Commit e7e6a881 authored by Wei Li's avatar Wei Li Committed by Xie XiuQi
Browse files

arm64: irqflags: fix incomplete save & restore 



hulk inclusion
category: bugfix
bugzilla: 12844
CVE: NA

-------------------------------------------------

To support the arm64 pseudo nmi, function arch_local_irq_save() and
arch_local_irq_restore() now operate ICC_PMR_EL1 instead of daif.
But i found the logic of the save and restore may be suspicious:

arch_local_irq_save():
daif.i_on  pmr_on   ->  flag.i_on
1           0       |   0
1           1       |   1
0           1       |   0		--[1]
0           0       |   0

arch_local_irq_restore():
daif.i_on  pmr_on  <-  flag.i_on
x           0       |   0
x           1       |   1

As we see, the condintion [1] will never be restored honestly. When doing
function_graph trace at gic_handle_irq(), calling local_irq_save() and
local_irq_restore() in trace_graph_entry() will just go into this
condintion. Therefore the irq can never be processed and lead to hang.

In this patch, we do the save & restore exactly, and make sure the
arch_irqs_disabled_flags() returns correctly.

Fixes: 3021bd9cb776 ("arm64: irqflags: Use ICC_PMR_EL1 for interrupt masking")
Signed-off-by: default avatarWei Li <liwei391@huawei.com>
Reviewed-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 21f7e8bb

arch/arm64/include/asm/irqflags.h

+9 −8
Original line number Diff line number Diff line
@@ -76,8 +76,7 @@ static inline unsigned long arch_local_save_flags(void) 
	 * The asm is logically equivalent to:

	 *

	 * if (system_uses_irq_prio_masking())

	 *	flags = (daif_bits & PSR_I_BIT) ?

	 *			GIC_PRIO_IRQOFF :

	 *	flags = (daif_bits << 32) |

	 *			read_sysreg_s(SYS_ICC_PMR_EL1);

	 * else

	 *	flags = daif_bits;
@@ -87,11 +86,11 @@ static inline unsigned long arch_local_save_flags(void) 
			"nop\n"

			"nop",

			"mrs_s	%0, " __stringify(SYS_ICC_PMR_EL1) "\n"

			"ands	%1, %1, " __stringify(PSR_I_BIT) "\n"

			"csel	%0, %0, %2, eq",

			"lsl	%1, %1, #32\n"

			"orr	%0, %0, %1",

			ARM64_HAS_IRQ_PRIO_MASKING)

		: "=&r" (flags), "+r" (daif_bits)

		: "r" ((unsigned long) GIC_PRIO_IRQOFF)

		:

		: "memory");



	return flags;
@@ -119,8 +118,8 @@ static inline void arch_local_irq_restore(unsigned long flags) 
			"msr_s	" __stringify(SYS_ICC_PMR_EL1) ", %0\n"

			"dsb	sy",

			ARM64_HAS_IRQ_PRIO_MASKING)

		: "+r" (flags)

		:

		: "r" ((int)flags)

		: "memory");

}
@@ -130,12 +129,14 @@ static inline int arch_irqs_disabled_flags(unsigned long flags) 


	asm volatile(ALTERNATIVE(

			"and	%w0, %w1, #" __stringify(PSR_I_BIT) "\n"

			"nop\n"

			"nop",

			"and	%w0, %w2, #" __stringify(PSR_I_BIT) "\n"

			"cmp	%w1, #" __stringify(GIC_PRIO_IRQOFF) "\n"

			"cset	%w0, ls",

			"cinc	%w0, %w0, ls",

			ARM64_HAS_IRQ_PRIO_MASKING)

		: "=&r" (res)

		: "r" ((int) flags)

		: "r" ((int) flags), "r" (flags >> 32)

		: "memory");



	return res;