From nobody Tue Jan 25 01:40:20 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 305CC197339A; Tue, 25 Jan 2022 01:40:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JjV0j1H8fz4Znc; Tue, 25 Jan 2022 01:40:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643074821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xmDPLSaImTCMpW5/8T5n/4262EWc/vWh5yPtr8B+v+c=; b=X91TMH1NQmNpJ6P5wuqOGfHnLb19EsHYnvMyUOqBueYHi5dxzuBoa/EHYW8TJTQX9TrAYk 21ls7ZZPDmwn9wjHEUQizb79+gGwqZs0nwJZVykiCqGLvchQ7LlCQcvD0uyL2Av/gQ1nSO xXaoB1maEXSzt0CGdwxvw7PvdPPNW5NLYQ61h3YQq9ybxQXrFjncCiznC6bPdkjCVfwoVQ yaODm9IJwF4SMmX1h/TzPL5HcJYEyZMgzWzkVivsQCitjpVqa/ADC6e/IWuTbh9qbuoxOs kXco6z4xnit6i1zvwNAJSrFHHX8JH5bHkqprdaCad5fsxNGACzf9IL+TQb3hzg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6AB3620ACA; Tue, 25 Jan 2022 01:40:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20P1eKvm050837; Tue, 25 Jan 2022 01:40:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20P1eKYf050828; Tue, 25 Jan 2022 01:40:20 GMT (envelope-from git) Date: Tue, 25 Jan 2022 01:40:20 GMT Message-Id: <202201250140.20P1eKYf050828@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jessica Clarke Subject: git: 5272c66a00c5 - stable/13 - hwpmc: Fix amd/arm64/armv7/uncore sampling overflow race List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jrtc27 X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 5272c66a00c510b332c6477bbeacaa0179f96ff3 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643074821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xmDPLSaImTCMpW5/8T5n/4262EWc/vWh5yPtr8B+v+c=; b=SpU8sUBYiAhpp6AqNcDmOUNmwYUpHz0h41S0my+qlf3hjHzqnt5FAgxB9cG6YetlTZQlej 7KlQGZoyLPB4Z1XKXC+FC7HLUI5WMXjIgYw/avBrIDbbnXQ8aRJek1puljq0RKanERLv4x 9aXL+BmylYqcg2sp+4JIcywYquUDZO4pBiR+hwtzRGLxE5VJJQ3ACpvDVFV0nlZBOPvaGr HPSuwbB776VSO2bW98zuTxsmMYgdiF0hlYT0FAFkVZLRwWlD84FXQC4Iq71Gt9UK3oWDA9 bd/dMpzoZ4hBO/uvMPoxWU6grvkghFeh4IOEsgacEBERguCnRUxIh/Z2SS0FRA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643074821; a=rsa-sha256; cv=none; b=DM0IvA1lLDGw7SbVY23SNVXKd/Jd1B543GOyU0O2c0Q7iMglbcLwYR/s/9DdM+sJHhzGRl 2QbADZeKfpMAtJSPer372jC945TOWyrix/6J4QeLOnew9oH6+zXsP804lAiLYBJU5DSJyG ulrso5hBrNC23BnK/3uUAIVrlg04Nndhd8Ty9B/cp2SXj94vzecrlGVpjjClsH01tW4AqI /2Jia4+7XidaEzj6NqU1i0z4Ku+pKD7wmY0cb2BTSfuGp/z3dwwvEi9a7F6dbyG4P+Ynrn oZ/2XiiQ9c0+W5fUyfIofsVsp2qpyYH5Po6qktddP/tDokvczbQj+HhF9Rfa7Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=5272c66a00c510b332c6477bbeacaa0179f96ff3 commit 5272c66a00c510b332c6477bbeacaa0179f96ff3 Author: Jessica Clarke AuthorDate: 2022-01-10 14:30:05 +0000 Commit: Jessica Clarke CommitDate: 2022-01-25 00:00:01 +0000 hwpmc: Fix amd/arm64/armv7/uncore sampling overflow race If a counter more than overflows just as we read it on switch out then, if using sampling mode, we will negate this small value to give a huge reload count, and if we later switch back in that context we will validate that value against pm_reloadcount and panic an INVARIANTS kernel with: panic: [pmc,1470] pmcval outside of expected range cpu=2 ri=16 pmcval=fffff292 pm_reloadcount=10000 or similar. Presumably in a non-INVARIANTS kernel we will instead just use the provided value as the reload count, which would lead to the overflow not happing for a very long time (e.g. 78 minutes for a 48-bit counter incrementing at an averate rate of 1GHz). Instead, clamp the reload count to 0 (which corresponds precisely to the value we would compute if it had just overflowed and no more), which will result in hwpmc using the full original reload count again. This is the approach used by core for Intel (for both fixed and programmable counters). As part of this, armv7 and arm64 are made conceptually simpler; rather than skipping modifying the overflow count for sampling mode counters so it's always kept as ~0, those special cases are removed so it's always applicable and the concatentation of it and the hardware counter can always be viewed as a 64-bit counter, which also makes them look more like other architectures. Whilst here, fix an instance of UB (shifting a 1 into the sign bit) for amd in its sign-extension code. Reviewed by: andrew, mhorne, kib MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D33654 (cherry picked from commit e74c7ffcb11b6ac879167249adc23a1f9ee5aab6) --- sys/dev/hwpmc/hwpmc_amd.c | 15 ++++++++++++--- sys/dev/hwpmc/hwpmc_arm64.c | 25 ++++++++++++++++--------- sys/dev/hwpmc/hwpmc_armv7.c | 26 +++++++++++++++++--------- sys/dev/hwpmc/hwpmc_uncore.c | 4 ++++ 4 files changed, 49 insertions(+), 21 deletions(-) diff --git a/sys/dev/hwpmc/hwpmc_amd.c b/sys/dev/hwpmc/hwpmc_amd.c index a95615926bc3..f0b202af8038 100644 --- a/sys/dev/hwpmc/hwpmc_amd.c +++ b/sys/dev/hwpmc/hwpmc_amd.c @@ -431,9 +431,18 @@ amd_read_pmc(int cpu, int ri, pmc_value_t *v) tmp = rdmsr(pd->pm_perfctr); /* RDMSR serializes */ PMCDBG2(MDP,REA,2,"amd-read (pre-munge) id=%d -> %jd", ri, tmp); if (PMC_IS_SAMPLING_MODE(mode)) { - /* Sign extend 48 bit value to 64 bits. */ - tmp = (pmc_value_t) (((int64_t) tmp << 16) >> 16); - tmp = AMD_PERFCTR_VALUE_TO_RELOAD_COUNT(tmp); + /* + * Clamp value to 0 if the counter just overflowed, + * otherwise the returned reload count would wrap to a + * huge value. + */ + if ((tmp & (1ULL << 47)) == 0) + tmp = 0; + else { + /* Sign extend 48 bit value to 64 bits. */ + tmp = (pmc_value_t) ((int64_t)(tmp << 16) >> 16); + tmp = AMD_PERFCTR_VALUE_TO_RELOAD_COUNT(tmp); + } } *v = tmp; diff --git a/sys/dev/hwpmc/hwpmc_arm64.c b/sys/dev/hwpmc/hwpmc_arm64.c index ea433ca191d2..675e93c5771d 100644 --- a/sys/dev/hwpmc/hwpmc_arm64.c +++ b/sys/dev/hwpmc/hwpmc_arm64.c @@ -219,8 +219,7 @@ arm64_read_pmc(int cpu, int ri, pmc_value_t *v) if ((READ_SPECIALREG(pmovsclr_el0) & reg) != 0) { /* Clear Overflow Flag */ WRITE_SPECIALREG(pmovsclr_el0, reg); - if (!PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) - pm->pm_pcpu_state[cpu].pps_overflowcnt++; + pm->pm_pcpu_state[cpu].pps_overflowcnt++; /* Reread counter in case we raced. */ tmp = arm64_pmcn_read(ri); @@ -229,10 +228,18 @@ arm64_read_pmc(int cpu, int ri, pmc_value_t *v) intr_restore(s); PMCDBG2(MDP, REA, 2, "arm64-read id=%d -> %jd", ri, tmp); - if (PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) - *v = ARMV8_PERFCTR_VALUE_TO_RELOAD_COUNT(tmp); - else - *v = tmp; + if (PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) { + /* + * Clamp value to 0 if the counter just overflowed, + * otherwise the returned reload count would wrap to a + * huge value. + */ + if ((tmp & (1ull << 63)) == 0) + tmp = 0; + else + tmp = ARMV8_PERFCTR_VALUE_TO_RELOAD_COUNT(tmp); + } + *v = tmp; return (0); } @@ -380,10 +387,10 @@ arm64_intr(struct trapframe *tf) retval = 1; /* Found an interrupting PMC. */ - if (!PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) { - pm->pm_pcpu_state[cpu].pps_overflowcnt += 1; + pm->pm_pcpu_state[cpu].pps_overflowcnt += 1; + + if (!PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) continue; - } if (pm->pm_state != PMC_STATE_RUNNING) continue; diff --git a/sys/dev/hwpmc/hwpmc_armv7.c b/sys/dev/hwpmc/hwpmc_armv7.c index 84a983bbc69c..eaef95932c60 100644 --- a/sys/dev/hwpmc/hwpmc_armv7.c +++ b/sys/dev/hwpmc/hwpmc_armv7.c @@ -191,8 +191,7 @@ armv7_read_pmc(int cpu, int ri, pmc_value_t *v) if ((cp15_pmovsr_get() & reg) != 0) { /* Clear Overflow Flag */ cp15_pmovsr_set(reg); - if (!PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) - pm->pm_pcpu_state[cpu].pps_overflowcnt++; + pm->pm_pcpu_state[cpu].pps_overflowcnt++; /* Reread counter in case we raced. */ tmp = armv7_pmcn_read(ri, pm->pm_md.pm_armv7.pm_armv7_evsel); @@ -201,10 +200,18 @@ armv7_read_pmc(int cpu, int ri, pmc_value_t *v) intr_restore(s); PMCDBG2(MDP, REA, 2, "armv7-read id=%d -> %jd", ri, tmp); - if (PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) - *v = ARMV7_PERFCTR_VALUE_TO_RELOAD_COUNT(tmp); - else - *v = tmp; + if (PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) { + /* + * Clamp value to 0 if the counter just overflowed, + * otherwise the returned reload count would wrap to a + * huge value. + */ + if ((tmp & (1ull << 63)) == 0) + tmp = 0; + else + tmp = ARMV7_PERFCTR_VALUE_TO_RELOAD_COUNT(tmp); + } + *v = tmp; return 0; } @@ -362,10 +369,11 @@ armv7_intr(struct trapframe *tf) retval = 1; /* Found an interrupting PMC. */ - if (!PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) { - pm->pm_pcpu_state[cpu].pps_overflowcnt += 1; + pm->pm_pcpu_state[cpu].pps_overflowcnt += 1; + + if (!PMC_IS_SAMPLING_MODE(PMC_TO_MODE(pm))) continue; - } + if (pm->pm_state != PMC_STATE_RUNNING) continue; diff --git a/sys/dev/hwpmc/hwpmc_uncore.c b/sys/dev/hwpmc/hwpmc_uncore.c index 2c638833dcd9..a5e3d9bb2f8a 100644 --- a/sys/dev/hwpmc/hwpmc_uncore.c +++ b/sys/dev/hwpmc/hwpmc_uncore.c @@ -175,6 +175,10 @@ uncore_pcpu_fini(struct pmc_mdep *md, int cpu) static pmc_value_t ucf_perfctr_value_to_reload_count(pmc_value_t v) { + + /* If the PMC has overflowed, return a reload count of zero. */ + if ((v & (1ULL << (uncore_ucf_width - 1))) == 0) + return (0); v &= (1ULL << uncore_ucf_width) - 1; return (1ULL << uncore_ucf_width) - v; }