From: Ingo Molnar <mingo@kernel.org>
To: Julien Thierry <julien.thierry@arm.com>
Cc: peterz@infradead.org, catalin.marinas@arm.com,
will.deacon@arm.com, linux-kernel@vger.kernel.org,
mingo@redhat.com, james.morse@arm.com, hpa@zytor.com,
valentin.schneider@arm.com, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region
Date: Mon, 11 Feb 2019 14:45:27 +0100 [thread overview]
Message-ID: <20190211134527.GA121589@gmail.com> (raw)
In-Reply-To: <1547560709-56207-4-git-send-email-julien.thierry@arm.com>
* Julien Thierry <julien.thierry@arm.com> wrote:
> While running a user_access regions, it is not supported to reschedule.
> Add an overridable primitive to indicate whether a user_access region is
> active and check that this is not the case when calling rescheduling
> functions.
>
> These checks are only performed when DEBUG_UACCESS_SLEEP is selected.
>
> Also, add a comment clarifying the behaviour of user_access regions.
>
> Signed-off-by: Julien Thierry <julien.thierry@arm.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
>
> ---
> include/linux/kernel.h | 11 +++++++++--
> include/linux/uaccess.h | 13 +++++++++++++
> kernel/sched/core.c | 22 ++++++++++++++++++++++
> lib/Kconfig.debug | 8 ++++++++
> 4 files changed, 52 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 8f0e68e..73f1f82 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -237,11 +237,18 @@
> struct pt_regs;
> struct user;
>
> +#ifdef CONFIG_DEBUG_UACCESS_SLEEP
> +extern void __might_resched(const char *file, int line);
> +#else
> +#define __might_resched(file, line) do { } while (0)
> +#endif
> +
> #ifdef CONFIG_PREEMPT_VOLUNTARY
> extern int _cond_resched(void);
> -# define might_resched() _cond_resched()
> +# define might_resched() \
> + do { __might_resched(__FILE__, __LINE__); _cond_resched(); } while (0)
> #else
> -# define might_resched() do { } while (0)
> +# define might_resched() __might_resched(__FILE__, __LINE__)
> #endif
>
> #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 37b226e..2c0c39e 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -263,6 +263,15 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
> #define probe_kernel_address(addr, retval) \
> probe_kernel_read(&retval, addr, sizeof(retval))
>
> +/*
> + * user_access_begin() and user_access_end() define a region where
> + * unsafe user accessors can be used. Exceptions and interrupt shall exit the
> + * user_access region and re-enter it when returning to the interrupted context.
> + *
> + * No sleeping function should get called during a user_access region - we rely
> + * on exception handling to take care of the user_access status for us, but that
> + * doesn't happen when directly calling schedule().
> + */
> #ifndef user_access_begin
> #define user_access_begin(ptr,len) access_ok(ptr, len)
> #define user_access_end() do { } while (0)
> @@ -270,6 +279,10 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
> #define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0)
> #endif
>
> +#ifndef unsafe_user_region_active
> +#define unsafe_user_region_active() false
> +#endif
> +
> #ifdef CONFIG_HARDENED_USERCOPY
> void usercopy_warn(const char *name, const char *detail, bool to_user,
> unsigned long offset, unsigned long len);
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index a674c7db..b1bb7e9 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -3289,6 +3289,14 @@ static inline void schedule_debug(struct task_struct *prev)
> __schedule_bug(prev);
> preempt_count_set(PREEMPT_DISABLED);
> }
> +
> + if (IS_ENABLED(CONFIG_DEBUG_UACCESS_SLEEP) &&
> + unlikely(unsafe_user_region_active())) {
> + printk(KERN_ERR "BUG: scheduling while user_access enabled: %s/%d/0x%08x\n",
> + prev->comm, prev->pid, preempt_count());
> + dump_stack();
> + }
> +
> rcu_sleep_check();
>
> profile_hit(SCHED_PROFILING, __builtin_return_address(0));
> @@ -6151,6 +6159,20 @@ void ___might_sleep(const char *file, int line, int preempt_offset)
> EXPORT_SYMBOL(___might_sleep);
> #endif
>
> +#ifdef CONFIG_DEBUG_UACCESS_SLEEP
> +void __might_resched(const char *file, int line)
> +{
> + if (!unsafe_user_region_active())
> + return;
Could you please more clearly explain why you want/need an exception from
the __might_resched() debug warning?
Thanks,
Ingo
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-02-11 13:45 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 13:58 [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Julien Thierry
2019-01-15 13:58 ` [PATCH v3 1/4] arm64: uaccess: Cleanup get/put_user() Julien Thierry
2019-01-15 13:58 ` [PATCH v3 2/4] arm64: uaccess: Implement unsafe accessors Julien Thierry
2019-01-15 13:58 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Julien Thierry
2019-01-30 16:58 ` Valentin Schneider
2019-02-04 13:27 ` Julien Thierry
2019-02-11 13:45 ` Ingo Molnar [this message]
2019-02-11 13:51 ` Peter Zijlstra
2019-02-12 9:15 ` Julien Thierry
2019-02-13 8:21 ` Ingo Molnar
2019-02-13 10:35 ` Peter Zijlstra
2019-02-13 10:50 ` Julien Thierry
2019-02-13 13:17 ` Peter Zijlstra
2019-02-13 13:20 ` Peter Zijlstra
2019-02-13 14:00 ` Will Deacon
2019-02-13 14:07 ` Julien Thierry
2019-02-13 14:17 ` Peter Zijlstra
2019-02-13 14:24 ` Julien Thierry
2019-02-13 14:40 ` Peter Zijlstra
2019-02-13 15:08 ` Peter Zijlstra
2019-02-13 14:25 ` Peter Zijlstra
2019-02-13 14:39 ` Julien Thierry
2019-02-13 14:41 ` Peter Zijlstra
2019-02-13 15:45 ` Peter Zijlstra
2019-02-13 18:54 ` Peter Zijlstra
[not found] ` <D61C430D-4321-4114-AB85-671A3C7B8EAE@amacapital.net>
2019-02-13 22:21 ` Peter Zijlstra
2019-02-13 22:49 ` Andy Lutomirski
2019-02-14 10:14 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Peter Zijlstra
2019-02-14 16:18 ` Brian Gerst
2019-02-14 19:34 ` Peter Zijlstra
2019-02-15 14:34 ` Brian Gerst
2019-02-15 17:18 ` Linus Torvalds
2019-02-15 17:40 ` Peter Zijlstra
2019-02-15 18:28 ` Andy Lutomirski
2019-02-15 23:34 ` Peter Zijlstra
2019-02-16 0:21 ` Linus Torvalds
2019-02-16 10:32 ` Peter Zijlstra
2019-02-16 4:06 ` hpa
2019-02-16 10:30 ` Peter Zijlstra
2019-02-18 22:30 ` H. Peter Anvin
2019-02-19 0:24 ` Linus Torvalds
2019-02-19 2:20 ` Andy Lutomirski
2019-02-19 2:46 ` H. Peter Anvin
2019-02-19 9:07 ` Julien Thierry
2019-02-19 8:53 ` Julien Thierry
2019-02-19 9:15 ` Peter Zijlstra
2019-02-19 9:19 ` Peter Zijlstra
2019-02-19 9:04 ` Peter Zijlstra
2019-02-19 9:21 ` hpa
2019-02-19 9:44 ` Peter Zijlstra
2019-02-19 11:38 ` Thomas Gleixner
2019-02-19 11:58 ` Peter Zijlstra
2019-02-19 12:48 ` Will Deacon
2019-02-20 22:55 ` H. Peter Anvin
2019-02-21 12:06 ` Julien Thierry
2019-02-21 21:35 ` Thomas Gleixner
2019-02-21 22:08 ` Linus Torvalds
2019-02-22 12:58 ` Peter Zijlstra
2019-02-22 18:10 ` Thomas Gleixner
2019-02-22 22:26 ` [RFC][PATCH] objtool: STAC/CLAC validation Peter Zijlstra
2019-02-22 23:34 ` Linus Torvalds
2019-02-23 8:43 ` Peter Zijlstra
2019-02-22 23:39 ` hpa
2019-02-23 8:39 ` Peter Zijlstra
2019-02-25 8:47 ` hpa
2019-02-25 13:21 ` Peter Zijlstra
2019-03-01 15:07 ` Peter Zijlstra
2019-02-25 8:49 ` hpa
2019-02-22 23:55 ` Andy Lutomirski
2019-02-23 8:37 ` Peter Zijlstra
2019-02-23 10:52 ` Peter Zijlstra
2019-02-25 10:51 ` Peter Zijlstra
2019-02-25 11:53 ` Peter Zijlstra
2019-02-25 15:36 ` Andy Lutomirski
2019-02-23 0:34 ` Andy Lutomirski
2019-02-23 1:12 ` Linus Torvalds
2019-02-23 1:16 ` Andy Lutomirski
2019-02-23 1:33 ` Linus Torvalds
2019-02-23 1:40 ` Linus Torvalds
2019-02-25 8:33 ` Julien Thierry
2019-02-25 11:55 ` Peter Zijlstra
2019-02-21 12:46 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Will Deacon
2019-02-21 22:06 ` Andy Lutomirski
2019-02-18 9:03 ` [PATCH v2] " Peter Zijlstra
2019-02-13 23:19 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Linus Torvalds
2019-01-15 13:58 ` [PATCH v3 4/4] arm64: uaccess: Implement user_access_region_active Julien Thierry
2019-01-25 14:27 ` [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Catalin Marinas
2019-01-30 16:17 ` Julien Thierry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190211134527.GA121589@gmail.com \
--to=mingo@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=valentin.schneider@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).