From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934246AbbI1PSI (ORCPT ); Mon, 28 Sep 2015 11:18:08 -0400 Received: from mail-db3on0075.outbound.protection.outlook.com ([157.55.234.75]:23328 "EHLO emea01-db3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S934216AbbI1PSA (ORCPT ); Mon, 28 Sep 2015 11:18:00 -0400 Authentication-Results: spf=fail (sender IP is 12.216.194.146) smtp.mailfrom=ezchip.com; ezchip.com; dkim=none (message not signed) header.d=none;ezchip.com; dmarc=none action=none header.from=ezchip.com; From: Chris Metcalf To: Gilad Ben Yossef , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Andrew Morton , "Rik van Riel" , Tejun Heo , Frederic Weisbecker , Thomas Gleixner , "Paul E. McKenney" , Christoph Lameter , Viresh Kumar , Catalin Marinas , Will Deacon , Andy Lutomirski , , , CC: Chris Metcalf Subject: [PATCH v7 04/11] task_isolation: provide strict mode configurable signal Date: Mon, 28 Sep 2015 11:17:19 -0400 Message-ID: <1443453446-7827-5-git-send-email-cmetcalf@ezchip.com> X-Mailer: git-send-email 2.1.2 In-Reply-To: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> References: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1;DB3FFO11FD048;1:qHtZ4SfDwlDBmBsIEZCyCanKLE8qP+8zydSLIrGVr3C+qxtx4WVxTTxlw7RGd0mR0l6RetMN7J1zHq5CbUHjXiY7pq/Ibd+pHcV4GI+7BnS50Y1SsqhvLbcUfOdLJSveOsJPcgIx2cncMn3UfNvdSjrABOqsRueHeL72cadLm+gyyyQPrC79HiP4hQ3BWI/BNXI+mVdjUHVA2FchNifCQWT9UQYmamThVdKtYySGl2w9MXy0LXffGlAKQvwXbLdqCy1mxb3gw2WnhyGSLwPUXIHL8hz5JoPpHnVn/cpqdwLqXdQK0mCdcByTBCsUQiMT2u6dhyx+Sxk4ewJauHscPVLLHMFPFhXoGiCO7u1rS70= X-Forefront-Antispam-Report: CIP:12.216.194.146;CTRY:US;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(2980300002)(1109001)(1110001)(339900001)(199003)(189002)(105606002)(86362001)(85426001)(106356001)(5001860100001)(229853001)(5001830100001)(106476002)(42186005)(48376002)(50466002)(4001540100001)(87936001)(106466001)(81156007)(36756003)(189998001)(97736004)(5001770100001)(19580405001)(107886002)(5001920100001)(5003940100001)(68736005)(104016004)(6806005)(50226001)(5007970100001)(19580395003)(2201001)(76176999)(47776003)(33646002)(575784001)(50986999)(5001960100002)(92566002)(64706001)(2950100001)(46102003)(62966003)(77156002)(9376005)(921003)(2101003)(83996005)(1121003)(4001430100001);DIR:OUT;SFP:1101;SCL:1;SRVR:AM2PR02MB0771;H:ld-1.internal.tilera.com;FPR:;SPF:Fail;PTR:InfoNoRecords;A:1;MX:1;LANG:en; MIME-Version: 1.0 Content-Type: text/plain X-Microsoft-Exchange-Diagnostics: 1;AM2PR02MB0771;2:ecKjRLsJiX1cO5Ps7DhJxOX8Qyt4PM7LjLz7v7WFYJNcBwScEHAyJ8sPOtQYQADfNymGCeJZxSeo8G543a/Tp5XMTVq9blniVWGvoaSIlOMVxJ7rDlUofQzgo7XGZaqB+9p7qQlf7WIpIyWDu8SJVUq4BTtHuMo6r+PVWQAzpZ4=;3:laTLa+I+LfZPIQzKCFjqegJJcsgfpk2dCNubaLH51Qe47iC4fx6N9llu+0oTT5d+hub8W4pJCb6Fn36+up/vPhuRx4RrCvztvWEHI7cmeJBm0VYlTtpx7YJnLzyMyUMrnj9Y6T6s+Si3DlTG0q8ENRhcE13pHaFyQZmdmnmuvp8CZc3rpv1AP8wGxN3GvIf6kbxXHf6Ko7P/4jeP2OMW3lv46F/fsFCSVaOxRQNP+auiyOx0GfXRZBSRB/KjJxnE;25:cBwJx/VQ5O7IhOLpmLH9aDVD8Vc3W7vIAw2EXoHX8/sL3/4ogB/L2/mWMNaTXQXT10dZdlUuVCb/ENpDCdgqmVU8lPUP1WFwm6lwCasECFMNY+KvZyuf5bztZsPDe1Sku37IiodFLFxhaNsg3A3sFpXUt7i1mqDcDHZANJBMGd6bOohP+oFAFDf8g1qDves2anMol11s83b2YodnQ8Xnx483Ra3eKKE9OWyE3sw1Ut+YhNTl7VEcVkXx2uyEH3xl;20:/HeWngrXKK9Um9flWsIkID+jDPFyETIh475UhuAiAbPg5oVDarSvCk4bbImuYrDrI+TTavnHGebUcx0VcinW/FIWlTb/Jda94TOcea7bQsX+vRRCPiTDRdJRHW5G+UfVVhVqg9+qdVfYo1y8aAvX7rapPuKCvB3K5TAXiVFgwSE= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM2PR02MB0771; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001);SRVR:AM2PR02MB0771;BCL:0;PCL:0;RULEID:;SRVR:AM2PR02MB0771; X-Microsoft-Exchange-Diagnostics: 1;AM2PR02MB0771;4:rQ4FV1KvrM8EiWRkhQG2w5loM1OVHPeBSBRgbwPeeJL6dYm67qv+lMYgWAU0Q1OaCXKTj0K0rFbxznpf1WgzgntKrImgBho5goYjNBUpWAIn/jJh4VAgNymp2xYrPLMhPhDAB7W7qR9FkXuOTFjF0NCIn5PHn0ueEjEZvEzZVbUT74RGCzo002OZ8YSaBTFZKLp1mzjE9AfgElMzg1OU1nksaqdguTet18lRKlhdDamEcDeGF50pbFLO5X3QtcBViIVHEw6ZgE9V2oE3Orna93UfkNXLynjy8Yb95ZlVX/oUypp6OmN48aSigR2benchjKCo0hdi0BGBuCvqgR0NgzyS5NaLft7Is5MScMyA9bY= X-Forefront-PRVS: 0713BC207F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;AM2PR02MB0771;23:btYa2cQNEzuk63rFmiKtYK/H/kueLSBuIBNpmnW0x?= =?us-ascii?Q?Hkg4J28pmlsMlB3W3LW0es0AoJLe+FgdB7La6GjGwm/AF+365oqCrAwUZhhw?= =?us-ascii?Q?Wq93nY/zLyrI1h+8L6CWOkWt6kLvrZLVSl3Oeev23g+LbgqTm9kbLYVGSdON?= =?us-ascii?Q?YXYZa2hxPK4wJlo996SI6MnM3SweQoEp0DHBweue5UwoQawUoGlGV6OJOT6L?= =?us-ascii?Q?ZKh82FkT40KgttVYBoNkR47zEz+oqtWnNXxdSiqT2fiQagCFosRS1Wzq590X?= =?us-ascii?Q?kc9+ExhscCOMNEJv82ORlxChwKGzoH31ROdtr++9m7OCGCMSh//M8YrE0wT1?= =?us-ascii?Q?VtKsnb3dmDmgwKpleF8o75AoFj+bCb6AAyp4TdHry/fK9D+yitk0e98kUTs2?= =?us-ascii?Q?aluP1d7cEkYL8JRbVj8H6hL7W/S7LxLi2s5cABbHKlD2MV28T1q5IzmRYUtc?= =?us-ascii?Q?LEUEgsECV3oBJmSXbyhRaaviNQ7lAdOYV8SkP6hVXbobNyau2WwFy/k14zvi?= =?us-ascii?Q?ljf2JVzqRAD6buBC0r70Ia9UOQWzjcKVJB3ZK7LZcsa0Y8nH2PJ8x+LTUUnD?= =?us-ascii?Q?xQTWexeLSjrn6O+DiAhrsJTW6vxpHT5kpk/iFuvwbDN8MTOJYLCtxBH2P6Tn?= =?us-ascii?Q?jvAY9ebUCWUVbRu51hAGlusTDct33ZHrjehstYzKNyfMzgK9+D2+mPh6MIc7?= =?us-ascii?Q?Ehn52pghLZjUEdOX5BDhEXIsS+QoYmTCvotT+CLV3QnVLyZxVlhBWrmJ/dV3?= =?us-ascii?Q?TtfM93cg/u7mN1tfumuVUB2ZValtnmCOqQ2DpVHmqPEpRuDSlwyW1lMCdgE/?= =?us-ascii?Q?F5LXmBvQckoXQN8ZiRqjyWLraY/xhNqhIOFqlgsMoQhhEbesglFZBTn4Pemy?= =?us-ascii?Q?xGnr6irWb73Z5VPxZMoY0dsLEAj4G/rI+d6bMkRcGkPm0OPsv7TATm8dcOkj?= =?us-ascii?Q?cxlzdrMMMArD6PazHoAW7wtMyXIdFbfaR2+4ZwfuIrP+muGj4U/5rjjDcikp?= =?us-ascii?Q?XtaN7CBOM5frCFH74czvRJXXtWTwKChCQArrc6iaKjdWd+Xe9BtDAYY4wgRC?= =?us-ascii?Q?s7ALYxbIC79eMRcNnlMn2J1zQz6Ha0gyKb+HJ4SHQ6aqtvfMk7S48uloFyZ5?= =?us-ascii?Q?F0ZwCkEmSJoYfDnjOwyhEgQmA1Ewv0v6+sbDPJfRiMK4BGgfaxxEs9RNY+5J?= =?us-ascii?Q?evEbFYPd5bkgGiTkHQnPW8raHHMQelWn1cVA/8wuEXVv2T8RmME7tnEnAFpz?= =?us-ascii?Q?evmFPXk4kpUOlkB2r0zB102y1KAvYC1poZWf0k8V5ydiljm0wOpppTwNKfYz?= =?us-ascii?Q?joNfalpSOE+WfaGx+BbkBbCnQveYSNGuQim89ke46PqSQRM+Qf+oInPben6i?= =?us-ascii?Q?wytVdHM8QFaXFXInzMvegUIlDM4IeTf4H2wTJ9x9nRXay3eqE0moE2qjiCym?= =?us-ascii?Q?3LUWSb2peIxDswO8Qn+pjSklcPs0mQ=3D?= X-Microsoft-Exchange-Diagnostics: 1;AM2PR02MB0771;5:tyNFBDiJAmdoEwiNWisD/BwXfzhE/hP60atCIBc0KDC0lg80PAxgYF25nW15uF+CZu0hYM0sD9rl9tJDrX27LHUTzW18csVZo7CjVr47zqF6NCk9FZw5Gdx9kBebESQ/2uDMPEtLbCQL4exUC0B0yQ==;24:EoGjrhTSFlmINoRhMd7F1bNA4cTMvRT4brfeVHnVydzYsW8bwdbiqlVD6EE+fOQXWQ8GEzi5NaxSz3EOcmLb0BNXNcDj13H5h/8bF8PYoGY=;20:3Cn9LLO/CXbADTpXiAfLTEF7kQ8JJxvbUAxvrz4ega9XvK0hPxPPlIS5XqZfJVXnSUF5/Ph9OU8O58tMKSwcsA== SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: ezchip.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2015 15:17:53.4853 (UTC) X-MS-Exchange-CrossTenant-Id: 0fc16e0a-3cd3-4092-8b2f-0a42cff122c3 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0fc16e0a-3cd3-4092-8b2f-0a42cff122c3;Ip=[12.216.194.146];Helo=[ld-1.internal.tilera.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR02MB0771 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Allow userspace to override the default SIGKILL delivered when a task_isolation process in STRICT mode does a syscall or otherwise synchronously enters the kernel. In addition to being able to set the signal, we now also pass whether or not the interruption was from a syscall in the si_code field of the siginfo. Signed-off-by: Chris Metcalf --- include/uapi/linux/prctl.h | 2 ++ kernel/isolation.c | 17 +++++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 2b8038b0d1e1..a5582ace987f 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -202,5 +202,7 @@ struct prctl_mm_map { #define PR_GET_TASK_ISOLATION 49 # define PR_TASK_ISOLATION_ENABLE (1 << 0) # define PR_TASK_ISOLATION_STRICT (1 << 1) +# define PR_TASK_ISOLATION_SET_SIG(sig) (((sig) & 0x7f) << 8) +# define PR_TASK_ISOLATION_GET_SIG(bits) (((bits) >> 8) & 0x7f) #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/isolation.c b/kernel/isolation.c index 3779ba670472..44bafcd08bca 100644 --- a/kernel/isolation.c +++ b/kernel/isolation.c @@ -77,14 +77,23 @@ void task_isolation_enter(void) } } -static void kill_task_isolation_strict_task(void) +static void kill_task_isolation_strict_task(int is_syscall) { + siginfo_t info = {}; + int sig; + /* RCU should have been enabled prior to this point. */ RCU_LOCKDEP_WARN(!rcu_is_watching(), "kernel entry without RCU"); dump_stack(); current->task_isolation_flags &= ~PR_TASK_ISOLATION_ENABLE; - send_sig(SIGKILL, current, 1); + + sig = PR_TASK_ISOLATION_GET_SIG(current->task_isolation_flags); + if (sig == 0) + sig = SIGKILL; + info.si_signo = sig; + info.si_code = is_syscall; + send_sig_info(sig, &info, current); } /* @@ -103,7 +112,7 @@ void task_isolation_syscall(int syscall) pr_warn("%s/%d: task_isolation strict mode violated by syscall %d\n", current->comm, current->pid, syscall); - kill_task_isolation_strict_task(); + kill_task_isolation_strict_task(1); } /* @@ -114,5 +123,5 @@ void task_isolation_exception(void) { pr_warn("%s/%d: task_isolation strict mode violated by exception\n", current->comm, current->pid); - kill_task_isolation_strict_task(); + kill_task_isolation_strict_task(0); } -- 2.1.2 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Metcalf Subject: [PATCH v7 04/11] task_isolation: provide strict mode configurable signal Date: Mon, 28 Sep 2015 11:17:19 -0400 Message-ID: <1443453446-7827-5-git-send-email-cmetcalf@ezchip.com> References: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: In-Reply-To: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> Sender: linux-doc-owner@vger.kernel.org To: Gilad Ben Yossef , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Andrew Morton , Rik van Riel , Tejun Heo , Frederic Weisbecker , Thomas Gleixner , "Paul E. McKenney" , Christoph Lameter , Viresh Kumar , Catalin Marinas , Will Deacon , Andy Lutomirski , linux-doc@vger.kernel.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Chris Metcalf List-Id: linux-api@vger.kernel.org Allow userspace to override the default SIGKILL delivered when a task_isolation process in STRICT mode does a syscall or otherwise synchronously enters the kernel. In addition to being able to set the signal, we now also pass whether or not the interruption was from a syscall in the si_code field of the siginfo. Signed-off-by: Chris Metcalf --- include/uapi/linux/prctl.h | 2 ++ kernel/isolation.c | 17 +++++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 2b8038b0d1e1..a5582ace987f 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -202,5 +202,7 @@ struct prctl_mm_map { #define PR_GET_TASK_ISOLATION 49 # define PR_TASK_ISOLATION_ENABLE (1 << 0) # define PR_TASK_ISOLATION_STRICT (1 << 1) +# define PR_TASK_ISOLATION_SET_SIG(sig) (((sig) & 0x7f) << 8) +# define PR_TASK_ISOLATION_GET_SIG(bits) (((bits) >> 8) & 0x7f) #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/isolation.c b/kernel/isolation.c index 3779ba670472..44bafcd08bca 100644 --- a/kernel/isolation.c +++ b/kernel/isolation.c @@ -77,14 +77,23 @@ void task_isolation_enter(void) } } -static void kill_task_isolation_strict_task(void) +static void kill_task_isolation_strict_task(int is_syscall) { + siginfo_t info = {}; + int sig; + /* RCU should have been enabled prior to this point. */ RCU_LOCKDEP_WARN(!rcu_is_watching(), "kernel entry without RCU"); dump_stack(); current->task_isolation_flags &= ~PR_TASK_ISOLATION_ENABLE; - send_sig(SIGKILL, current, 1); + + sig = PR_TASK_ISOLATION_GET_SIG(current->task_isolation_flags); + if (sig == 0) + sig = SIGKILL; + info.si_signo = sig; + info.si_code = is_syscall; + send_sig_info(sig, &info, current); } /* @@ -103,7 +112,7 @@ void task_isolation_syscall(int syscall) pr_warn("%s/%d: task_isolation strict mode violated by syscall %d\n", current->comm, current->pid, syscall); - kill_task_isolation_strict_task(); + kill_task_isolation_strict_task(1); } /* @@ -114,5 +123,5 @@ void task_isolation_exception(void) { pr_warn("%s/%d: task_isolation strict mode violated by exception\n", current->comm, current->pid); - kill_task_isolation_strict_task(); + kill_task_isolation_strict_task(0); } -- 2.1.2