Re: [PATCH] arm64/cpufeature: Validate feature bits spacing in arm64_ftr_regs[]

[Anshuman Khandual]

On 06/29/2020 04:12 PM, Suzuki K Poulose wrote:
> On 06/16/2020 03:25 AM, Anshuman Khandual wrote:
>> arm64_feature_bits for a register in arm64_ftr_regs[] are in a descending
>> order as per their shift values. Validate that these features bits are
>> defined correctly and do not overlap with each other. This check protects
>> against any inadvertent erroneous changes to the register definitions.
>>
>> Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
>> Cc: Will Deacon <will@xxxxxxxxxx>
>> Cc: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
>> Cc: Mark Brown <broonie@xxxxxxxxxx>
>> Cc: Mark Rutland <mark.rutland@xxxxxxx>
>> Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
>> Cc: linux-kernel@xxxxxxxxxxxxxxx
>> Signed-off-by: Anshuman Khandual <anshuman.khandual@xxxxxxx>
>> ---
>> Applies on 5.8-rc1.
>>
>> Â arch/arm64/kernel/cpufeature.c | 45 +++++++++++++++++++++++++++++++---
>> Â 1 file changed, 42 insertions(+), 3 deletions(-)
>>
>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>> index 4ae41670c2e6..2270eda9a7fb 100644
>> --- a/arch/arm64/kernel/cpufeature.c
>> +++ b/arch/arm64/kernel/cpufeature.c
>> @@ -697,11 +697,50 @@ static s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new,
>> Â Â static void __init sort_ftr_regs(void)
>> Â {
>> -ÂÂÂ int i;
>> +ÂÂÂ const struct arm64_ftr_reg *ftr_reg;
>> +ÂÂÂ const struct arm64_ftr_bits *ftr_bits;
>> +ÂÂÂ unsigned int i, j, width, shift, prev_shift;
>> +
>> +ÂÂÂ for (i = 0; i < ARRAY_SIZE(arm64_ftr_regs); i++) {
>> +ÂÂÂÂÂÂÂ /*
>> +ÂÂÂÂÂÂÂÂ * Features here must be sorted in descending order with respect
>> +ÂÂÂÂÂÂÂÂ * to their shift values and should not overlap with each other.
>> +ÂÂÂÂÂÂÂÂ */
>> +ÂÂÂÂÂÂÂ ftr_reg = arm64_ftr_regs[i].reg;
>> +ÂÂÂÂÂÂÂ for (ftr_bits = ftr_reg->ftr_bits, j = 0;
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ftr_bits->width != 0; ftr_bits++, j++) {
>> + if (WARN_ON(ftr_bits->shift + ftr_bits->width > 64))
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ pr_err("%s has invalid feature at shift %d\n",
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ftr_reg->name, ftr_bits->shift);
> 
> nit:
> 
> ÂÂÂÂÂÂÂÂÂÂÂ WARN((ftr_bits->shift + ftr_bits->width) > 64,
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ "%s......);?
> 
>> +
>> +ÂÂÂÂÂÂÂÂÂÂÂ /*
>> +ÂÂÂÂÂÂÂÂÂÂÂÂ * Skip the first feature. There is nothing to
>> +ÂÂÂÂÂÂÂÂÂÂÂÂ * compare against for now.
>> +ÂÂÂÂÂÂÂÂÂÂÂÂ */
>> +ÂÂÂÂÂÂÂÂÂÂÂ if (j == 0)
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ continue;
>> +
>> +ÂÂÂÂÂÂÂÂÂÂÂ prev_shift = ftr_reg->ftr_bits[j - 1].shift;
>> +ÂÂÂÂÂÂÂÂÂÂÂ width = ftr_reg->ftr_bits[j].width;
>> +ÂÂÂÂÂÂÂÂÂÂÂ shift = ftr_reg->ftr_bits[j].shift;
>> +ÂÂÂÂÂÂÂÂÂÂÂ if (WARN_ON(prev_shift < shift + width))
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ pr_err("%s has feature overlap at shift %d\n",
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ftr_reg->name, ftr_bits->shift);
> 
> same as above ?

Sure, will change.

> 
>> +ÂÂÂÂÂÂÂ }
>> Â -ÂÂÂ /* Check that the array is sorted so that we can do the binary search */
>> -ÂÂÂ for (i = 1; i < ARRAY_SIZE(arm64_ftr_regs); i++)
>> +ÂÂÂÂÂÂÂ /*
>> +ÂÂÂÂÂÂÂÂ * Skip the first register. There is nothing to
>> +ÂÂÂÂÂÂÂÂ * compare against for now.
>> +ÂÂÂÂÂÂÂÂ */
>> +ÂÂÂÂÂÂÂ if (i == 0)
>> +ÂÂÂÂÂÂÂÂÂÂÂ continue;
> 
> You are starting at 1 already, so you may skip this check.

Actually, now we are starting with 0 instead for both i and j.
Hence this check would be required.