The original x86 VDSO implementation checked for the validity of the clock source read by testing whether the returned signed cycles value is less than zero. This check was also used by the vdso read function to signal that the current selected clocksource is not VDSO capable.
During the rework of the VDSO code the check was removed and replaced with a check for the clocksource mode being != NONE.
This turned out to be a mistake because the check is necessary for paravirt and hyperv clock sources. The reason is that these clock sources have their own internal sequence counter to validate the clocksource at the point of reading it. This is necessary because the hypervisor can invalidate the clocksource asynchronously so a check during the VDSO data update is not sufficient. Having a separate indicator for the validity is slower than just validating the cycles value. The check for it being negative turned out to be the fastest implementation and safe as it would require an uptime of ~73 years with a 4GHz counter frequency to result in a false positive.
Add an optional function to validate the cycles with a default implementation which allows the compiler to optimize it out for architectures which do not require it.
Reported-by: Miklos Szeredi miklos@szeredi.hu Fixes: 5d51bee725cc ("clocksource: Add common vdso clock mode storage") Signed-off-by: Thomas Gleixner tglx@linutronix.de Cc: stable@vger.kernel.org --- lib/vdso/gettimeofday.c | 11 +++++++++++ 1 file changed, 11 insertions(+)
--- a/lib/vdso/gettimeofday.c +++ b/lib/vdso/gettimeofday.c @@ -38,6 +38,13 @@ static inline bool vdso_clocksource_ok(c } #endif
+#ifndef vdso_cycles_ok +static inline bool vdso_cycles_ok(u64 cycles) +{ + return true; +} +#endif + #ifdef CONFIG_TIME_NS static int do_hres_timens(const struct vdso_data *vdns, clockid_t clk, struct __kernel_timespec *ts) @@ -62,6 +69,8 @@ static int do_hres_timens(const struct v return -1;
cycles = __arch_get_hw_counter(vd->clock_mode); + if (unlikely(!vdso_cycles_ok(cycles))) + return -1; ns = vdso_ts->nsec; last = vd->cycle_last; ns += vdso_calc_delta(cycles, last, vd->mask, vd->mult); @@ -130,6 +139,8 @@ static __always_inline int do_hres(const return -1;
cycles = __arch_get_hw_counter(vd->clock_mode); + if (unlikely(!vdso_cycles_ok(cycles))) + return -1; ns = vdso_ts->nsec; last = vd->cycle_last; ns += vdso_calc_delta(cycles, last, vd->mask, vd->mult);
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: 72ce778007e57e8996b4bebdec738fc5e1145fd2 Gitweb: https://git.kernel.org/tip/72ce778007e57e8996b4bebdec738fc5e1145fd2 Author: Thomas Gleixner tglx@linutronix.de AuthorDate: Sat, 06 Jun 2020 23:51:16 +02:00 Committer: Thomas Gleixner tglx@linutronix.de CommitterDate: Tue, 09 Jun 2020 16:36:48 +02:00
lib/vdso: Provide sanity check for cycles (again)
The original x86 VDSO implementation checked for the validity of the clock source read by testing whether the returned signed cycles value is less than zero. This check was also used by the vdso read function to signal that the current selected clocksource is not VDSO capable.
During the rework of the VDSO code the check was removed and replaced with a check for the clocksource mode being != NONE.
This turned out to be a mistake because the check is necessary for paravirt and hyperv clock sources. The reason is that these clock sources have their own internal sequence counter to validate the clocksource at the point of reading it. This is necessary because the hypervisor can invalidate the clocksource asynchronously so a check during the VDSO data update is not sufficient. Having a separate indicator for the validity is slower than just validating the cycles value. The check for it being negative turned out to be the fastest implementation and safe as it would require an uptime of ~73 years with a 4GHz counter frequency to result in a false positive.
Add an optional function to validate the cycles with a default implementation which allows the compiler to optimize it out for architectures which do not require it.
Fixes: 5d51bee725cc ("clocksource: Add common vdso clock mode storage") Reported-by: Miklos Szeredi miklos@szeredi.hu Signed-off-by: Thomas Gleixner tglx@linutronix.de Tested-by: Miklos Szeredi mszeredi@redhat.com Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200606221531.963970768@linutronix.de
--- lib/vdso/gettimeofday.c | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/lib/vdso/gettimeofday.c b/lib/vdso/gettimeofday.c index a2909af..3bb82a6 100644 --- a/lib/vdso/gettimeofday.c +++ b/lib/vdso/gettimeofday.c @@ -38,6 +38,13 @@ static inline bool vdso_clocksource_ok(const struct vdso_data *vd) } #endif
+#ifndef vdso_cycles_ok +static inline bool vdso_cycles_ok(u64 cycles) +{ + return true; +} +#endif + #ifdef CONFIG_TIME_NS static int do_hres_timens(const struct vdso_data *vdns, clockid_t clk, struct __kernel_timespec *ts) @@ -62,6 +69,8 @@ static int do_hres_timens(const struct vdso_data *vdns, clockid_t clk, return -1;
cycles = __arch_get_hw_counter(vd->clock_mode); + if (unlikely(!vdso_cycles_ok(cycles))) + return -1; ns = vdso_ts->nsec; last = vd->cycle_last; ns += vdso_calc_delta(cycles, last, vd->mask, vd->mult); @@ -130,6 +139,8 @@ static __always_inline int do_hres(const struct vdso_data *vd, clockid_t clk, return -1;
cycles = __arch_get_hw_counter(vd->clock_mode); + if (unlikely(!vdso_cycles_ok(cycles))) + return -1; ns = vdso_ts->nsec; last = vd->cycle_last; ns += vdso_calc_delta(cycles, last, vd->mask, vd->mult);
linux-stable-mirror@lists.linaro.org
-
Thomas Gleixner -
tip-bot2 for Thomas Gleixner