i].sh_size / sizeof(struct bug_entry);
      
      ... and as the last bug_entry lacks the necessary padding bytes, this entry
      will not be counted, e.g. in the case of a single entry:
      
      	sechdrs[i].sh_size == 6
      	sizeof(struct bug_entry) == 8;
      
      	sechdrs[i].sh_size / sizeof(struct bug_entry) == 0;
      
      Consequently module_find_bug() will miss the last bug_entry when it does:
      
      	for (i = 0; i < mod->num_bugs; ++i, ++bug)
      		if (bugaddr == bug_addr(bug))
      			goto out;
      
      ... which can lead to a kenrel panic due to an unhandled bug.
      
      This can be demonstrated with the following module:
      
      	static int __init buginit(void)
      	{
      		WARN(1, "hello\n");
      		return 0;
      	}
      
      	static void __exit bugexit(void)
      	{
      	}
      
      	module_init(buginit);
      	module_exit(bugexit);
      	MODULE_LICENSE("GPL");
      
      ... which will trigger a kernel panic when loaded:
      
      	------------[ cut here ]------------
      	hello
      	Unexpected kernel BRK exception at EL1
      	Internal error: BRK handler: 00000000f2000800 [#1] PREEMPT SMP
      	Modules linked in: hello(O+)
      	CPU: 0 PID: 50 Comm: insmod Tainted: G           O       6.9.1 #8
      	Hardware name: linux,dummy-virt (DT)
      	pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
      	pc : buginit+0x18/0x1000 [hello]
      	lr : buginit+0x18/0x1000 [hello]
      	sp : ffff800080533ae0
      	x29: ffff800080533ae0 x28: 0000000000000000 x27: 0000000000000000
      	x26: ffffaba8c4e70510 x25: ffff800080533c30 x24: ffffaba8c4a28a58
      	x23: 0000000000000000 x22: 0000000000000000 x21: ffff3947c0eab3c0
      	x20: ffffaba8c4e3f000 x19: ffffaba846464000 x18: 0000000000000006
      	x17: 0000000000000000 x16: ffffaba8c2492834 x15: 0720072007200720
      	x14: 0720072007200720 x13: ffffaba8c49b27c8 x12: 0000000000000312
      	x11: 0000000000000106 x10: ffffaba8c4a0a7c8 x9 : ffffaba8c49b27c8
      	x8 : 00000000ffffefff x7 : ffffaba8c4a0a7c8 x6 : 80000000fffff000
      	x5 : 0000000000000107 x4 : 0000000000000000 x3 : 0000000000000000
      	x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff3947c0eab3c0
      	Call trace:
      	 buginit+0x18/0x1000 [hello]
      	 do_one_initcall+0x80/0x1c8
      	 do_init_module+0x60/0x218
      	 load_module+0x1ba4/0x1d70
      	 __do_sys_init_module+0x198/0x1d0
      	 __arm64_sys_init_module+0x1c/0x28
      	 invoke_syscall+0x48/0x114
      	 el0_svc_common.constprop.0+0x40/0xe0
      	 do_el0_svc+0x1c/0x28
      	 el0_svc+0x34/0xd8
      	 el0t_64_sync_handler+0x120/0x12c
      	 el0t_64_sync+0x190/0x194
      	Code: d0ffffe0 910003fd 91000000 9400000b (d4210000)
      	---[ end trace 0000000000000000 ]---
      	Kernel panic - not syncing: BRK handler: Fatal exception
      
      Fix this by always aligning the end of a bug_entry to 4 bytes, which is
      correct regardless of CONFIG_DEBUG_BUGVERBOSE.
      
      Fixes: 9fb7410f ("arm64/BUG: Use BRK instruction for generic BUG traps")
      Signed-off-by: default avatarYuanbin Xie <xieyuanbin1@huawei.com>
      Signed-off-by: default avatarJiangfeng Xiao <xiaojiangfeng@huawei.com>
      Reviewed-by: default avatarMark Rutland <mark.rutland@arm.com>
      Link: https://lore.kernel.org/r/1716212077-43826-1-git-send-email-xiaojiangfeng@huawei.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      ffbf4fb9
  3. 17 May, 2024 2 commits
  4. 10 May, 2024 5 commits
  5. 09 May, 2024 8 commits
    • Will Deacon's avatar
      Merge branch 'for-next/tlbi' into for-next/core · 54e1a2aa
      Will Deacon authored
      * for-next/tlbi:
        arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES
        arm64: tlb: Improve __TLBI_VADDR_RANGE()
        arm64: tlb: Fix TLBI RANGE operand
      54e1a2aa
    • Will Deacon's avatar
      Merge branch 'for-next/selftests' into for-next/core · 46e336c7
      Will Deacon authored
      * for-next/selftests:
        kselftest: arm64: Add a null pointer check
        kselftest/arm64: Remove unused parameters in abi test
      46e336c7
    • Will Deacon's avatar
      Merge branch 'for-next/perf' into for-next/core · 42e7ddba
      Will Deacon authored
      * for-next/perf: (41 commits)
        arm64: Add USER_STACKTRACE support
        drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
        drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
        drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
        perf/arm-spe: Assign parents for event_source device
        perf/arm-smmuv3: Assign parents for event_source device
        perf/arm-dsu: Assign parents for event_source device
        perf/arm-dmc620: Assign parents for event_source device
        perf/arm-ccn: Assign parents for event_source device
        perf/arm-cci: Assign parents for event_source device
        perf/alibaba_uncore: Assign parents for event_source device
        perf/arm_pmu: Assign parents for event_source devices
        perf/imx_ddr: Assign parents for event_source devices
        perf/qcom: Assign parents for event_source devices
        Documentation: qcom-pmu: Use /sys/bus/event_source/devices paths
        perf/riscv: Assign parents for event_source devices
        perf/thunderx2: Assign parents for event_source devices
        Documentation: thunderx2-pmu: Use /sys/bus/event_source/devices paths
        perf/xgene: Assign parents for event_source devices
        Documentation: xgene-pmu: Use /sys/bus/event_source/devices paths
        ...
      42e7ddba
    • Will Deacon's avatar
      Merge branch 'for-next/mm' into for-next/core · a5a5ce57
      Will Deacon authored
      * for-next/mm:
        arm64/mm: Fix pud_user_accessible_page() for PGTABLE_LEVELS <= 2
        arm64/mm: Add uffd write-protect support
        arm64/mm: Move PTE_PRESENT_INVALID to overlay PTE_NG
        arm64/mm: Remove PTE_PROT_NONE bit
        arm64/mm: generalize PMD_PRESENT_INVALID for all levels
        arm64: mm: Don't remap pgtables for allocate vs populate
        arm64: mm: Batch dsb and isb when populating pgtables
        arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
      a5a5ce57
    • Will Deacon's avatar
      Merge branch 'for-next/misc' into for-next/core · 7a7f6045
      Will Deacon authored
      * for-next/misc:
        arm64: simplify arch_static_branch/_jump function
        arm64: Add the arm64.no32bit_el0 command line option
        arm64: defer clearing DAIF.D
        arm64: assembler: update stale comment for disable_step_tsk
        arm64/sysreg: Update PIE permission encodings
        arm64: Add Neoverse-V2 part
        arm64: Remove unnecessary irqflags alternative.h include
      7a7f6045
    • Will Deacon's avatar
      Merge branch 'for-next/kbuild' into for-next/core · d4ea881f
      Will Deacon authored
      * for-next/kbuild:
        arm64: boot: Support Flat Image Tree
        arm64: Add BOOT_TARGETS variable
      d4ea881f
    • Will Deacon's avatar
      Merge branch 'for-next/acpi' into for-next/core · b2b7cc6d
      Will Deacon authored
      * for-next/acpi:
        arm64: acpi: Honour firmware_signature field of FACS, if it exists
        ACPICA: Detect FACS even for hardware reduced platforms
      b2b7cc6d
    • Ryan Roberts's avatar
      arm64/mm: Fix pud_user_accessible_page() for PGTABLE_LEVELS <= 2 · cb67ea12
      Ryan Roberts authored
      The recent change to use pud_valid() as part of the implementation of
      pud_user_accessible_page() fails to build when PGTABLE_LEVELS <= 2
      because pud_valid() is not defined in that case.
      
      Fix this by defining pud_valid() to false for this case. This means that
      pud_user_accessible_page() will correctly always return false for this
      config.
      
      Fixes: f0f5863a ("arm64/mm: Remove PTE_PROT_NONE bit")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202405082221.43rfWxz5-lkp@intel.com/Signed-off-by: default avatarRyan Roberts <ryan.roberts@arm.com>
      Link: https://lore.kernel.org/r/20240509122844.563320-1-ryan.roberts@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      cb67ea12
  6. 03 May, 2024 7 commits
  7. 28 Apr, 2024 8 commits
  8. 19 Apr, 2024 7 commits