From: Raphael Gault <raphael.gault@arm.com> To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: mingo@redhat.com, peterz@infradead.org, catalin.marinas@arm.com, will.deacon@arm.com, acme@kernel.org, mark.rutland@arm.com, Raphael Gault <raphael.gault@arm.com> Subject: [PATCH 5/7] arm64: pmu: Add hook to handle pmu-related undefined instructions Date: Tue, 11 Jun 2019 13:53:13 +0100 [thread overview] Message-ID: <20190611125315.18736-6-raphael.gault@arm.com> (raw) In-Reply-To: <20190611125315.18736-1-raphael.gault@arm.com> In order to prevent the userspace processes which are trying to access the registers from the pmu registers on a big.LITTLE environment we introduce a hook to handle undefined instructions. The goal here is to prevent the process to be interrupted by a signal when the error is caused by the task being scheduled while accessing a counter, causing the counter access to be invalid. As we are not able to know efficiently the number of counters available physically on both pmu in that context we consider that any faulting access to a counter which is architecturally correct should not cause a SIGILL signal if the permissions are set accordingly. This commit also modifies the mask of the mrs_hook declared in arch/arm64/kernel/cpufeatures.c which emulates only feature register access. This is necessary because this hook's mask was too large and thus masking any mrs instruction, even if not related to the emulated registers which made the pmu emulation inefficient. Signed-off-by: Raphael Gault <raphael.gault@arm.com> --- arch/arm64/kernel/cpufeature.c | 4 +-- arch/arm64/kernel/perf_event.c | 55 ++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 80babf451519..d9b2be97cc06 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2167,8 +2167,8 @@ static int emulate_mrs(struct pt_regs *regs, u32 insn) } static struct undef_hook mrs_hook = { - .instr_mask = 0xfff00000, - .instr_val = 0xd5300000, + .instr_mask = 0xffff0000, + .instr_val = 0xd5380000, .pstate_mask = PSR_AA32_MODE_MASK, .pstate_val = PSR_MODE_EL0t, .fn = emulate_mrs, diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c index 293e4c365a53..93ac24b51d5f 100644 --- a/arch/arm64/kernel/perf_event.c +++ b/arch/arm64/kernel/perf_event.c @@ -19,9 +19,11 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <asm/cpu.h> #include <asm/irq_regs.h> #include <asm/perf_event.h> #include <asm/sysreg.h> +#include <asm/traps.h> #include <asm/virt.h> #include <linux/acpi.h> @@ -1041,6 +1043,59 @@ static int armv8pmu_probe_pmu(struct arm_pmu *cpu_pmu) return probe.present ? 0 : -ENODEV; } +static int emulate_pmu(struct pt_regs *regs, u32 insn) +{ + u32 sys_reg, rt; + u32 pmuserenr; + + sys_reg = (u32)aarch64_insn_decode_immediate(AARCH64_INSN_IMM_16, insn) << 5; + rt = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RT, insn); + pmuserenr = read_sysreg(pmuserenr_el0); + + if ((pmuserenr & (ARMV8_PMU_USERENR_ER|ARMV8_PMU_USERENR_CR)) != + (ARMV8_PMU_USERENR_ER|ARMV8_PMU_USERENR_CR)) + return -EINVAL; + + + /* + * Userspace is expected to only use this in the context of the scheme + * described in the struct perf_event_mmap_page comments. + * + * Given that context, we can only get here if we got migrated between + * getting the register index and doing the MSR read. This in turn + * implies we'll fail the sequence and retry, so any value returned is + * 'good', all we need is to be non-fatal. + * + * The choice of the value 0 is comming from the fact that when + * accessing a register which is not counting events but is accessible, + * we get 0. + */ + pt_regs_write_reg(regs, rt, 0); + + arm64_skip_faulting_instruction(regs, 4); + return 0; +} + +/* + * This hook will only be triggered by mrs + * instructions on PMU registers. This is mandatory + * in order to have a consistent behaviour even on + * big.LITTLE systems. + */ +static struct undef_hook pmu_hook = { + .instr_mask = 0xffff8800, + .instr_val = 0xd53b8800, + .fn = emulate_pmu, +}; + +static int __init enable_pmu_emulation(void) +{ + register_undef_hook(&pmu_hook); + return 0; +} + +core_initcall(enable_pmu_emulation); + static int armv8_pmu_init(struct arm_pmu *cpu_pmu) { int ret = armv8pmu_probe_pmu(cpu_pmu); -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Raphael Gault <raphael.gault@arm.com> To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: mark.rutland@arm.com, peterz@infradead.org, catalin.marinas@arm.com, will.deacon@arm.com, acme@kernel.org, Raphael Gault <raphael.gault@arm.com>, mingo@redhat.com Subject: [PATCH 5/7] arm64: pmu: Add hook to handle pmu-related undefined instructions Date: Tue, 11 Jun 2019 13:53:13 +0100 [thread overview] Message-ID: <20190611125315.18736-6-raphael.gault@arm.com> (raw) In-Reply-To: <20190611125315.18736-1-raphael.gault@arm.com> In order to prevent the userspace processes which are trying to access the registers from the pmu registers on a big.LITTLE environment we introduce a hook to handle undefined instructions. The goal here is to prevent the process to be interrupted by a signal when the error is caused by the task being scheduled while accessing a counter, causing the counter access to be invalid. As we are not able to know efficiently the number of counters available physically on both pmu in that context we consider that any faulting access to a counter which is architecturally correct should not cause a SIGILL signal if the permissions are set accordingly. This commit also modifies the mask of the mrs_hook declared in arch/arm64/kernel/cpufeatures.c which emulates only feature register access. This is necessary because this hook's mask was too large and thus masking any mrs instruction, even if not related to the emulated registers which made the pmu emulation inefficient. Signed-off-by: Raphael Gault <raphael.gault@arm.com> --- arch/arm64/kernel/cpufeature.c | 4 +-- arch/arm64/kernel/perf_event.c | 55 ++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 80babf451519..d9b2be97cc06 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2167,8 +2167,8 @@ static int emulate_mrs(struct pt_regs *regs, u32 insn) } static struct undef_hook mrs_hook = { - .instr_mask = 0xfff00000, - .instr_val = 0xd5300000, + .instr_mask = 0xffff0000, + .instr_val = 0xd5380000, .pstate_mask = PSR_AA32_MODE_MASK, .pstate_val = PSR_MODE_EL0t, .fn = emulate_mrs, diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c index 293e4c365a53..93ac24b51d5f 100644 --- a/arch/arm64/kernel/perf_event.c +++ b/arch/arm64/kernel/perf_event.c @@ -19,9 +19,11 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <asm/cpu.h> #include <asm/irq_regs.h> #include <asm/perf_event.h> #include <asm/sysreg.h> +#include <asm/traps.h> #include <asm/virt.h> #include <linux/acpi.h> @@ -1041,6 +1043,59 @@ static int armv8pmu_probe_pmu(struct arm_pmu *cpu_pmu) return probe.present ? 0 : -ENODEV; } +static int emulate_pmu(struct pt_regs *regs, u32 insn) +{ + u32 sys_reg, rt; + u32 pmuserenr; + + sys_reg = (u32)aarch64_insn_decode_immediate(AARCH64_INSN_IMM_16, insn) << 5; + rt = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RT, insn); + pmuserenr = read_sysreg(pmuserenr_el0); + + if ((pmuserenr & (ARMV8_PMU_USERENR_ER|ARMV8_PMU_USERENR_CR)) != + (ARMV8_PMU_USERENR_ER|ARMV8_PMU_USERENR_CR)) + return -EINVAL; + + + /* + * Userspace is expected to only use this in the context of the scheme + * described in the struct perf_event_mmap_page comments. + * + * Given that context, we can only get here if we got migrated between + * getting the register index and doing the MSR read. This in turn + * implies we'll fail the sequence and retry, so any value returned is + * 'good', all we need is to be non-fatal. + * + * The choice of the value 0 is comming from the fact that when + * accessing a register which is not counting events but is accessible, + * we get 0. + */ + pt_regs_write_reg(regs, rt, 0); + + arm64_skip_faulting_instruction(regs, 4); + return 0; +} + +/* + * This hook will only be triggered by mrs + * instructions on PMU registers. This is mandatory + * in order to have a consistent behaviour even on + * big.LITTLE systems. + */ +static struct undef_hook pmu_hook = { + .instr_mask = 0xffff8800, + .instr_val = 0xd53b8800, + .fn = emulate_pmu, +}; + +static int __init enable_pmu_emulation(void) +{ + register_undef_hook(&pmu_hook); + return 0; +} + +core_initcall(enable_pmu_emulation); + static int armv8_pmu_init(struct arm_pmu *cpu_pmu) { int ret = armv8pmu_probe_pmu(cpu_pmu); -- 2.17.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-06-11 12:53 UTC|newest] Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-06-11 12:53 [PATCH 0/7] arm64: Enable access to pmu registers by user-space Raphael Gault 2019-06-11 12:53 ` Raphael Gault 2019-06-11 12:53 ` [PATCH 1/7] perf: arm64: Compile tests unconditionally Raphael Gault 2019-06-11 12:53 ` Raphael Gault 2019-06-11 14:09 ` Mark Rutland 2019-06-11 14:09 ` Mark Rutland 2019-06-11 14:23 ` Arnaldo Carvalho de Melo 2019-06-11 14:23 ` Arnaldo Carvalho de Melo 2019-06-11 17:01 ` Mark Rutland 2019-06-11 17:01 ` Mark Rutland 2019-06-22 6:34 ` [tip:perf/core] perf tests " tip-bot for Raphael Gault 2019-06-11 12:53 ` [PATCH 2/7] perf: arm64: Add test to check userspace access to hardware counters Raphael Gault 2019-06-11 12:53 ` Raphael Gault 2019-06-11 12:53 ` [PATCH 3/7] perf: arm64: Use rseq to test userspace access to pmu counters Raphael Gault 2019-06-11 12:53 ` Raphael Gault 2019-06-11 14:33 ` Arnaldo Carvalho de Melo 2019-06-11 14:33 ` Arnaldo Carvalho de Melo 2019-06-11 16:57 ` Mark Rutland 2019-06-11 16:57 ` Mark Rutland 2019-06-11 19:33 ` Mathieu Desnoyers 2019-06-11 19:33 ` Mathieu Desnoyers 2019-06-13 7:10 ` Raphael Gault 2019-06-13 7:10 ` Raphael Gault 2019-06-13 8:27 ` Mathieu Desnoyers 2019-06-13 8:27 ` Mathieu Desnoyers 2019-06-13 11:02 ` Raphael Gault 2019-06-13 11:02 ` Raphael Gault 2019-06-25 13:20 ` Raphael Gault 2019-06-25 13:20 ` Raphael Gault 2019-06-25 13:29 ` Raphael Gault 2019-06-25 13:29 ` Raphael Gault 2019-06-25 13:41 ` Will Deacon 2019-06-25 13:41 ` Will Deacon 2019-06-11 12:53 ` [PATCH 4/7] arm64: pmu: Add function implementation to update event index in userpage Raphael Gault 2019-06-11 12:53 ` Raphael Gault 2019-06-11 12:53 ` Raphael Gault [this message] 2019-06-11 12:53 ` [PATCH 5/7] arm64: pmu: Add hook to handle pmu-related undefined instructions Raphael Gault 2019-06-11 12:53 ` [PATCH 6/7] arm64: perf: Enable pmu counter direct access for perf event on armv8 Raphael Gault 2019-06-11 12:53 ` Raphael Gault 2019-06-11 12:53 ` [PATCH 7/7] Documentation: arm64: Document PMU counters access from userspace Raphael Gault 2019-06-11 12:53 ` Raphael Gault
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190611125315.18736-6-raphael.gault@arm.com \ --to=raphael.gault@arm.com \ --cc=acme@kernel.org \ --cc=catalin.marinas@arm.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mark.rutland@arm.com \ --cc=mingo@redhat.com \ --cc=peterz@infradead.org \ --cc=will.deacon@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.