[PATCH] fs/proc: Expose RSEQ configuration

[PATCH] fs/proc: Expose RSEQ configuration

[Piotr Figiel]

For userspace checkpoint and restore (C/R) some way of getting process
state containing RSEQ configuration is needed.

There are two ways this information is going to be used:
 - to re-enable RSEQ for threads which had it enabled before C/R
 - to detect if a thread was in a critical section during C/R

Since C/R preserves TLS memory and addresses RSEQ ABI will be restored
using the address registered before C/R.

Detection whether the thread is in a critical section during C/R is
needed to enforce behavior of RSEQ abort during C/R. Attaching with
ptrace() before registers are dumped itself doesn't cause RSEQ abort.
Restoring the instruction pointer within the critical section is
problematic because rseq_cs may get cleared before the control is
passed to the migrated application code leading to RSEQ invariants not
being preserved.

Signed-off-by: Piotr Figiel <figiel@google.com>
---
 fs/proc/base.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index b3422cda2a91..3d4712ac4370 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -662,6 +662,20 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
 
 	return 0;
 }
+
+#ifdef CONFIG_RSEQ
+static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns,
+				struct pid *pid, struct task_struct *task)
+{
+	int res = lock_trace(task);
+
+	if (res)
+		return res;
+	seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
+	unlock_trace(task);
+	return 0;
+}
+#endif /* CONFIG_RSEQ */
 #endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
 
 /************************************************************************/
@@ -3182,6 +3196,9 @@ static const struct pid_entry tgid_base_stuff[] = {
 	REG("comm",      S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
 	ONE("syscall",    S_IRUSR, proc_pid_syscall),
+#ifdef CONFIG_RSEQ
+	ONE("rseq",       S_IRUSR, proc_pid_rseq),
+#endif
 #endif
 	REG("cmdline",    S_IRUGO, proc_pid_cmdline_ops),
 	ONE("stat",       S_IRUGO, proc_tgid_stat),
@@ -3522,6 +3539,9 @@ static const struct pid_entry tid_base_stuff[] = {
 			 &proc_pid_set_comm_operations, {}),
 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
 	ONE("syscall",   S_IRUSR, proc_pid_syscall),
+#ifdef CONFIG_RSEQ
+	ONE("rseq",      S_IRUSR, proc_pid_rseq),
+#endif
 #endif
 	REG("cmdline",   S_IRUGO, proc_pid_cmdline_ops),
 	ONE("stat",      S_IRUGO, proc_tid_stat),
-- 
2.30.0.284.gd98b1dd5eaa7-goog

Re: [PATCH] fs/proc: Expose RSEQ configuration

[Alexey Dobriyan]

On Wed, Jan 13, 2021 at 06:41:27PM +0100, Piotr Figiel wrote:
> +static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns,
> +				struct pid *pid, struct task_struct *task)
> +{
> +	int res = lock_trace(task);
> +
> +	if (res)
> +		return res;
> +	seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);

may I suggest

	"%tx", (uintptr_t)	// or %lx

Mandatory 64-bit is too much on 32-bit.

Or even "%tx %08x" ?

Re: [PATCH] fs/proc: Expose RSEQ configuration

[Alexey Dobriyan]

On Wed, Jan 13, 2021 at 06:41:27PM +0100, Piotr Figiel wrote:
> For userspace checkpoint and restore (C/R) some way of getting process
> state containing RSEQ configuration is needed.

> +	seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);

%llx is too much on 32-bit. "%tx %x" is better (or even %08x)

Re: [PATCH] fs/proc: Expose RSEQ configuration

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 3037 bytes --]

Hi Piotr,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on userns/for-next]
[also build test WARNING on linus/master hnaz-linux-mm/master v5.11-rc3 next-20210113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
base:   https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next
config: i386-randconfig-s002-20210113 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.3-208-g46a52ca4-dirty
        # https://github.com/0day-ci/linux/commit/ac6c42405fbb35bb266d602e4d9a303e68fadc21
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
        git checkout ac6c42405fbb35bb266d602e4d9a303e68fadc21
        # save the attached .config to linux build tree
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>


"sparse warnings: (new ones prefixed by >>)"
   fs/proc/base.c:674:41: sparse: sparse: cast removes address space '__user' of expression
   fs/proc/base.c:2248:25: sparse: sparse: cast to restricted fmode_t
   fs/proc/base.c:2305:42: sparse: sparse: cast from restricted fmode_t
   fs/proc/base.c:2402:48: sparse: sparse: cast from restricted fmode_t
   fs/proc/base.c: note: in included file (through include/linux/rcuwait.h, include/linux/percpu-rwsem.h, include/linux/fs.h, ...):
   include/linux/sched/signal.h:708:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   include/linux/sched/signal.h:708:37: sparse:     expected struct spinlock [usertype] *lock
   include/linux/sched/signal.h:708:37: sparse:     got struct spinlock [noderef] __rcu *
>> fs/proc/base.c:674:50: sparse: sparse: non size-preserving pointer to integer cast
   fs/proc/base.c:1117:36: sparse: sparse: context imbalance in '__set_oom_adj' - unexpected unlock

vim +674 fs/proc/base.c

   665	
   666	#ifdef CONFIG_RSEQ
   667	static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns,
   668					struct pid *pid, struct task_struct *task)
   669	{
   670		int res = lock_trace(task);
   671	
   672		if (res)
   673			return res;
 > 674		seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
   675		unlock_trace(task);
   676		return 0;
   677	}
   678	#endif /* CONFIG_RSEQ */
   679	#endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
   680	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 29819 bytes --]

Re: [PATCH] fs/proc: Expose RSEQ configuration

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 3101 bytes --]

Hi Piotr,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on userns/for-next]
[also build test WARNING on linus/master hnaz-linux-mm/master v5.11-rc3 next-20210113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
base:   https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next
config: i386-randconfig-s002-20210113 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.3-208-g46a52ca4-dirty
        # https://github.com/0day-ci/linux/commit/ac6c42405fbb35bb266d602e4d9a303e68fadc21
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
        git checkout ac6c42405fbb35bb266d602e4d9a303e68fadc21
        # save the attached .config to linux build tree
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>


"sparse warnings: (new ones prefixed by >>)"
   fs/proc/base.c:674:41: sparse: sparse: cast removes address space '__user' of expression
   fs/proc/base.c:2248:25: sparse: sparse: cast to restricted fmode_t
   fs/proc/base.c:2305:42: sparse: sparse: cast from restricted fmode_t
   fs/proc/base.c:2402:48: sparse: sparse: cast from restricted fmode_t
   fs/proc/base.c: note: in included file (through include/linux/rcuwait.h, include/linux/percpu-rwsem.h, include/linux/fs.h, ...):
   include/linux/sched/signal.h:708:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   include/linux/sched/signal.h:708:37: sparse:     expected struct spinlock [usertype] *lock
   include/linux/sched/signal.h:708:37: sparse:     got struct spinlock [noderef] __rcu *
>> fs/proc/base.c:674:50: sparse: sparse: non size-preserving pointer to integer cast
   fs/proc/base.c:1117:36: sparse: sparse: context imbalance in '__set_oom_adj' - unexpected unlock

vim +674 fs/proc/base.c

   665	
   666	#ifdef CONFIG_RSEQ
   667	static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns,
   668					struct pid *pid, struct task_struct *task)
   669	{
   670		int res = lock_trace(task);
   671	
   672		if (res)
   673			return res;
 > 674		seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
   675		unlock_trace(task);
   676		return 0;
   677	}
   678	#endif /* CONFIG_RSEQ */
   679	#endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
   680	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 29819 bytes --]

Re: [PATCH] fs/proc: Expose RSEQ configuration

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 2378 bytes --]

Hi Piotr,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on userns/for-next]
[also build test WARNING on linus/master hnaz-linux-mm/master v5.11-rc3 next-20210113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
base:   https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next
config: mips-randconfig-r011-20210113 (attached as .config)
compiler: mipsel-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/ac6c42405fbb35bb266d602e4d9a303e68fadc21
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
        git checkout ac6c42405fbb35bb266d602e4d9a303e68fadc21
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=mips 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

   fs/proc/base.c: In function 'proc_pid_rseq':
>> fs/proc/base.c:674:33: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
     674 |  seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
         |                                 ^


vim +674 fs/proc/base.c

   665	
   666	#ifdef CONFIG_RSEQ
   667	static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns,
   668					struct pid *pid, struct task_struct *task)
   669	{
   670		int res = lock_trace(task);
   671	
   672		if (res)
   673			return res;
 > 674		seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
   675		unlock_trace(task);
   676		return 0;
   677	}
   678	#endif /* CONFIG_RSEQ */
   679	#endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
   680	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 30531 bytes --]

Re: [PATCH] fs/proc: Expose RSEQ configuration

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 2437 bytes --]

Hi Piotr,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on userns/for-next]
[also build test WARNING on linus/master hnaz-linux-mm/master v5.11-rc3 next-20210113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
base:   https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next
config: mips-randconfig-r011-20210113 (attached as .config)
compiler: mipsel-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/ac6c42405fbb35bb266d602e4d9a303e68fadc21
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Piotr-Figiel/fs-proc-Expose-RSEQ-configuration/20210114-014431
        git checkout ac6c42405fbb35bb266d602e4d9a303e68fadc21
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=mips 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

   fs/proc/base.c: In function 'proc_pid_rseq':
>> fs/proc/base.c:674:33: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
     674 |  seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
         |                                 ^


vim +674 fs/proc/base.c

   665	
   666	#ifdef CONFIG_RSEQ
   667	static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns,
   668					struct pid *pid, struct task_struct *task)
   669	{
   670		int res = lock_trace(task);
   671	
   672		if (res)
   673			return res;
 > 674		seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
   675		unlock_trace(task);
   676		return 0;
   677	}
   678	#endif /* CONFIG_RSEQ */
   679	#endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
   680	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 30531 bytes --]

Re: [PATCH] fs/proc: Expose RSEQ configuration

[Piotr Figiel]

On Thu, Jan 14, 2021 at 12:32:30AM +0300, Alexey Dobriyan wrote:
> On Wed, Jan 13, 2021 at 06:41:27PM +0100, Piotr Figiel wrote:
> > For userspace checkpoint and restore (C/R) some way of getting process
> > state containing RSEQ configuration is needed.
> > +	seq_printf(m, "0x%llx 0x%x\n", (uint64_t)task->rseq, task->rseq_sig);
> %llx is too much on 32-bit. "%tx %x" is better (or even %08x)

Hi, many thanks for the suggestion. I applied this on v2,
https://lore.kernel.org/linux-fsdevel/20210114185445.996-1-figiel@google.com
I had to cast it via uintptr_t to cast-away the user address space
without warnings. Could you please take a look?

Best regards, Piotr.