From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934331AbbI1PTc (ORCPT ); Mon, 28 Sep 2015 11:19:32 -0400 Received: from mail-db3on0081.outbound.protection.outlook.com ([157.55.234.81]:20736 "EHLO emea01-db3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S934216AbbI1PSK (ORCPT ); Mon, 28 Sep 2015 11:18:10 -0400 Authentication-Results: spf=fail (sender IP is 12.216.194.146) smtp.mailfrom=ezchip.com; ezchip.com; dkim=none (message not signed) header.d=none;ezchip.com; dmarc=none action=none header.from=ezchip.com; From: Chris Metcalf To: Gilad Ben Yossef , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Andrew Morton , "Rik van Riel" , Tejun Heo , Frederic Weisbecker , Thomas Gleixner , "Paul E. McKenney" , Christoph Lameter , Viresh Kumar , Catalin Marinas , Will Deacon , Andy Lutomirski , , "H. Peter Anvin" , CC: Chris Metcalf Subject: [PATCH v7 07/11] arch/x86: enable task isolation functionality Date: Mon, 28 Sep 2015 11:17:22 -0400 Message-ID: <1443453446-7827-8-git-send-email-cmetcalf@ezchip.com> X-Mailer: git-send-email 2.1.2 In-Reply-To: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> References: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1;DB3FFO11FD037;1:Bry3+HnioAHiSTwoqszmU2vrzJ5ley6W+MESKNCYmxnYJwvzrPhTrpb0AWO3kzPZ/9FIQF9v5KH9IR23eNtSdtYACkuJw6S1QMvmQI9perMEOm8RbDJdlDcdJuYbf5bkE4wBbA4l9djapC9SRs9uZumPzELnDsStJAXEr4GVRCUHxFCZsBXfmYBfSv4QXm8CYOJ7n7nOk6tJ0XdDv3Cwy77UkN42yPeYuswT72XyNKAGdxMxdGHpO394AXsX4JZ6EEdtQi554EU5CTQBzKXiYAmiPzLnpA1hYTdLoVdHh5CuyRztHWaNTNq19LdyN2lh57kVbrE2IGBQmbJo6zJDI6yKjjn3KWzsGvhqLn7+dzE= X-Forefront-Antispam-Report: CIP:12.216.194.146;CTRY:US;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(2980300002)(1110001)(1109001)(339900001)(189002)(199003)(77156002)(50226001)(5003940100001)(6806005)(64706001)(86362001)(42186005)(85426001)(87936001)(47776003)(106466001)(106476002)(105606002)(229853001)(5001960100002)(5001830100001)(107886002)(11100500001)(50466002)(48376002)(33646002)(76176999)(106356001)(62966003)(2950100001)(92566002)(5007970100001)(68736005)(19580395003)(4001540100001)(5001770100001)(19580405001)(81156007)(97736004)(5001860100001)(104016004)(46102003)(36756003)(50986999)(189998001)(9376005)(921003)(1121003)(4001430100001)(2101003)(83996005);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR02MB0782;H:ld-1.internal.tilera.com;FPR:;SPF:Fail;PTR:InfoNoRecords;MX:1;A:1;LANG:en; MIME-Version: 1.0 Content-Type: text/plain X-Microsoft-Exchange-Diagnostics: 1;VI1PR02MB0782;2:nFUw3PKMY40yI9sbXxZGZvqSKW4mOQl+2t/gd3sCYn5+UXo/7rhCYs/MJWG78E/gA1GdCGrfo08VAhKRAzAdPLTjbb6efncPaYxl/vcrRDokWIwFIahQY9ZMs5U3S7rLoJ9Jt1lXqaMsqvzT7SRtHnv+j11hvfRXgOHjzgduRZ0=;3:zcYqWY7kEVmGAFNXSuEXq+nhnS6Ryo131fWYkSSMaBNUuz8TCLD9O0gXjpaRbdRn0qg1YK4DZjxbEE/PEWHpQG4uUqNkxbu3EJQ/dBYfiefiEulEWd8YHcnX7YV5rk4C9hZfumWEabcT2Da6iQbHXx8iGkc3+XuzBiUDr9U5hUgbMPncZbMGHgfYd4an8Mt0vTvpZEgERUGVFPORzwyHy7NexnXqMrzOqrwndtTEqhRs3YVbo91g4yOdpD1TBc9W;25:qAv4o8wZNRqdINGwi8V6bYR2LGA5SFdq6K8lhrUiEFgC3AxpuOyorNeDewjpJXyTewnBvIACqMMK/mdtTFAGfL3pAAjapycJdBVt5ZNgR7hN7Gya/nIlSBCuf9EqD6ODCzWRjHRjz6ZpeXKW172+4SVPkEkBzrzlSRvLYhS0GVQ89up7sBuJPt8Ffy6ml6NkVlpTQueeLBhZr2brEOt2dUC/8ok/CMtvwcouOagReoQO6jh0ZKjc4WRfgpif7bMGGWQpEZw5QQsKBrVcRAePKA==;20:zsppXBlb7/9vd3mzrg+K2LQopxyergKx9C3tLul3m5y/aNnAr4t5AMRNRKu+rvILRi+BrjFrjHV2ZKv4da+53XsWjPXlDX/BNueFRQGOO83OOZIXliaIO6P+93sYDCUSx3fRS37WNNwyLvrZBd0rO8VqZDl0/QHhN2jH5jIY9zQ= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR02MB0782; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001);SRVR:VI1PR02MB0782;BCL:0;PCL:0;RULEID:;SRVR:VI1PR02MB0782; X-Microsoft-Exchange-Diagnostics: 1;VI1PR02MB0782;4:fd5bfLPpdt4IMxNFcGCta50U08qW2OEAFlzy5MZPGqn/DmeZnLghfIhY1i4QCO14JxQ6HTGC1I4cw872zrkBCrZsOszJiieCvGp0U3nBkjYzkqLd02JZVZBSgSFV8fjcqU0hrR7sq9Pn2UiTy7MZCVGTzlLiLM0a+W9q+b+SGCMlSbTRJzmtYtIgTSJi3L9+W9SNf6bt4m7/lf2N+MP+crCyno4TDzJaiiYE8GDZyW11NodJKaGtaFmIso/r4sLuNWzMAw5QxcwHubqmX6LFi/cCwZE2wityzewKoS3Qg9rrE6hO56dfR4LQnFLJLnu5YVmhaX2SD/x+bwTvjtinzF50sUzmdv+vAK+yB4EoNZU= X-Forefront-PRVS: 0713BC207F X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;VI1PR02MB0782;23:OnMoLi2ju7KyiVGNu/3gnN/IePw65vKRVovqXrYm6?= =?us-ascii?Q?vvUQ8J7rWYg95J/WZFBleHHzUhVYFwftgezahi8DdJ8knjWpInfjc3zmkYyk?= =?us-ascii?Q?wjpOUtZKzCCvH/HiGuzafC/N+2sNUBJWPvAFa7UBC+35sBn8OC/Eo284Su8E?= =?us-ascii?Q?PyBQSyAjj/pgveiTi2gerTJBnCG++ZoEy/hmuzECnL4/p7+2OIwB34/R/13A?= =?us-ascii?Q?q4q1pqf0R+NaC/WERFIThS8p7C9MlipKhDjouN2FdMLPQyK/mA6RVFoS+d71?= =?us-ascii?Q?lq8q9otnDX+nUtNQynssYLB5R6OaEUlube56vK4C+oalmh18WwJfkSb/EqBt?= =?us-ascii?Q?a11kiudIHVX3nU0TD5bJ2yBUE/WPoYwzUlJftd7P9oomz7zk20rQlU4vlREQ?= =?us-ascii?Q?jCY3JrbigtQGzd/7svT20VG/utftRM0eHzPTPMu7xP5QNtZWks7OIsLgLTwz?= =?us-ascii?Q?Q81YNZhbdJIPC5WxniaG6yxB5jgIQ/wPNaSglGCtdnUzaQ/E9a66RoOkXSuM?= =?us-ascii?Q?j3XaT+xob3FiZhXKy5KFfYljHbvwzlvHb0u3FzSFU/qyhqN/n+AUZQqgfeFo?= =?us-ascii?Q?HR45dAATovCfTyp7Dau7yG2brSbgLviRDdLlxxGtRTEVPG6gB6xEOR9d2YJb?= =?us-ascii?Q?PZ3TR17uKWRuHrKicS1zvIzuuSpySTPu6BU++RUjR70GVkFQJ6C1GhlYzzVB?= =?us-ascii?Q?aXg4rX6YWBxmXU5cSIYF054QW04UDYEHaUWhfOWrccsVe3hGo8MDiu8of0NT?= =?us-ascii?Q?qoysp3Vnx1BtagzZwNW1Uy4lf0Zdse+pAJuUM1vlvUgLxRmVVqC1XU3W8ets?= =?us-ascii?Q?l+jC6yYSCrZYZng73n5AAZCcgB8u5X2gC8PCkIgA2bdlve0ZUBkYF/noU5zE?= =?us-ascii?Q?y0uBWR/g1Uej2CLa5mhVSRI+zs94NQqKX5WfMhDx/ntOqE+XjJAP3Z+ljGGP?= =?us-ascii?Q?H99lylU3i41L5gC9AtexcRZgYqX1fYiHSxybY+uA8UkLVhwheU2kVfV7pr53?= =?us-ascii?Q?DawszBB/tYMgqR2T6Z6F0HQHbxjsCVnhJVQNe1Gap6Kp2Z86zm2T/dex0I3i?= =?us-ascii?Q?49/RuR3a67/Su6G/U5gCfX9KjFK2USQnD8xhAH+qr4hCDKhiUMUpqGPex0dh?= =?us-ascii?Q?UK5Wv1uMmJ45XhjOt31x5o11f3GMDRe1wLTUUL1OBaku3AykVuQGWSSP0jKo?= =?us-ascii?Q?ujnmnLYxhgtFQTYXnrfUjAJe0MS/r7CLx5jFh8MLeYHBaYcIeadz2XdXGsry?= =?us-ascii?Q?ZeRdTh9y6gbUa2Nets62gx//y99xhkffRC9cwqm73BCHjDM1niOzqYOo6QV3?= =?us-ascii?Q?twPifY1Mz6/2nhG1+dDLUof+vwS9EP4b0m77uGbcwBTluorsZ68XCCAo2kh9?= =?us-ascii?Q?rMOJGRDkMeh50NzV1nYaPa2uXfcvSt94vyze+XF3rS+hdl2?= X-Microsoft-Exchange-Diagnostics: 1;VI1PR02MB0782;5:2OuWDXfWzG6OowjcAsVFp8U5RlSVk2RgrIM89oQmTnMYJ+zZ7vueu60g5JZiOQ2wqenVmODY3eA8gTNn8b8ldnA82Vua1R+E2MFEiFHtPIhKyQiT+16P7GcRFA0plbbEFvls16aRm8RoowHhrNGUVQ==;24:DUSzDl8+2YJN64QnhK+qxk0ft2LDC5WKDfAIghX4m5S+velEXr+6XAI6DRdlzqyl3L52ECzfo9HAgK1gL6KUdSk6xlJTFtK1CDlGQjpXWdo=;20:vvVUkKCngUy0KnergYYZd4oLMt2W/9Fp2xmOUpQg8wmeA9I+1eGr5LI5KzgnNSo7Y6cvija9ixwuPOBZT9LRGQ== SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: ezchip.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2015 15:18:04.4092 (UTC) X-MS-Exchange-CrossTenant-Id: 0fc16e0a-3cd3-4092-8b2f-0a42cff122c3 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0fc16e0a-3cd3-4092-8b2f-0a42cff122c3;Ip=[12.216.194.146];Helo=[ld-1.internal.tilera.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR02MB0782 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In prepare_exit_to_usermode(), we would like to call task_isolation_enter() on every return to userspace, and like other work items, we would like to recheck for more work after calling it, since it will enable interrupts internally. However, if task_isolation_enter() is the only work item, and it has already been called once, we don't want to continue calling it in a loop. We don't have a dedicated TIF flag for task isolation, and it wouldn't make sense to have one, since we'd want to set it before starting exit every time, and then clear it the first time around the loop. Instead, we change the loop structure somewhat, so that we have a more inclusive set of flags that are tested for on the first entry to the function (including TIF_NOHZ), and if any of those flags are set, we enter the loop. And, we do the task_isolation() test unconditionally at the bottom of the loop, but then when making the decision to loop back, we just use the set of flags that doesn't include TIF_NOHZ. That way we only loop if there is other work to do, but then if that work is done, we again unconditionally call task_isolation_enter(). In syscall_trace_enter_phase1(), we try to add the necessary support for strict-mode detection of syscalls in an optimized way, by letting the code remain unchanged if we are not using TASK_ISOLATION, but otherwise calling enter_from_user_mode() under the first time we see _TIF_NOHZ, and then waiting until after we do the secure computing work to actually clear the bit from the "work" variable and call task_isolation_syscall(). Signed-off-by: Chris Metcalf --- arch/x86/entry/common.c | 47 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 11 deletions(-) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index 80dcc9261ca3..0f74389c6f3b 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -81,7 +82,8 @@ unsigned long syscall_trace_enter_phase1(struct pt_regs *regs, u32 arch) */ if (work & _TIF_NOHZ) { enter_from_user_mode(); - work &= ~_TIF_NOHZ; + if (!IS_ENABLED(CONFIG_TASK_ISOLATION)) + work &= ~_TIF_NOHZ; } #endif @@ -131,6 +133,13 @@ unsigned long syscall_trace_enter_phase1(struct pt_regs *regs, u32 arch) } #endif + /* Now check task isolation, if needed. */ + if (IS_ENABLED(CONFIG_TASK_ISOLATION) && (work & _TIF_NOHZ)) { + work &= ~_TIF_NOHZ; + if (task_isolation_strict()) + task_isolation_syscall(regs->orig_ax); + } + /* Do our best to finish without phase 2. */ if (work == 0) return ret; /* seccomp and/or nohz only (ret == 0 here) */ @@ -217,10 +226,26 @@ static struct thread_info *pt_regs_to_thread_info(struct pt_regs *regs) /* Called with IRQs disabled. */ __visible void prepare_exit_to_usermode(struct pt_regs *regs) { + u32 cached_flags; + if (WARN_ON(!irqs_disabled())) local_irq_disable(); /* + * We may want to enter the loop here unconditionally to make + * sure to do some work at least once. Test here for all + * possible conditions that might make us enter the loop, + * and return immediately if none of them are set. + */ + cached_flags = READ_ONCE(pt_regs_to_thread_info(regs)->flags); + if (!(cached_flags & (TIF_SIGPENDING | _TIF_NOTIFY_RESUME | + _TIF_UPROBE | _TIF_NEED_RESCHED | + _TIF_USER_RETURN_NOTIFY | _TIF_NOHZ))) { + user_enter(); + return; + } + + /* * In order to return to user mode, we need to have IRQs off with * none of _TIF_SIGPENDING, _TIF_NOTIFY_RESUME, _TIF_USER_RETURN_NOTIFY, * _TIF_UPROBE, or _TIF_NEED_RESCHED set. Several of these flags @@ -228,15 +253,7 @@ __visible void prepare_exit_to_usermode(struct pt_regs *regs) * so we need to loop. Disabling preemption wouldn't help: doing the * work to clear some of the flags can sleep. */ - while (true) { - u32 cached_flags = - READ_ONCE(pt_regs_to_thread_info(regs)->flags); - - if (!(cached_flags & (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | - _TIF_UPROBE | _TIF_NEED_RESCHED | - _TIF_USER_RETURN_NOTIFY))) - break; - + do { /* We have work to do. */ local_irq_enable(); @@ -258,9 +275,17 @@ __visible void prepare_exit_to_usermode(struct pt_regs *regs) if (cached_flags & _TIF_USER_RETURN_NOTIFY) fire_user_return_notifiers(); + if (task_isolation_enabled()) + task_isolation_enter(); + /* Disable IRQs and retry */ local_irq_disable(); - } + + cached_flags = READ_ONCE(pt_regs_to_thread_info(regs)->flags); + + } while (!(cached_flags & (TIF_SIGPENDING | _TIF_NOTIFY_RESUME | + _TIF_UPROBE | _TIF_NEED_RESCHED | + _TIF_USER_RETURN_NOTIFY))); user_enter(); } -- 2.1.2