From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Marc Zyngier <maz@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Morten Rasmussen <morten.rasmussen@arm.com>,
Qais Yousef <qais.yousef@arm.com>,
Suren Baghdasaryan <surenb@google.com>,
Quentin Perret <qperret@google.com>, Tejun Heo <tj@kernel.org>,
Li Zefan <lizefan@huawei.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Ingo Molnar <mingo@redhat.com>,
Juri Lelli <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
kernel-team@android.com
Subject: [PATCH v6 04/21] arm64: Kill 32-bit applications scheduled on 64-bit-only CPUs
Date: Tue, 18 May 2021 10:47:08 +0100 [thread overview]
Message-ID: <20210518094725.7701-5-will@kernel.org> (raw)
In-Reply-To: <20210518094725.7701-1-will@kernel.org>
Scheduling a 32-bit application on a 64-bit-only CPU is a bad idea.
Ensure that 32-bit applications always take the slow-path when returning
to userspace on a system with mismatched support at EL0, so that we can
avoid trying to run on a 64-bit-only CPU and force a SIGKILL instead.
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/kernel/process.c | 19 ++++++++++++++++++-
arch/arm64/kernel/signal.c | 26 ++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index b4bb67f17a2c..f4a91bf1ce0c 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -527,6 +527,15 @@ static void erratum_1418040_thread_switch(struct task_struct *prev,
write_sysreg(val, cntkctl_el1);
}
+static void compat_thread_switch(struct task_struct *next)
+{
+ if (!is_compat_thread(task_thread_info(next)))
+ return;
+
+ if (static_branch_unlikely(&arm64_mismatched_32bit_el0))
+ set_tsk_thread_flag(next, TIF_NOTIFY_RESUME);
+}
+
static void update_sctlr_el1(u64 sctlr)
{
/*
@@ -568,6 +577,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
ssbs_thread_switch(next);
erratum_1418040_thread_switch(prev, next);
ptrauth_thread_switch_user(next);
+ compat_thread_switch(next);
/*
* Complete any pending TLB or cache maintenance on this CPU in case
@@ -633,8 +643,15 @@ unsigned long arch_align_stack(unsigned long sp)
*/
void arch_setup_new_exec(void)
{
- current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0;
+ unsigned long mmflags = 0;
+
+ if (is_compat_task()) {
+ mmflags = MMCF_AARCH32;
+ if (static_branch_unlikely(&arm64_mismatched_32bit_el0))
+ set_tsk_thread_flag(current, TIF_NOTIFY_RESUME);
+ }
+ current->mm->context.flags = mmflags;
ptrauth_thread_init_user();
mte_thread_init_user();
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 6237486ff6bb..f8192f4ae0b8 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -911,6 +911,19 @@ static void do_signal(struct pt_regs *regs)
restore_saved_sigmask();
}
+static bool cpu_affinity_invalid(struct pt_regs *regs)
+{
+ if (!compat_user_mode(regs))
+ return false;
+
+ /*
+ * We're preemptible, but a reschedule will cause us to check the
+ * affinity again.
+ */
+ return !cpumask_test_cpu(raw_smp_processor_id(),
+ system_32bit_el0_cpumask());
+}
+
asmlinkage void do_notify_resume(struct pt_regs *regs,
unsigned long thread_flags)
{
@@ -938,6 +951,19 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
if (thread_flags & _TIF_NOTIFY_RESUME) {
tracehook_notify_resume(regs);
rseq_handle_notify_resume(NULL, regs);
+
+ /*
+ * If we reschedule after checking the affinity
+ * then we must ensure that TIF_NOTIFY_RESUME
+ * is set so that we check the affinity again.
+ * Since tracehook_notify_resume() clears the
+ * flag, ensure that the compiler doesn't move
+ * it after the affinity check.
+ */
+ barrier();
+
+ if (cpu_affinity_invalid(regs))
+ force_sig(SIGKILL);
}
if (thread_flags & _TIF_FOREIGN_FPSTATE)
--
2.31.1.751.gd2f1c929bd-goog
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Marc Zyngier <maz@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Morten Rasmussen <morten.rasmussen@arm.com>,
Qais Yousef <qais.yousef@arm.com>,
Suren Baghdasaryan <surenb@google.com>,
Quentin Perret <qperret@google.com>, Tejun Heo <tj@kernel.org>,
Li Zefan <lizefan@huawei.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Ingo Molnar <mingo@redhat.com>,
Juri Lelli <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
kernel-team@android.com
Subject: [PATCH v6 04/21] arm64: Kill 32-bit applications scheduled on 64-bit-only CPUs
Date: Tue, 18 May 2021 10:47:08 +0100 [thread overview]
Message-ID: <20210518094725.7701-5-will@kernel.org> (raw)
In-Reply-To: <20210518094725.7701-1-will@kernel.org>
Scheduling a 32-bit application on a 64-bit-only CPU is a bad idea.
Ensure that 32-bit applications always take the slow-path when returning
to userspace on a system with mismatched support at EL0, so that we can
avoid trying to run on a 64-bit-only CPU and force a SIGKILL instead.
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/kernel/process.c | 19 ++++++++++++++++++-
arch/arm64/kernel/signal.c | 26 ++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index b4bb67f17a2c..f4a91bf1ce0c 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -527,6 +527,15 @@ static void erratum_1418040_thread_switch(struct task_struct *prev,
write_sysreg(val, cntkctl_el1);
}
+static void compat_thread_switch(struct task_struct *next)
+{
+ if (!is_compat_thread(task_thread_info(next)))
+ return;
+
+ if (static_branch_unlikely(&arm64_mismatched_32bit_el0))
+ set_tsk_thread_flag(next, TIF_NOTIFY_RESUME);
+}
+
static void update_sctlr_el1(u64 sctlr)
{
/*
@@ -568,6 +577,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
ssbs_thread_switch(next);
erratum_1418040_thread_switch(prev, next);
ptrauth_thread_switch_user(next);
+ compat_thread_switch(next);
/*
* Complete any pending TLB or cache maintenance on this CPU in case
@@ -633,8 +643,15 @@ unsigned long arch_align_stack(unsigned long sp)
*/
void arch_setup_new_exec(void)
{
- current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0;
+ unsigned long mmflags = 0;
+
+ if (is_compat_task()) {
+ mmflags = MMCF_AARCH32;
+ if (static_branch_unlikely(&arm64_mismatched_32bit_el0))
+ set_tsk_thread_flag(current, TIF_NOTIFY_RESUME);
+ }
+ current->mm->context.flags = mmflags;
ptrauth_thread_init_user();
mte_thread_init_user();
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 6237486ff6bb..f8192f4ae0b8 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -911,6 +911,19 @@ static void do_signal(struct pt_regs *regs)
restore_saved_sigmask();
}
+static bool cpu_affinity_invalid(struct pt_regs *regs)
+{
+ if (!compat_user_mode(regs))
+ return false;
+
+ /*
+ * We're preemptible, but a reschedule will cause us to check the
+ * affinity again.
+ */
+ return !cpumask_test_cpu(raw_smp_processor_id(),
+ system_32bit_el0_cpumask());
+}
+
asmlinkage void do_notify_resume(struct pt_regs *regs,
unsigned long thread_flags)
{
@@ -938,6 +951,19 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
if (thread_flags & _TIF_NOTIFY_RESUME) {
tracehook_notify_resume(regs);
rseq_handle_notify_resume(NULL, regs);
+
+ /*
+ * If we reschedule after checking the affinity
+ * then we must ensure that TIF_NOTIFY_RESUME
+ * is set so that we check the affinity again.
+ * Since tracehook_notify_resume() clears the
+ * flag, ensure that the compiler doesn't move
+ * it after the affinity check.
+ */
+ barrier();
+
+ if (cpu_affinity_invalid(regs))
+ force_sig(SIGKILL);
}
if (thread_flags & _TIF_FOREIGN_FPSTATE)
--
2.31.1.751.gd2f1c929bd-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-05-18 9:47 UTC|newest]
Thread overview: 166+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-18 9:47 [PATCH v6 00/21] Add support for 32-bit tasks on asymmetric AArch32 systems Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 01/21] arm64: cpuinfo: Split AArch32 registers out into a separate struct Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 10:47 ` Catalin Marinas
2021-05-21 10:47 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 02/21] arm64: Allow mismatched 32-bit EL0 support Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 10:25 ` Catalin Marinas
2021-05-21 10:25 ` Catalin Marinas
2021-05-24 12:05 ` Will Deacon
2021-05-24 12:05 ` Will Deacon
2021-05-24 13:49 ` Catalin Marinas
2021-05-24 13:49 ` Catalin Marinas
2021-05-21 10:41 ` Catalin Marinas
2021-05-21 10:41 ` Catalin Marinas
2021-05-24 12:09 ` Will Deacon
2021-05-24 12:09 ` Will Deacon
2021-05-24 13:46 ` Catalin Marinas
2021-05-24 13:46 ` Catalin Marinas
2021-05-21 15:22 ` Qais Yousef
2021-05-21 15:22 ` Qais Yousef
2021-05-24 20:21 ` Will Deacon
2021-05-24 20:21 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 03/21] KVM: arm64: Kill 32-bit vCPUs on systems with mismatched " Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 10:47 ` Catalin Marinas
2021-05-21 10:47 ` Catalin Marinas
2021-05-18 9:47 ` Will Deacon [this message]
2021-05-18 9:47 ` [PATCH v6 04/21] arm64: Kill 32-bit applications scheduled on 64-bit-only CPUs Will Deacon
2021-05-21 10:55 ` Catalin Marinas
2021-05-21 10:55 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 05/21] arm64: Advertise CPUs capable of running 32-bit applications in sysfs Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 11:00 ` Catalin Marinas
2021-05-21 11:00 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 06/21] sched: Introduce task_cpu_possible_mask() to limit fallback rq selection Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 16:03 ` Peter Zijlstra
2021-05-21 16:03 ` Peter Zijlstra
2021-05-24 12:17 ` Will Deacon
2021-05-24 12:17 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 07/21] cpuset: Don't use the cpu_possible_mask as a last resort for cgroup v1 Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 17:39 ` Qais Yousef
2021-05-21 17:39 ` Qais Yousef
2021-05-24 20:21 ` Will Deacon
2021-05-24 20:21 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 08/21] cpuset: Honour task_cpu_possible_mask() in guarantee_online_cpus() Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 16:25 ` Qais Yousef
2021-05-21 16:25 ` Qais Yousef
2021-05-24 21:09 ` Will Deacon
2021-05-24 21:09 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 09/21] sched: Reject CPU affinity changes based on task_cpu_possible_mask() Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 10/21] sched: Introduce task_struct::user_cpus_ptr to track requested affinity Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 11/21] sched: Split the guts of sched_setaffinity() into a helper function Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 16:41 ` Qais Yousef
2021-05-21 16:41 ` Qais Yousef
2021-05-24 21:16 ` Will Deacon
2021-05-24 21:16 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 12/21] sched: Allow task CPU affinity to be restricted on asymmetric systems Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 17:11 ` Qais Yousef
2021-05-21 17:11 ` Qais Yousef
2021-05-24 21:43 ` Will Deacon
2021-05-24 21:43 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 13/21] sched: Admit forcefully-affined tasks into SCHED_DEADLINE Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-18 10:20 ` Quentin Perret
2021-05-18 10:20 ` Quentin Perret
2021-05-18 10:28 ` Will Deacon
2021-05-18 10:28 ` Will Deacon
2021-05-18 10:48 ` Quentin Perret
2021-05-18 10:48 ` Quentin Perret
2021-05-18 10:59 ` Will Deacon
2021-05-18 10:59 ` Will Deacon
2021-05-18 13:19 ` Quentin Perret
2021-05-18 13:19 ` Quentin Perret
2021-05-20 9:13 ` Juri Lelli
2021-05-20 9:13 ` Juri Lelli
2021-05-20 10:16 ` Will Deacon
2021-05-20 10:16 ` Will Deacon
2021-05-20 10:33 ` Quentin Perret
2021-05-20 10:33 ` Quentin Perret
2021-05-20 12:38 ` Juri Lelli
2021-05-20 12:38 ` Juri Lelli
2021-05-20 12:38 ` Daniel Bristot de Oliveira
2021-05-20 12:38 ` Daniel Bristot de Oliveira
2021-05-20 15:06 ` Dietmar Eggemann
2021-05-20 15:06 ` Dietmar Eggemann
2021-05-20 16:00 ` Daniel Bristot de Oliveira
2021-05-20 16:00 ` Daniel Bristot de Oliveira
2021-05-20 17:55 ` Dietmar Eggemann
2021-05-20 17:55 ` Dietmar Eggemann
2021-05-20 18:03 ` Will Deacon
2021-05-20 18:03 ` Will Deacon
2021-05-21 11:26 ` Dietmar Eggemann
2021-05-21 11:26 ` Dietmar Eggemann
2021-05-20 18:01 ` Will Deacon
2021-05-20 18:01 ` Will Deacon
2021-05-21 5:25 ` Juri Lelli
2021-05-21 5:25 ` Juri Lelli
2021-05-21 8:15 ` Quentin Perret
2021-05-21 8:15 ` Quentin Perret
2021-05-21 8:39 ` Juri Lelli
2021-05-21 8:39 ` Juri Lelli
2021-05-21 10:37 ` Will Deacon
2021-05-21 10:37 ` Will Deacon
2021-05-21 11:23 ` Dietmar Eggemann
2021-05-21 11:23 ` Dietmar Eggemann
2021-05-21 13:02 ` Quentin Perret
2021-05-21 13:02 ` Quentin Perret
2021-05-21 14:04 ` Juri Lelli
2021-05-21 14:04 ` Juri Lelli
2021-05-21 17:47 ` Dietmar Eggemann
2021-05-21 17:47 ` Dietmar Eggemann
2021-05-21 13:00 ` Daniel Bristot de Oliveira
2021-05-21 13:00 ` Daniel Bristot de Oliveira
2021-05-21 13:12 ` Quentin Perret
2021-05-21 13:12 ` Quentin Perret
2021-05-24 20:47 ` Will Deacon
2021-05-24 20:47 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 14/21] freezer: Add frozen_or_skipped() helper function Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 15/21] sched: Defer wakeup in ttwu() for unschedulable frozen tasks Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-18 9:47 ` [PATCH v6 16/21] arm64: Implement task_cpu_possible_mask() Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-24 14:57 ` Catalin Marinas
2021-05-24 14:57 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 17/21] arm64: exec: Adjust affinity for compat tasks with mismatched 32-bit EL0 Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-24 15:02 ` Catalin Marinas
2021-05-24 15:02 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 18/21] arm64: Prevent offlining first CPU with 32-bit EL0 on mismatched system Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-24 15:46 ` Catalin Marinas
2021-05-24 15:46 ` Catalin Marinas
2021-05-24 20:32 ` Will Deacon
2021-05-24 20:32 ` Will Deacon
2021-05-25 9:43 ` Catalin Marinas
2021-05-25 9:43 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 19/21] arm64: Hook up cmdline parameter to allow mismatched 32-bit EL0 Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-24 15:47 ` Catalin Marinas
2021-05-24 15:47 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 20/21] arm64: Remove logic to kill 32-bit tasks on 64-bit-only cores Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-24 15:47 ` Catalin Marinas
2021-05-24 15:47 ` Catalin Marinas
2021-05-18 9:47 ` [PATCH v6 21/21] Documentation: arm64: describe asymmetric 32-bit support Will Deacon
2021-05-18 9:47 ` Will Deacon
2021-05-21 17:37 ` Qais Yousef
2021-05-21 17:37 ` Qais Yousef
2021-05-24 21:46 ` Will Deacon
2021-05-24 21:46 ` Will Deacon
2021-05-24 16:22 ` Catalin Marinas
2021-05-24 16:22 ` Catalin Marinas
2021-05-21 17:45 ` [PATCH v6 00/21] Add support for 32-bit tasks on asymmetric AArch32 systems Qais Yousef
2021-05-21 17:45 ` Qais Yousef
2021-05-24 22:08 ` Will Deacon
2021-05-24 22:08 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210518094725.7701-5-will@kernel.org \
--to=will@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hannes@cmpxchg.org \
--cc=juri.lelli@redhat.com \
--cc=kernel-team@android.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=morten.rasmussen@arm.com \
--cc=peterz@infradead.org \
--cc=qais.yousef@arm.com \
--cc=qperret@google.com \
--cc=rjw@rjwysocki.net \
--cc=surenb@google.com \
--cc=tj@kernel.org \
--cc=vincent.guittot@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.