From: Julien Thierry <julien.thierry@arm.com>
To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Julien Thierry <julien.thierry@arm.com>,
peterz@infradead.org, catalin.marinas@arm.com,
will.deacon@arm.com, mingo@redhat.com, james.morse@arm.com,
hpa@zytor.com, valentin.schneider@arm.com
Subject: [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region
Date: Tue, 15 Jan 2019 13:58:28 +0000 [thread overview]
Message-ID: <1547560709-56207-4-git-send-email-julien.thierry@arm.com> (raw)
In-Reply-To: <1547560709-56207-1-git-send-email-julien.thierry@arm.com>
While running a user_access regions, it is not supported to reschedule.
Add an overridable primitive to indicate whether a user_access region is
active and check that this is not the case when calling rescheduling
functions.
These checks are only performed when DEBUG_UACCESS_SLEEP is selected.
Also, add a comment clarifying the behaviour of user_access regions.
Signed-off-by: Julien Thierry <julien.thierry@arm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
---
include/linux/kernel.h | 11 +++++++++--
include/linux/uaccess.h | 13 +++++++++++++
kernel/sched/core.c | 22 ++++++++++++++++++++++
lib/Kconfig.debug | 8 ++++++++
4 files changed, 52 insertions(+), 2 deletions(-)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 8f0e68e..73f1f82 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -237,11 +237,18 @@
struct pt_regs;
struct user;
+#ifdef CONFIG_DEBUG_UACCESS_SLEEP
+extern void __might_resched(const char *file, int line);
+#else
+#define __might_resched(file, line) do { } while (0)
+#endif
+
#ifdef CONFIG_PREEMPT_VOLUNTARY
extern int _cond_resched(void);
-# define might_resched() _cond_resched()
+# define might_resched() \
+ do { __might_resched(__FILE__, __LINE__); _cond_resched(); } while (0)
#else
-# define might_resched() do { } while (0)
+# define might_resched() __might_resched(__FILE__, __LINE__)
#endif
#ifdef CONFIG_DEBUG_ATOMIC_SLEEP
diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
index 37b226e..2c0c39e 100644
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -263,6 +263,15 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
#define probe_kernel_address(addr, retval) \
probe_kernel_read(&retval, addr, sizeof(retval))
+/*
+ * user_access_begin() and user_access_end() define a region where
+ * unsafe user accessors can be used. Exceptions and interrupt shall exit the
+ * user_access region and re-enter it when returning to the interrupted context.
+ *
+ * No sleeping function should get called during a user_access region - we rely
+ * on exception handling to take care of the user_access status for us, but that
+ * doesn't happen when directly calling schedule().
+ */
#ifndef user_access_begin
#define user_access_begin(ptr,len) access_ok(ptr, len)
#define user_access_end() do { } while (0)
@@ -270,6 +279,10 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
#define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0)
#endif
+#ifndef unsafe_user_region_active
+#define unsafe_user_region_active() false
+#endif
+
#ifdef CONFIG_HARDENED_USERCOPY
void usercopy_warn(const char *name, const char *detail, bool to_user,
unsigned long offset, unsigned long len);
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index a674c7db..b1bb7e9 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -3289,6 +3289,14 @@ static inline void schedule_debug(struct task_struct *prev)
__schedule_bug(prev);
preempt_count_set(PREEMPT_DISABLED);
}
+
+ if (IS_ENABLED(CONFIG_DEBUG_UACCESS_SLEEP) &&
+ unlikely(unsafe_user_region_active())) {
+ printk(KERN_ERR "BUG: scheduling while user_access enabled: %s/%d/0x%08x\n",
+ prev->comm, prev->pid, preempt_count());
+ dump_stack();
+ }
+
rcu_sleep_check();
profile_hit(SCHED_PROFILING, __builtin_return_address(0));
@@ -6151,6 +6159,20 @@ void ___might_sleep(const char *file, int line, int preempt_offset)
EXPORT_SYMBOL(___might_sleep);
#endif
+#ifdef CONFIG_DEBUG_UACCESS_SLEEP
+void __might_resched(const char *file, int line)
+{
+ if (!unsafe_user_region_active())
+ return;
+
+ printk(KERN_ERR
+ "BUG: rescheduling function called from user access context at %s:%d\n",
+ file, line);
+ dump_stack();
+}
+EXPORT_SYMBOL(__might_resched);
+#endif
+
#ifdef CONFIG_MAGIC_SYSRQ
void normalize_rt_tasks(void)
{
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index d4df5b2..d030e31 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -2069,6 +2069,14 @@ config IO_STRICT_DEVMEM
If in doubt, say Y.
+config DEBUG_UACCESS_SLEEP
+ bool "Check sleep inside a user access region"
+ depends on DEBUG_KERNEL
+ help
+ If you say Y here, various routines which may sleep will become very
+ noisy if they are called inside a user access region (i.e. between
+ a user_access_begin() and a user_access_end())
+
source "arch/$(SRCARCH)/Kconfig.debug"
endmenu # Kernel hacking
--
1.9.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-01-15 14:03 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 13:58 [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Julien Thierry
2019-01-15 13:58 ` [PATCH v3 1/4] arm64: uaccess: Cleanup get/put_user() Julien Thierry
2019-01-15 13:58 ` [PATCH v3 2/4] arm64: uaccess: Implement unsafe accessors Julien Thierry
2019-01-15 13:58 ` Julien Thierry [this message]
2019-01-30 16:58 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Valentin Schneider
2019-02-04 13:27 ` Julien Thierry
2019-02-11 13:45 ` Ingo Molnar
2019-02-11 13:51 ` Peter Zijlstra
2019-02-12 9:15 ` Julien Thierry
2019-02-13 8:21 ` Ingo Molnar
2019-02-13 10:35 ` Peter Zijlstra
2019-02-13 10:50 ` Julien Thierry
2019-02-13 13:17 ` Peter Zijlstra
2019-02-13 13:20 ` Peter Zijlstra
2019-02-13 14:00 ` Will Deacon
2019-02-13 14:07 ` Julien Thierry
2019-02-13 14:17 ` Peter Zijlstra
2019-02-13 14:24 ` Julien Thierry
2019-02-13 14:40 ` Peter Zijlstra
2019-02-13 15:08 ` Peter Zijlstra
2019-02-13 14:25 ` Peter Zijlstra
2019-02-13 14:39 ` Julien Thierry
2019-02-13 14:41 ` Peter Zijlstra
2019-02-13 15:45 ` Peter Zijlstra
2019-02-13 18:54 ` Peter Zijlstra
[not found] ` <D61C430D-4321-4114-AB85-671A3C7B8EAE@amacapital.net>
2019-02-13 22:21 ` Peter Zijlstra
2019-02-13 22:49 ` Andy Lutomirski
2019-02-14 10:14 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Peter Zijlstra
2019-02-14 16:18 ` Brian Gerst
2019-02-14 19:34 ` Peter Zijlstra
2019-02-15 14:34 ` Brian Gerst
2019-02-15 17:18 ` Linus Torvalds
2019-02-15 17:40 ` Peter Zijlstra
2019-02-15 18:28 ` Andy Lutomirski
2019-02-15 23:34 ` Peter Zijlstra
2019-02-16 0:21 ` Linus Torvalds
2019-02-16 10:32 ` Peter Zijlstra
2019-02-16 4:06 ` hpa
2019-02-16 10:30 ` Peter Zijlstra
2019-02-18 22:30 ` H. Peter Anvin
2019-02-19 0:24 ` Linus Torvalds
2019-02-19 2:20 ` Andy Lutomirski
2019-02-19 2:46 ` H. Peter Anvin
2019-02-19 9:07 ` Julien Thierry
2019-02-19 8:53 ` Julien Thierry
2019-02-19 9:15 ` Peter Zijlstra
2019-02-19 9:19 ` Peter Zijlstra
2019-02-19 9:04 ` Peter Zijlstra
2019-02-19 9:21 ` hpa
2019-02-19 9:44 ` Peter Zijlstra
2019-02-19 11:38 ` Thomas Gleixner
2019-02-19 11:58 ` Peter Zijlstra
2019-02-19 12:48 ` Will Deacon
2019-02-20 22:55 ` H. Peter Anvin
2019-02-21 12:06 ` Julien Thierry
2019-02-21 21:35 ` Thomas Gleixner
2019-02-21 22:08 ` Linus Torvalds
2019-02-22 12:58 ` Peter Zijlstra
2019-02-22 18:10 ` Thomas Gleixner
2019-02-22 22:26 ` [RFC][PATCH] objtool: STAC/CLAC validation Peter Zijlstra
2019-02-22 23:34 ` Linus Torvalds
2019-02-23 8:43 ` Peter Zijlstra
2019-02-22 23:39 ` hpa
2019-02-23 8:39 ` Peter Zijlstra
2019-02-25 8:47 ` hpa
2019-02-25 13:21 ` Peter Zijlstra
2019-03-01 15:07 ` Peter Zijlstra
2019-02-25 8:49 ` hpa
2019-02-22 23:55 ` Andy Lutomirski
2019-02-23 8:37 ` Peter Zijlstra
2019-02-23 10:52 ` Peter Zijlstra
2019-02-25 10:51 ` Peter Zijlstra
2019-02-25 11:53 ` Peter Zijlstra
2019-02-25 15:36 ` Andy Lutomirski
2019-02-23 0:34 ` Andy Lutomirski
2019-02-23 1:12 ` Linus Torvalds
2019-02-23 1:16 ` Andy Lutomirski
2019-02-23 1:33 ` Linus Torvalds
2019-02-23 1:40 ` Linus Torvalds
2019-02-25 8:33 ` Julien Thierry
2019-02-25 11:55 ` Peter Zijlstra
2019-02-21 12:46 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Will Deacon
2019-02-21 22:06 ` Andy Lutomirski
2019-02-18 9:03 ` [PATCH v2] " Peter Zijlstra
2019-02-13 23:19 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Linus Torvalds
2019-01-15 13:58 ` [PATCH v3 4/4] arm64: uaccess: Implement user_access_region_active Julien Thierry
2019-01-25 14:27 ` [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Catalin Marinas
2019-01-30 16:17 ` Julien Thierry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1547560709-56207-4-git-send-email-julien.thierry@arm.com \
--to=julien.thierry@arm.com \
--cc=catalin.marinas@arm.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=valentin.schneider@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).