linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
	Will Deacon <will@kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Marc Zyngier <maz@kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Morten Rasmussen <morten.rasmussen@arm.com>,
	Qais Yousef <qais.yousef@arm.com>,
	Suren Baghdasaryan <surenb@google.com>,
	Quentin Perret <qperret@google.com>, Tejun Heo <tj@kernel.org>,
	Li Zefan <lizefan@huawei.com>,
	Johannes Weiner <hannes@cmpxchg.org>,
	Ingo Molnar <mingo@redhat.com>,
	Juri Lelli <juri.lelli@redhat.com>,
	Vincent Guittot <vincent.guittot@linaro.org>,
	kernel-team@android.com
Subject: [PATCH v3 04/14] arm64: Kill 32-bit applications scheduled on 64-bit-only CPUs
Date: Fri, 13 Nov 2020 09:37:09 +0000	[thread overview]
Message-ID: <20201113093720.21106-5-will@kernel.org> (raw)
In-Reply-To: <20201113093720.21106-1-will@kernel.org>

Scheduling a 32-bit application on a 64-bit-only CPU is a bad idea.

Ensure that 32-bit applications always take the slow-path when returning
to userspace on a system with mismatched support at EL0, so that we can
avoid trying to run on a 64-bit-only CPU and force a SIGKILL instead.

Signed-off-by: Will Deacon <will@kernel.org>
---
 arch/arm64/kernel/process.c | 19 ++++++++++++++++++-
 arch/arm64/kernel/signal.c  | 26 ++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 4784011cecac..1540ab0fbf23 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -542,6 +542,15 @@ static void erratum_1418040_thread_switch(struct task_struct *prev,
 	write_sysreg(val, cntkctl_el1);
 }
 
+static void compat_thread_switch(struct task_struct *next)
+{
+	if (!is_compat_thread(task_thread_info(next)))
+		return;
+
+	if (static_branch_unlikely(&arm64_mismatched_32bit_el0))
+		set_tsk_thread_flag(next, TIF_NOTIFY_RESUME);
+}
+
 /*
  * Thread switching.
  */
@@ -558,6 +567,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
 	uao_thread_switch(next);
 	ssbs_thread_switch(next);
 	erratum_1418040_thread_switch(prev, next);
+	compat_thread_switch(next);
 
 	/*
 	 * Complete any pending TLB or cache maintenance on this CPU in case
@@ -620,8 +630,15 @@ unsigned long arch_align_stack(unsigned long sp)
  */
 void arch_setup_new_exec(void)
 {
-	current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0;
+	unsigned long mmflags = 0;
+
+	if (is_compat_task()) {
+		mmflags = MMCF_AARCH32;
+		if (static_branch_unlikely(&arm64_mismatched_32bit_el0))
+			set_tsk_thread_flag(current, TIF_NOTIFY_RESUME);
+	}
 
+	current->mm->context.flags = mmflags;
 	ptrauth_thread_init_user(current);
 
 	if (task_spec_ssb_noexec(current)) {
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index a8184cad8890..bcb6ca2d9a7c 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -911,6 +911,19 @@ static void do_signal(struct pt_regs *regs)
 	restore_saved_sigmask();
 }
 
+static bool cpu_affinity_invalid(struct pt_regs *regs)
+{
+	if (!compat_user_mode(regs))
+		return false;
+
+	/*
+	 * We're preemptible, but a reschedule will cause us to check the
+	 * affinity again.
+	 */
+	return !cpumask_test_cpu(raw_smp_processor_id(),
+				 system_32bit_el0_cpumask());
+}
+
 asmlinkage void do_notify_resume(struct pt_regs *regs,
 				 unsigned long thread_flags)
 {
@@ -948,6 +961,19 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
 			if (thread_flags & _TIF_NOTIFY_RESUME) {
 				tracehook_notify_resume(regs);
 				rseq_handle_notify_resume(NULL, regs);
+
+				/*
+				 * If we reschedule after checking the affinity
+				 * then we must ensure that TIF_NOTIFY_RESUME
+				 * is set so that we check the affinity again.
+				 * Since tracehook_notify_resume() clears the
+				 * flag, ensure that the compiler doesn't move
+				 * it after the affinity check.
+				 */
+				barrier();
+
+				if (cpu_affinity_invalid(regs))
+					force_sig(SIGKILL);
 			}
 
 			if (thread_flags & _TIF_FOREIGN_FPSTATE)
-- 
2.29.2.299.gdc1121823c-goog


  parent reply	other threads:[~2020-11-13  9:37 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-13  9:37 [PATCH v3 00/14] An alternative series for asymmetric AArch32 systems Will Deacon
2020-11-13  9:37 ` [PATCH v3 01/14] arm64: cpuinfo: Split AArch32 registers out into a separate struct Will Deacon
2020-11-13  9:37 ` [PATCH v3 02/14] arm64: Allow mismatched 32-bit EL0 support Will Deacon
2020-11-19 11:27   ` Valentin Schneider
2020-11-19 13:12     ` Will Deacon
2020-11-13  9:37 ` [PATCH v3 03/14] KVM: arm64: Kill 32-bit vCPUs on systems with mismatched " Will Deacon
2020-11-13  9:37 ` Will Deacon [this message]
2020-11-13  9:37 ` [PATCH v3 05/14] arm64: Advertise CPUs capable of running 32-bit applications in sysfs Will Deacon
2020-11-13  9:37 ` [PATCH v3 06/14] arm64: Hook up cmdline parameter to allow mismatched 32-bit EL0 Will Deacon
2020-11-13  9:37 ` [PATCH v3 07/14] sched: Introduce restrict_cpus_allowed_ptr() to limit task CPU affinity Will Deacon
2020-11-19  9:18   ` Quentin Perret
2020-11-19 11:03     ` Quentin Perret
2020-11-19 11:05     ` Will Deacon
2020-11-19 11:27       ` Valentin Schneider
2020-11-19 13:13         ` Will Deacon
2020-11-19 14:54           ` Valentin Schneider
2020-11-19 16:41             ` Will Deacon
2020-11-19 12:47   ` Valentin Schneider
2020-11-19 13:13     ` Will Deacon
2020-11-19 14:54       ` Valentin Schneider
2020-11-19 16:09       ` Peter Zijlstra
2020-11-19 16:57         ` Valentin Schneider
2020-11-19 19:25           ` Will Deacon
2020-11-13  9:37 ` [PATCH v3 08/14] arm64: exec: Adjust affinity for compat tasks with mismatched 32-bit EL0 Will Deacon
2020-11-19  9:24   ` Quentin Perret
2020-11-19 11:06     ` Will Deacon
2020-11-19 16:19       ` Peter Zijlstra
2020-11-19 16:30         ` Will Deacon
2020-11-19 16:44           ` Peter Zijlstra
2020-11-19 16:51             ` Will Deacon
2020-11-19 16:14   ` Peter Zijlstra
2020-11-19 16:28     ` Will Deacon
2020-11-19 16:42       ` Peter Zijlstra
2020-11-19 16:48         ` Will Deacon
2020-11-13  9:37 ` [PATCH v3 09/14] cpuset: Don't use the cpu_possible_mask as a last resort for cgroup v1 Will Deacon
2020-11-19  9:29   ` Quentin Perret
2020-11-19 11:06     ` Will Deacon
2020-11-13  9:37 ` [PATCH v3 10/14] sched: Introduce arch_cpu_allowed_mask() to limit fallback rq selection Will Deacon
2020-11-19  9:38   ` Quentin Perret
2020-11-19 11:07     ` Will Deacon
2020-11-19 20:39       ` Will Deacon
2020-11-23 14:48         ` Quentin Perret
2020-11-13  9:37 ` [PATCH v3 11/14] sched: Reject CPU affinity changes based on arch_cpu_allowed_mask() Will Deacon
2020-11-19  9:47   ` Quentin Perret
2020-11-19 11:07     ` Will Deacon
2020-11-19 14:30       ` Quentin Perret
2020-11-19 16:44         ` Will Deacon
2020-11-13  9:37 ` [PATCH v3 12/14] arm64: Prevent offlining first CPU with 32-bit EL0 on mismatched system Will Deacon
2020-11-13  9:37 ` [PATCH v3 13/14] arm64: Implement arch_cpu_allowed_mask() Will Deacon
2020-11-13  9:37 ` [PATCH v3 14/14] arm64: Remove logic to kill 32-bit tasks on 64-bit-only cores Will Deacon
2020-11-19 16:11 ` [PATCH v3 00/14] An alternative series for asymmetric AArch32 systems Peter Zijlstra
2020-11-19 16:39   ` Will Deacon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201113093720.21106-5-will@kernel.org \
    --to=will@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hannes@cmpxchg.org \
    --cc=juri.lelli@redhat.com \
    --cc=kernel-team@android.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizefan@huawei.com \
    --cc=maz@kernel.org \
    --cc=mingo@redhat.com \
    --cc=morten.rasmussen@arm.com \
    --cc=peterz@infradead.org \
    --cc=qais.yousef@arm.com \
    --cc=qperret@google.com \
    --cc=surenb@google.com \
    --cc=tj@kernel.org \
    --cc=vincent.guittot@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).