Re: [PATCH v2 RESEND 1/2] ARM: spectre-v2: Fix potential missing mitigations

public inbox for linux-arm-kernel@lists.infradead.org
 help / color / mirror / Atom feed

From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
To: Xie Yuanbin <xieyuanbin1@huawei.com>
Cc: rmk+kernel@armlinux.org.uk, linux@armlinux.org.uk,
	rppt@kernel.org, vbabka@suse.cz, pfalcato@suse.de,
	brauner@kernel.org, lorenzo.stoakes@oracle.com,
	kuninori.morimoto.gx@renesas.com, tony@atomide.com,
	arnd@arndb.de, akpm@linux-foundation.org, punitagrawal@gmail.com,
	rjw@rjwysocki.net, marc.zyngier@arm.com, will@kernel.org,
	linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org, liaohua4@huawei.com,
	lilinjie8@huawei.com
Subject: Re: [PATCH v2 RESEND 1/2] ARM: spectre-v2: Fix potential missing mitigations
Date: Tue, 28 Oct 2025 19:20:52 +0100	[thread overview]
Message-ID: <20251028182052.nrRad87D@linutronix.de> (raw)
In-Reply-To: <20251028162005.bLKC89Hy@linutronix.de>

On 2025-10-28 17:20:06 [+0100], To Xie Yuanbin wrote:
> On 2025-10-16 20:16:21 [+0800], Xie Yuanbin wrote:
> > Over the past six years, there have been continuous reports of this bug:
> …
> > 2019.3.19 https://lore.kernel.org/all/20190319203239.gl46fxnfz6gzeeic@linutronix.de/
> > 
> > To fix it, we must check whether mitigation are needed before enabling
> > interrupt(with PREEMPT) or before calling mm_read_lock()(without PREEMPT).
> > 
> > Fixes: f5fe12b1eaee ("ARM: spectre-v2: harden user aborts in kernel space")
> 
> Hmm.
> I was moving things back in 2019 but things shifted and this is no
> longer required. If I apply both patches (of yours) then it sends a
> signal with disabled interrupts which breaks my PREEMPT_RT case.

Now I got my things together.
LPAE enables interrupts early in do_page_fault(), therefore accessing a
kernel address from userland triggers the warning in
harden_branch_predictor() before sending the signal.

!LPAE does do_bad_area() -> __do_user_fault() and does not trigger the
warning in harden_branch_predictor() because the interrupts are off. 
On PREEMPT_RT this leads to an error due to accessing spinlock_t from
force_sig_fault() with disabled interrupts. Therefore I did enable
interrupts early and would need end up with the same warning as in the
LPAE case.

Now Russell wants to keep interrupts/ preemption disabled for the
address > TASK_SIZE for the entire page fault path to so that
harden_branch_predictor() works properly.

If we need that, then it won't work with the preempt-disable suggestion
I had… We don't send SIGKILL because userland might want emulate paging
for the kernel regions. Okay.

I guess the requirement is to invoke harden_branch_predictor() on the
same CPU that triggered the page_fault, right? Couldn't we then move
harden_branch_predictor() a little bit earlier, invoke it in the >=
TASK_SIZE case and then enable interrupts if they were enabled?

That would make me happy ;)

Sebastian

next prev parent reply	other threads:[~2025-10-28 18:21 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-16 12:16 [PATCH v2 RESEND 1/2] ARM: spectre-v2: Fix potential missing mitigations Xie Yuanbin
2025-10-16 12:16 ` [PATCH v2 RESEND 2/2] ARM: mm: Optimize page_fault to reduce the impact of spectre-v2 bugfix Xie Yuanbin
2025-10-28 16:20 ` [PATCH v2 RESEND 1/2] ARM: spectre-v2: Fix potential missing mitigations Sebastian Andrzej Siewior
2025-10-28 16:28   ` Sebastian Andrzej Siewior
2025-10-28 18:20   ` Sebastian Andrzej Siewior [this message]
2025-10-29  2:41     ` Xie Yuanbin
2025-10-29  7:11       ` Sebastian Andrzej Siewior

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251028182052.nrRad87D@linutronix.de \
    --to=bigeasy@linutronix.de \
    --cc=akpm@linux-foundation.org \
    --cc=arnd@arndb.de \
    --cc=brauner@kernel.org \
    --cc=kuninori.morimoto.gx@renesas.com \
    --cc=liaohua4@huawei.com \
    --cc=lilinjie8@huawei.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@armlinux.org.uk \
    --cc=lorenzo.stoakes@oracle.com \
    --cc=marc.zyngier@arm.com \
    --cc=pfalcato@suse.de \
    --cc=punitagrawal@gmail.com \
    --cc=rjw@rjwysocki.net \
    --cc=rmk+kernel@armlinux.org.uk \
    --cc=rppt@kernel.org \
    --cc=tony@atomide.com \
    --cc=vbabka@suse.cz \
    --cc=will@kernel.org \
    --cc=xieyuanbin1@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox