From: Peter Zijlstra <peterz@infradead.org>
To: Julien Thierry <julien.thierry@arm.com>
Cc: catalin.marinas@arm.com, will.deacon@arm.com,
linux-kernel@vger.kernel.org, valentin.schneider@arm.com,
mingo@redhat.com, james.morse@arm.com, hpa@zytor.com,
Ingo Molnar <mingo@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region
Date: Wed, 13 Feb 2019 14:20:16 +0100 [thread overview]
Message-ID: <20190213132016.GO32534@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20190213131720.GU32494@hirez.programming.kicks-ass.net>
On Wed, Feb 13, 2019 at 02:17:20PM +0100, Peter Zijlstra wrote:
> On Wed, Feb 13, 2019 at 10:50:21AM +0000, Julien Thierry wrote:
> > On 13/02/2019 10:35, Peter Zijlstra wrote:
> > > On Tue, Feb 12, 2019 at 09:15:13AM +0000, Julien Thierry wrote:
> > >
> > >>>>> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> > >>>>> index a674c7db..b1bb7e9 100644
> > >>>>> --- a/kernel/sched/core.c
> > >>>>> +++ b/kernel/sched/core.c
> > >>>>> @@ -3289,6 +3289,14 @@ static inline void schedule_debug(struct task_struct *prev)
> > >>>>> __schedule_bug(prev);
> > >>>>> preempt_count_set(PREEMPT_DISABLED);
> > >>>>> }
> > >>>>> +
> > >>>>> + if (IS_ENABLED(CONFIG_DEBUG_UACCESS_SLEEP) &&
> > >>>>> + unlikely(unsafe_user_region_active())) {
> > >>>>> + printk(KERN_ERR "BUG: scheduling while user_access enabled: %s/%d/0x%08x\n",
> > >>>>> + prev->comm, prev->pid, preempt_count());
> > >>>>> + dump_stack();
> > >>>>> + }
> > >>>>> +
> > >>>>> rcu_sleep_check();
> > >>>>>
> > >>>>> profile_hit(SCHED_PROFILING, __builtin_return_address(0));
> > >
> > >> I guess I'll drop the might_resched() part of this patch if that sounds
> > >> alright.
> > >
> > > I'm still confused by the schedule_debug() part. How is that not broken?
> >
> > Hmmm, I am not exactly sure which part you expect to be broken, I guess
> > it's because of the nature of the uaccess unsafe accessor usage.
> >
> > Basically, the following is a definite no:
> > if (user_access_begin(ptr, size)) {
> >
> > [...]
> >
> > //something that calls schedule
> >
> > [...]
> >
> > user_access_end();
> > }
> >
> >
> > However the following is fine:
> >
> > - user_access_begin(ptr, size)
> > - taking irq/exception
> > - get preempted
>
> This; how is getting preempted fundamentally different from scheduling
> ourselves?
This is also the thing that PREEMPT_VOLUNTARY hinges on; it inserts
'random' reschedule points through might_sleep() and cond_resched().
If you're preemptible; you must be able to schedule and vice-versa.
You're breaking that.
> > - get resumed at some point in time
> > - restore state + eret
> > - user_access_end()
> >
> > That's because exceptions/irq implicitly "suspend" the user access
> > region. (That's what I'm trying to clarify with the comment)
> > So, unsafe_user_region_active() should return false in a irq/exception
> > context.
> >
> > Is this what you were concerned about? Or there still something that
> > might be broken?
>
> I really hate the asymetry introduced between preemptible and being able
> to schedule. Both end up calling __schedule() and there really should
> not be a difference.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-02-13 13:20 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 13:58 [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Julien Thierry
2019-01-15 13:58 ` [PATCH v3 1/4] arm64: uaccess: Cleanup get/put_user() Julien Thierry
2019-01-15 13:58 ` [PATCH v3 2/4] arm64: uaccess: Implement unsafe accessors Julien Thierry
2019-01-15 13:58 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Julien Thierry
2019-01-30 16:58 ` Valentin Schneider
2019-02-04 13:27 ` Julien Thierry
2019-02-11 13:45 ` Ingo Molnar
2019-02-11 13:51 ` Peter Zijlstra
2019-02-12 9:15 ` Julien Thierry
2019-02-13 8:21 ` Ingo Molnar
2019-02-13 10:35 ` Peter Zijlstra
2019-02-13 10:50 ` Julien Thierry
2019-02-13 13:17 ` Peter Zijlstra
2019-02-13 13:20 ` Peter Zijlstra [this message]
2019-02-13 14:00 ` Will Deacon
2019-02-13 14:07 ` Julien Thierry
2019-02-13 14:17 ` Peter Zijlstra
2019-02-13 14:24 ` Julien Thierry
2019-02-13 14:40 ` Peter Zijlstra
2019-02-13 15:08 ` Peter Zijlstra
2019-02-13 14:25 ` Peter Zijlstra
2019-02-13 14:39 ` Julien Thierry
2019-02-13 14:41 ` Peter Zijlstra
2019-02-13 15:45 ` Peter Zijlstra
2019-02-13 18:54 ` Peter Zijlstra
[not found] ` <D61C430D-4321-4114-AB85-671A3C7B8EAE@amacapital.net>
2019-02-13 22:21 ` Peter Zijlstra
2019-02-13 22:49 ` Andy Lutomirski
2019-02-14 10:14 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Peter Zijlstra
2019-02-14 16:18 ` Brian Gerst
2019-02-14 19:34 ` Peter Zijlstra
2019-02-15 14:34 ` Brian Gerst
2019-02-15 17:18 ` Linus Torvalds
2019-02-15 17:40 ` Peter Zijlstra
2019-02-15 18:28 ` Andy Lutomirski
2019-02-15 23:34 ` Peter Zijlstra
2019-02-16 0:21 ` Linus Torvalds
2019-02-16 10:32 ` Peter Zijlstra
2019-02-16 4:06 ` hpa
2019-02-16 10:30 ` Peter Zijlstra
2019-02-18 22:30 ` H. Peter Anvin
2019-02-19 0:24 ` Linus Torvalds
2019-02-19 2:20 ` Andy Lutomirski
2019-02-19 2:46 ` H. Peter Anvin
2019-02-19 9:07 ` Julien Thierry
2019-02-19 8:53 ` Julien Thierry
2019-02-19 9:15 ` Peter Zijlstra
2019-02-19 9:19 ` Peter Zijlstra
2019-02-19 9:04 ` Peter Zijlstra
2019-02-19 9:21 ` hpa
2019-02-19 9:44 ` Peter Zijlstra
2019-02-19 11:38 ` Thomas Gleixner
2019-02-19 11:58 ` Peter Zijlstra
2019-02-19 12:48 ` Will Deacon
2019-02-20 22:55 ` H. Peter Anvin
2019-02-21 12:06 ` Julien Thierry
2019-02-21 21:35 ` Thomas Gleixner
2019-02-21 22:08 ` Linus Torvalds
2019-02-22 12:58 ` Peter Zijlstra
2019-02-22 18:10 ` Thomas Gleixner
2019-02-22 22:26 ` [RFC][PATCH] objtool: STAC/CLAC validation Peter Zijlstra
2019-02-22 23:34 ` Linus Torvalds
2019-02-23 8:43 ` Peter Zijlstra
2019-02-22 23:39 ` hpa
2019-02-23 8:39 ` Peter Zijlstra
2019-02-25 8:47 ` hpa
2019-02-25 13:21 ` Peter Zijlstra
2019-03-01 15:07 ` Peter Zijlstra
2019-02-25 8:49 ` hpa
2019-02-22 23:55 ` Andy Lutomirski
2019-02-23 8:37 ` Peter Zijlstra
2019-02-23 10:52 ` Peter Zijlstra
2019-02-25 10:51 ` Peter Zijlstra
2019-02-25 11:53 ` Peter Zijlstra
2019-02-25 15:36 ` Andy Lutomirski
2019-02-23 0:34 ` Andy Lutomirski
2019-02-23 1:12 ` Linus Torvalds
2019-02-23 1:16 ` Andy Lutomirski
2019-02-23 1:33 ` Linus Torvalds
2019-02-23 1:40 ` Linus Torvalds
2019-02-25 8:33 ` Julien Thierry
2019-02-25 11:55 ` Peter Zijlstra
2019-02-21 12:46 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Will Deacon
2019-02-21 22:06 ` Andy Lutomirski
2019-02-18 9:03 ` [PATCH v2] " Peter Zijlstra
2019-02-13 23:19 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Linus Torvalds
2019-01-15 13:58 ` [PATCH v3 4/4] arm64: uaccess: Implement user_access_region_active Julien Thierry
2019-01-25 14:27 ` [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Catalin Marinas
2019-01-30 16:17 ` Julien Thierry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213132016.GO32534@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=catalin.marinas@arm.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=valentin.schneider@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).