Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

arm64: Make stxr_status an input operand in vm_do_cheri_revoke() #2086

Merged
merged 2 commits into from
Apr 22, 2024
Merged

arm64: Make stxr_status an input operand in vm_do_cheri_revoke() #2086

merged 2 commits into from
Apr 22, 2024

Conversation

markjdb
Copy link
Contributor

@markjdb markjdb commented Apr 17, 2024

No test case at the moment, as I've had trouble reproducing this. It's very timing-sensitive. Verified by looking at the disassembly of vm_cheri_revoke_page_rw() in kgdb:

   0xffff000000a23c70 <+340>:   clrtag  c0, c24
   0xffff000000a23c74 <+344>:   mov     w8, #0x2 <-- this instruction is missing without the patch
   0xffff000000a23c78 <+348>:   ldxr    c1, [c28]
   0xffff000000a23c7c <+352>:   cmp     c1, c24
   0xffff000000a23c80 <+356>:   b.ne    0xffff000000a23c88 <vm_cheri_revoke_page_rw+364>  // b.any
   0xffff000000a23c84 <+360>:   stxr    w8, c0, [c28]
   0xffff000000a23c88 <+364>:   cbz     w8, 0xffff000000a23c18 <vm_cheri_revoke_page_rw+252>
   0xffff000000a23c8c <+368>:   gctag   x9, c1
   0xffff000000a23c90 <+372>:   cbz     x9, 0xffff000000a23c20 <vm_cheri_revoke_page_rw+260>
   0xffff000000a23c94 <+376>:   cmp     w8, #0x1
   0xffff000000a23c98 <+380>:   b.eq    0xffff000000a23c74 <vm_cheri_revoke_page_rw+344>  // b.none

@markjdb markjdb requested review from brooksdavis and nwf April 17, 2024 21:56
@markjdb
arm64: Initialize stxr_status in asm in vm_do_cheri_revoke()
78623a2 
If the capability under test changes between the initial load (done to
clear the tag before storing it) and the load-link, the initial
comparison fails and the inline asm block is supposed to leave
stxr_status set to 2.  However, the lack of an input constraint meant
that the compiler simply elided the initialization of stxr_status, which
could lead to an infinite loop.

This could be fixed by making stxr_status an input operand, but it seems
safer to just initialize it in the asm block.
@markjdb
arm64: Simplify the loop in vm_do_cheri_revoke()
2cc19ab 
In a hybrid kernel, it's a bit nicer to keep the LL/SC loop in assembly
so that we don't have to swap instruction sets when the comparison
fails.  This loop also avoids needing to keep 3 different states in
stxr_status.
bsdjhb
bsdjhb approved these changes Apr 19, 2024
View reviewed changes
Copy link
Collaborator

@bsdjhb bsdjhb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The end result looks good to me. I'm not sure why the first one failed to compile in CI, probably that needs to be tracked down.

@markjdb markjdb merged commit 3c696cb into CTSRD-CHERI:dev Apr 22, 2024
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bsdjhb bsdjhb bsdjhb approved these changes

@brooksdavis brooksdavis Awaiting requested review from brooksdavis

@nwf nwf Awaiting requested review from nwf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markjdb @bsdjhb