logging: sensing: tests: Add missing compiler barriers

Add missing memory barriers after branching on k_is_user_context() to
prevent reordering possible of privileged memory access.

Signed-off-by: Adrian Warecki <adrian.warecki@intel.com>

Author: softwarecki

include/zephyr/arch/xtensa/arch.h

@@ -111,6 +111,7 @@ void xtensa_arch_kernel_oops(int reason_p, void *ssf);
 		arch_syscall_invoke1(reason_p, \
 			K_SYSCALL_XTENSA_USER_FAULT); \
 	} else { \
+		compiler_barrier(); \
 		xtensa_arch_except(reason_p); \
 	} \
 	CODE_UNREACHABLE; \

include/zephyr/logging/log_msg.h

@@ -531,9 +531,10 @@ do { \
 			( \
 			bool can_simple = LOG_MSG_SIMPLE_CHECK(__VA_ARGS__); \
 			if (can_simple && ((_dlen) == 0) && !k_is_user_context()) { \
-				LOG_MSG_DBG("create fast message\n");\
+				compiler_barrier(); \
+				LOG_MSG_DBG("create fast message\n"); \
 				Z_LOG_MSG_SIMPLE_ARGS_CREATE(_domain_id, _source, _level, \
-						     Z_LOG_FMT_ARGS(_fmt, ##__VA_ARGS__)); \
+							     Z_LOG_FMT_ARGS(_fmt, ##__VA_ARGS__)); \
 				_mode = Z_LOG_MSG_MODE_SIMPLE; \
 				break; \
 			} \

include/zephyr/syscall.h

@@ -110,6 +110,12 @@ static ALWAYS_INLINE bool z_syscall_trap(void)
  * Indicate whether the CPU is currently in user mode
  *
  * @return true if the CPU is currently running with user permissions
+ *
+ * CAUTION!
+ * If you branch on k_is_user_context() and then perform a kernel-only operation, you must insert
+ * a memory barrier before the privileged operation. Both the compiler and the CPU may reorder
+ * memory operations around the branch. Without a barrier, memory accesses related to the privileged
+ * path may move before the context check or be speculated.
  */
 __pinned_func
 static inline bool k_is_user_context(void)

lib/os/printk.c

@@ -123,6 +123,7 @@ void vprintk(const char *fmt, va_list ap)
 			buf_flush(&ctx);
 		}
 	} else {
+		compiler_barrier();
 #ifdef CONFIG_PRINTK_SYNC
 		k_spinlock_key_t key = k_spin_lock(&lock);
 #endif

subsys/logging/log_msg.c

@@ -376,13 +376,15 @@ void z_log_msg_runtime_vcreate(uint8_t domain_id, const void *source,
 		pkg = alloca(plen);
 		msg = NULL;
 	} else if (IS_ENABLED(CONFIG_LOG_MODE_DEFERRED) && BACKENDS_IN_USE()) {
+		compiler_barrier();
 		msg = z_log_msg_alloc(msg_wlen);
 		if (IS_ENABLED(CONFIG_LOG_FRONTEND) && msg == NULL) {
 			pkg = alloca(plen);
 		} else {
 			pkg = msg ? msg->data : NULL;
 		}
 	} else {
+		compiler_barrier();
 		msg = alloca(msg_wlen * sizeof(int));
 		pkg = msg->data;
 	}
@@ -395,6 +397,7 @@ void z_log_msg_runtime_vcreate(uint8_t domain_id, const void *source,
 	if (k_is_user_context()) {
 		z_log_msg_static_create(source, desc, pkg, data);
 	} else {
+		compiler_barrier();
 		if (IS_ENABLED(CONFIG_LOG_FRONTEND) &&
 		    frontend_runtime_filtering(source, desc.level)) {
 			log_frontend_msg(source, desc, pkg, data);

subsys/sensing/dispatch.c

@@ -86,6 +86,7 @@ static void dispatch_task(void *a, void *b, void *c)
 	ARG_UNUSED(c);
 
 	if (IS_ENABLED(CONFIG_USERSPACE) && !k_is_user_context()) {
+		compiler_barrier();
 		rtio_access_grant(&sensing_rtio_ctx, k_current_get());
 		k_thread_user_mode_enter(dispatch_task, a, b, c);
 	}

tests/drivers/counter/counter_basic_api/src/test_counter.c

@@ -230,6 +230,7 @@ static void counter_setup_instance(const struct device *dev)
 {
 	k_sem_reset(&alarm_cnt_sem);
 	if (!k_is_user_context()) {
+		compiler_barrier();
 		alarm_cnt = 0;
 	}
 }

tests/net/socket/udp/src/main.c

@@ -1847,6 +1847,7 @@ static void run_ancillary_recvmsg_test(int client_sock,
 	}
 
 	if (!k_is_user_context()) {
+		compiler_barrier();
 		iface = net_if_get_default();
 		zassert_equal(ifindex, net_if_get_by_iface(iface));
 	}