From: Haren Myneni <haren@linux.ibm.com>
To: mpe@ellerman.id.au
Cc: mikey@neuling.org, ajd@linux.ibm.com, frederic.barrat@fr.ibm.com,
linux-kernel@vger.kernel.org, npiggin@gmail.com,
hch@infradead.org, oohall@gmail.com, clg@kaod.org,
herbert@gondor.apana.org.au, sukadev@linux.vnet.ibm.com,
linuxppc-dev@lists.ozlabs.org, srikar@linux.vnet.ibm.com
Subject: [PATCH v10 14/14] powerpc: Use mm_context vas_windows counter to issue CP_ABORT
Date: Tue, 14 Apr 2020 00:54:26 -0700 [thread overview]
Message-ID: <1586850866.2275.1013.camel@hbabu-laptop> (raw)
In-Reply-To: <1585812024.2275.68.camel@hbabu-laptop>
(Thanks Michael for your review. Here is the updated patch with your
comments and from Nick - Moved mm_context_add/remove_coproc() to
add/remove_vas_window())
>From 521f86710f3605dc575f13634fd7520087993ffb Mon Sep 17 00:00:00 2001
From: Haren Myneni <haren@us.ibm.com>
Date: Wed, 1 Apr 2020 23:12:12 -0500
Subject: [PATCH] powerpc: Use mm_context vas_windows counter to issue CP_ABORT
set_thread_uses_vas() sets used_vas flag for a process that opened VAS
window and issue CP_ABORT during context switch for only that process.
In multi-thread application, windows can be shared. For example Thread
A can open a window and Thread B can run COPY/PASTE instructions to
send NX request which may cause corruption or snooping or a covert
channel Also once this flag is set, continue to run CP_ABORT even the
VAS window is closed.
So define vas-windows counter in process mm_context, increment this
counter for each window open and decrement it for window close. If
vas-windows is set, issue CP_ABORT during context switch. It means
clear the foreign real address mapping only if the process / thread
uses COPY/PASTE. Then disable it for that process if windows are not
open.
Moved set_thread_uses_vas() code to vas_tx_win_open() as this
functionality is needed only for userspace open windows. We are adding
VAS userspace support along with this fix. So no need to include this
fix in stable releases.
Fixes: 9d2a4d71332c ("powerpc: Define set_thread_uses_vas()")
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
Reported-by: Nicholas Piggin <npiggin@gmail.com>
Suggested-by: Milton Miller <miltonm@us.ibm.com>
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
---
arch/powerpc/include/asm/book3s/64/mmu.h | 3 +++
arch/powerpc/include/asm/mmu_context.h | 30 +++++++++++++++++++++++++++++
arch/powerpc/include/asm/processor.h | 1 -
arch/powerpc/include/asm/switch_to.h | 2 --
arch/powerpc/kernel/process.c | 24 ++---------------------
arch/powerpc/platforms/powernv/vas-window.c | 22 ++++++++++++---------
6 files changed, 48 insertions(+), 34 deletions(-)
diff --git a/arch/powerpc/include/asm/book3s/64/mmu.h b/arch/powerpc/include/asm/book3s/64/mmu.h
index bb3deb7..f0a9ff6 100644
--- a/arch/powerpc/include/asm/book3s/64/mmu.h
+++ b/arch/powerpc/include/asm/book3s/64/mmu.h
@@ -116,6 +116,9 @@ struct patb_entry {
/* Number of users of the external (Nest) MMU */
atomic_t copros;
+ /* Number of user space windows opened in process mm_context */
+ atomic_t vas_windows;
+
struct hash_mm_context *hash_context;
unsigned long vdso_base;
diff --git a/arch/powerpc/include/asm/mmu_context.h b/arch/powerpc/include/asm/mmu_context.h
index 360367c..1a474f6b 100644
--- a/arch/powerpc/include/asm/mmu_context.h
+++ b/arch/powerpc/include/asm/mmu_context.h
@@ -185,11 +185,41 @@ static inline void mm_context_remove_copro(struct mm_struct *mm)
dec_mm_active_cpus(mm);
}
}
+
+/*
+ * vas_windows counter shows number of open windows in the mm
+ * context. During context switch, use this counter to clear the
+ * foreign real address mapping (CP_ABORT) for the thread / process
+ * that intend to use COPY/PASTE. When a process closes all windows,
+ * disable CP_ABORT which is expensive to run.
+ *
+ * For user context, register a copro so that TLBIs are seen by the
+ * nest MMU. mm_context_add/remove_vas_window() are used only for user
+ * space windows.
+ */
+static inline void mm_context_add_vas_window(struct mm_struct *mm)
+{
+ atomic_inc(&mm->context.vas_windows);
+ mm_context_add_copro(mm);
+}
+
+static inline void mm_context_remove_vas_window(struct mm_struct *mm)
+{
+ int v;
+
+ mm_context_remove_copro(mm);
+ v = atomic_dec_if_positive(&mm->context.vas_windows);
+
+ /* Detect imbalance between add and remove */
+ WARN_ON(v < 0);
+}
#else
static inline void inc_mm_active_cpus(struct mm_struct *mm) { }
static inline void dec_mm_active_cpus(struct mm_struct *mm) { }
static inline void mm_context_add_copro(struct mm_struct *mm) { }
static inline void mm_context_remove_copro(struct mm_struct *mm) { }
+static inline void mm_context_add_vas_windows(struct mm_struct *mm) { }
+static inline void mm_context_remove_vas_windows(struct mm_struct *mm) { }
#endif
diff --git a/arch/powerpc/include/asm/processor.h b/arch/powerpc/include/asm/processor.h
index eedcbfb..bfa336f 100644
--- a/arch/powerpc/include/asm/processor.h
+++ b/arch/powerpc/include/asm/processor.h
@@ -272,7 +272,6 @@ struct thread_struct {
unsigned mmcr0;
unsigned used_ebb;
- unsigned int used_vas;
#endif
};
diff --git a/arch/powerpc/include/asm/switch_to.h b/arch/powerpc/include/asm/switch_to.h
index 5b03d8a..012db9a 100644
--- a/arch/powerpc/include/asm/switch_to.h
+++ b/arch/powerpc/include/asm/switch_to.h
@@ -91,8 +91,6 @@ static inline void clear_task_ebb(struct task_struct *t)
#endif
}
-extern int set_thread_uses_vas(void);
-
extern int set_thread_tidr(struct task_struct *t);
#endif /* _ASM_POWERPC_SWITCH_TO_H */
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index fad50db..ed3f645 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -1221,7 +1221,8 @@ struct task_struct *__switch_to(struct task_struct *prev,
* mappings, we must issue a cp_abort to clear any state and
* prevent snooping, corruption or a covert channel.
*/
- if (current->thread.used_vas)
+ if (current->mm &&
+ atomic_read(¤t->mm->context.vas_windows))
asm volatile(PPC_CP_ABORT);
}
#endif /* CONFIG_PPC_BOOK3S_64 */
@@ -1460,27 +1461,6 @@ void arch_setup_new_exec(void)
}
#endif
-int set_thread_uses_vas(void)
-{
-#ifdef CONFIG_PPC_BOOK3S_64
- if (!cpu_has_feature(CPU_FTR_ARCH_300))
- return -EINVAL;
-
- current->thread.used_vas = 1;
-
- /*
- * Even a process that has no foreign real address mapping can use
- * an unpaired COPY instruction (to no real effect). Issue CP_ABORT
- * to clear any pending COPY and prevent a covert channel.
- *
- * __switch_to() will issue CP_ABORT on future context switches.
- */
- asm volatile(PPC_CP_ABORT);
-
-#endif /* CONFIG_PPC_BOOK3S_64 */
- return 0;
-}
-
#ifdef CONFIG_PPC64
/**
* Assign a TIDR (thread ID) for task @t and set it in the thread
diff --git a/arch/powerpc/platforms/powernv/vas-window.c b/arch/powerpc/platforms/powernv/vas-window.c
index 3ffad5a..4085fd6 100644
--- a/arch/powerpc/platforms/powernv/vas-window.c
+++ b/arch/powerpc/platforms/powernv/vas-window.c
@@ -1058,13 +1058,6 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop,
rc = -ENODEV;
goto free_window;
}
- /*
- * A user mapping must ensure that context switch issues
- * CP_ABORT for this thread.
- */
- rc = set_thread_uses_vas();
- if (rc)
- goto free_window;
/*
* Window opened by a child thread may not be closed when
@@ -1090,7 +1083,7 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop,
mmgrab(txwin->mm);
mmput(txwin->mm);
- mm_context_add_copro(txwin->mm);
+ mm_context_add_vas_window(txwin->mm);
/*
* Process closes window during exit. In the case of
* multithread application, the child thread can open
@@ -1099,6 +1092,17 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop,
* to take pid reference for parent thread.
*/
txwin->tgid = find_get_pid(task_tgid_vnr(current));
+ /*
+ * Even a process that has no foreign real address mapping can
+ * use an unpaired COPY instruction (to no real effect). Issue
+ * CP_ABORT to clear any pending COPY and prevent a covert
+ * channel.
+ *
+ * __switch_to() will issue CP_ABORT on future context switches
+ * if process / thread has any open VAS window (Use
+ * current->mm->context.vas_windows).
+ */
+ asm volatile(PPC_CP_ABORT);
}
set_vinst_win(vinst, txwin);
@@ -1332,7 +1336,7 @@ int vas_win_close(struct vas_window *window)
/* Drop references to pid and mm */
put_pid(window->pid);
if (window->mm) {
- mm_context_remove_copro(window->mm);
+ mm_context_remove_vas_window(window->mm);
mmdrop(window->mm);
}
}
--
1.8.3.1
next prev parent reply other threads:[~2020-04-14 7:56 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 7:00 [PATCH v10 00/14] powerpc/vas: Page fault handling for user space NX requests Haren Myneni
2020-04-02 7:09 ` [PATCH v10 01/14] powerpc/xive: Define xive_native_alloc_irq_on_chip() Haren Myneni
2020-04-02 7:09 ` [PATCH v10 02/14] powerpc/vas: Define nx_fault_stamp in coprocessor_request_block Haren Myneni
2020-04-02 7:10 ` [PATCH v10 03/14] powerpc/vas: Alloc and setup IRQ and trigger port address Haren Myneni
2020-04-02 8:08 ` Cédric Le Goater
2020-04-02 7:11 ` [PATCH v10 04/14] powerpc/vas: Setup fault window per VAS instance Haren Myneni
2020-04-02 7:11 ` [PATCH v10 05/14] powerpc/vas: Register NX with fault window ID and IRQ port value Haren Myneni
2020-04-02 7:13 ` [PATCH v10 06/14] powerpc/vas: Take reference to PID and mm for user space windows Haren Myneni
2020-04-02 7:13 ` [PATCH v10 07/14] powerpc/vas: Setup thread IRQ handler per VAS instance Haren Myneni
2020-04-02 7:14 ` [PATCH v10 08/14] powerpc/vas: Update CSB and notify process for fault CRBs Haren Myneni
2020-04-02 7:15 ` [PATCH v10 09/14] powerpc/vas: Return credits after handling fault Haren Myneni
2020-04-02 7:16 ` [PATCH v10 10/14] powerpc/vas: Print CRB and FIFO values Haren Myneni
2020-04-02 7:17 ` [PATCH v10 11/14] powerpc/vas: Do not use default credits for receive window Haren Myneni
2020-04-02 7:18 ` [PATCH v10 12/14] powerpc/vas: Display process stuck message Haren Myneni
2020-04-02 7:19 ` [PATCH v10 13/14] powerpc/vas: Free send window in VAS instance after credits returned Haren Myneni
2020-04-02 7:20 ` [PATCH v10 14/14] powerpc: Use mm_context vas_windows counter to issue CP_ABORT Haren Myneni
2020-04-11 10:28 ` Michael Ellerman
2020-04-14 7:54 ` Haren Myneni [this message]
2020-04-03 8:19 ` [PATCH v10 00/14] powerpc/vas: Page fault handling for user space NX requests Cédric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1586850866.2275.1013.camel@hbabu-laptop \
--to=haren@linux.ibm.com \
--cc=ajd@linux.ibm.com \
--cc=clg@kaod.org \
--cc=frederic.barrat@fr.ibm.com \
--cc=hch@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mikey@neuling.org \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=oohall@gmail.com \
--cc=srikar@linux.vnet.ibm.com \
--cc=sukadev@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).