From: Ingo Molnar <mingo@kernel.org>
To: Julien Thierry <julien.thierry@arm.com>
Cc: peterz@infradead.org, catalin.marinas@arm.com,
will.deacon@arm.com, linux-kernel@vger.kernel.org,
mingo@redhat.com, james.morse@arm.com, hpa@zytor.com,
valentin.schneider@arm.com, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region
Date: Mon, 11 Feb 2019 14:45:27 +0100 [thread overview]
Message-ID: <20190211134527.GA121589@gmail.com> (raw)
In-Reply-To: <1547560709-56207-4-git-send-email-julien.thierry@arm.com>
* Julien Thierry <julien.thierry@arm.com> wrote:
> While running a user_access regions, it is not supported to reschedule.
> Add an overridable primitive to indicate whether a user_access region is
> active and check that this is not the case when calling rescheduling
> functions.
>
> These checks are only performed when DEBUG_UACCESS_SLEEP is selected.
>
> Also, add a comment clarifying the behaviour of user_access regions.
>
> Signed-off-by: Julien Thierry <julien.thierry@arm.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
>
> ---
> include/linux/kernel.h | 11 +++++++++--
> include/linux/uaccess.h | 13 +++++++++++++
> kernel/sched/core.c | 22 ++++++++++++++++++++++
> lib/Kconfig.debug | 8 ++++++++
> 4 files changed, 52 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 8f0e68e..73f1f82 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -237,11 +237,18 @@
> struct pt_regs;
> struct user;
>
> +#ifdef CONFIG_DEBUG_UACCESS_SLEEP
> +extern void __might_resched(const char *file, int line);
> +#else
> +#define __might_resched(file, line) do { } while (0)
> +#endif
> +
> #ifdef CONFIG_PREEMPT_VOLUNTARY
> extern int _cond_resched(void);
> -# define might_resched() _cond_resched()
> +# define might_resched() \
> + do { __might_resched(__FILE__, __LINE__); _cond_resched(); } while (0)
> #else
> -# define might_resched() do { } while (0)
> +# define might_resched() __might_resched(__FILE__, __LINE__)
> #endif
>
> #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 37b226e..2c0c39e 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -263,6 +263,15 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
> #define probe_kernel_address(addr, retval) \
> probe_kernel_read(&retval, addr, sizeof(retval))
>
> +/*
> + * user_access_begin() and user_access_end() define a region where
> + * unsafe user accessors can be used. Exceptions and interrupt shall exit the
> + * user_access region and re-enter it when returning to the interrupted context.
> + *
> + * No sleeping function should get called during a user_access region - we rely
> + * on exception handling to take care of the user_access status for us, but that
> + * doesn't happen when directly calling schedule().
> + */
> #ifndef user_access_begin
> #define user_access_begin(ptr,len) access_ok(ptr, len)
> #define user_access_end() do { } while (0)
> @@ -270,6 +279,10 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
> #define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0)
> #endif
>
> +#ifndef unsafe_user_region_active
> +#define unsafe_user_region_active() false
> +#endif
> +
> #ifdef CONFIG_HARDENED_USERCOPY
> void usercopy_warn(const char *name, const char *detail, bool to_user,
> unsigned long offset, unsigned long len);
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index a674c7db..b1bb7e9 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -3289,6 +3289,14 @@ static inline void schedule_debug(struct task_struct *prev)
> __schedule_bug(prev);
> preempt_count_set(PREEMPT_DISABLED);
> }
> +
> + if (IS_ENABLED(CONFIG_DEBUG_UACCESS_SLEEP) &&
> + unlikely(unsafe_user_region_active())) {
> + printk(KERN_ERR "BUG: scheduling while user_access enabled: %s/%d/0x%08x\n",
> + prev->comm, prev->pid, preempt_count());
> + dump_stack();
> + }
> +
> rcu_sleep_check();
>
> profile_hit(SCHED_PROFILING, __builtin_return_address(0));
> @@ -6151,6 +6159,20 @@ void ___might_sleep(const char *file, int line, int preempt_offset)
> EXPORT_SYMBOL(___might_sleep);
> #endif
>
> +#ifdef CONFIG_DEBUG_UACCESS_SLEEP
> +void __might_resched(const char *file, int line)
> +{
> + if (!unsafe_user_region_active())
> + return;
Could you please more clearly explain why you want/need an exception from
the __might_resched() debug warning?
Thanks,
Ingo
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Julien Thierry <julien.thierry@arm.com>
Cc: linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, mingo@redhat.com,
peterz@infradead.org, catalin.marinas@arm.com,
will.deacon@arm.com, james.morse@arm.com, hpa@zytor.com,
valentin.schneider@arm.com
Subject: Re: [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region
Date: Mon, 11 Feb 2019 14:45:27 +0100 [thread overview]
Message-ID: <20190211134527.GA121589@gmail.com> (raw)
In-Reply-To: <1547560709-56207-4-git-send-email-julien.thierry@arm.com>
* Julien Thierry <julien.thierry@arm.com> wrote:
> While running a user_access regions, it is not supported to reschedule.
> Add an overridable primitive to indicate whether a user_access region is
> active and check that this is not the case when calling rescheduling
> functions.
>
> These checks are only performed when DEBUG_UACCESS_SLEEP is selected.
>
> Also, add a comment clarifying the behaviour of user_access regions.
>
> Signed-off-by: Julien Thierry <julien.thierry@arm.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
>
> ---
> include/linux/kernel.h | 11 +++++++++--
> include/linux/uaccess.h | 13 +++++++++++++
> kernel/sched/core.c | 22 ++++++++++++++++++++++
> lib/Kconfig.debug | 8 ++++++++
> 4 files changed, 52 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 8f0e68e..73f1f82 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -237,11 +237,18 @@
> struct pt_regs;
> struct user;
>
> +#ifdef CONFIG_DEBUG_UACCESS_SLEEP
> +extern void __might_resched(const char *file, int line);
> +#else
> +#define __might_resched(file, line) do { } while (0)
> +#endif
> +
> #ifdef CONFIG_PREEMPT_VOLUNTARY
> extern int _cond_resched(void);
> -# define might_resched() _cond_resched()
> +# define might_resched() \
> + do { __might_resched(__FILE__, __LINE__); _cond_resched(); } while (0)
> #else
> -# define might_resched() do { } while (0)
> +# define might_resched() __might_resched(__FILE__, __LINE__)
> #endif
>
> #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 37b226e..2c0c39e 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -263,6 +263,15 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
> #define probe_kernel_address(addr, retval) \
> probe_kernel_read(&retval, addr, sizeof(retval))
>
> +/*
> + * user_access_begin() and user_access_end() define a region where
> + * unsafe user accessors can be used. Exceptions and interrupt shall exit the
> + * user_access region and re-enter it when returning to the interrupted context.
> + *
> + * No sleeping function should get called during a user_access region - we rely
> + * on exception handling to take care of the user_access status for us, but that
> + * doesn't happen when directly calling schedule().
> + */
> #ifndef user_access_begin
> #define user_access_begin(ptr,len) access_ok(ptr, len)
> #define user_access_end() do { } while (0)
> @@ -270,6 +279,10 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to,
> #define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0)
> #endif
>
> +#ifndef unsafe_user_region_active
> +#define unsafe_user_region_active() false
> +#endif
> +
> #ifdef CONFIG_HARDENED_USERCOPY
> void usercopy_warn(const char *name, const char *detail, bool to_user,
> unsigned long offset, unsigned long len);
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index a674c7db..b1bb7e9 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -3289,6 +3289,14 @@ static inline void schedule_debug(struct task_struct *prev)
> __schedule_bug(prev);
> preempt_count_set(PREEMPT_DISABLED);
> }
> +
> + if (IS_ENABLED(CONFIG_DEBUG_UACCESS_SLEEP) &&
> + unlikely(unsafe_user_region_active())) {
> + printk(KERN_ERR "BUG: scheduling while user_access enabled: %s/%d/0x%08x\n",
> + prev->comm, prev->pid, preempt_count());
> + dump_stack();
> + }
> +
> rcu_sleep_check();
>
> profile_hit(SCHED_PROFILING, __builtin_return_address(0));
> @@ -6151,6 +6159,20 @@ void ___might_sleep(const char *file, int line, int preempt_offset)
> EXPORT_SYMBOL(___might_sleep);
> #endif
>
> +#ifdef CONFIG_DEBUG_UACCESS_SLEEP
> +void __might_resched(const char *file, int line)
> +{
> + if (!unsafe_user_region_active())
> + return;
Could you please more clearly explain why you want/need an exception from
the __might_resched() debug warning?
Thanks,
Ingo
next prev parent reply other threads:[~2019-02-11 13:45 UTC|newest]
Thread overview: 171+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 13:58 [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Julien Thierry
2019-01-15 13:58 ` Julien Thierry
2019-01-15 13:58 ` [PATCH v3 1/4] arm64: uaccess: Cleanup get/put_user() Julien Thierry
2019-01-15 13:58 ` Julien Thierry
2019-01-15 13:58 ` [PATCH v3 2/4] arm64: uaccess: Implement unsafe accessors Julien Thierry
2019-01-15 13:58 ` Julien Thierry
2019-01-15 13:58 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Julien Thierry
2019-01-15 13:58 ` Julien Thierry
2019-01-30 16:58 ` Valentin Schneider
2019-01-30 16:58 ` Valentin Schneider
2019-02-04 13:27 ` Julien Thierry
2019-02-04 13:27 ` Julien Thierry
2019-02-11 13:45 ` Ingo Molnar [this message]
2019-02-11 13:45 ` Ingo Molnar
2019-02-11 13:51 ` Peter Zijlstra
2019-02-11 13:51 ` Peter Zijlstra
2019-02-12 9:15 ` Julien Thierry
2019-02-12 9:15 ` Julien Thierry
2019-02-13 8:21 ` Ingo Molnar
2019-02-13 8:21 ` Ingo Molnar
2019-02-13 10:35 ` Peter Zijlstra
2019-02-13 10:35 ` Peter Zijlstra
2019-02-13 10:50 ` Julien Thierry
2019-02-13 10:50 ` Julien Thierry
2019-02-13 13:17 ` Peter Zijlstra
2019-02-13 13:17 ` Peter Zijlstra
2019-02-13 13:20 ` Peter Zijlstra
2019-02-13 13:20 ` Peter Zijlstra
2019-02-13 14:00 ` Will Deacon
2019-02-13 14:00 ` Will Deacon
2019-02-13 14:07 ` Julien Thierry
2019-02-13 14:07 ` Julien Thierry
2019-02-13 14:17 ` Peter Zijlstra
2019-02-13 14:17 ` Peter Zijlstra
2019-02-13 14:24 ` Julien Thierry
2019-02-13 14:24 ` Julien Thierry
2019-02-13 14:40 ` Peter Zijlstra
2019-02-13 14:40 ` Peter Zijlstra
2019-02-13 15:08 ` Peter Zijlstra
2019-02-13 15:08 ` Peter Zijlstra
2019-02-13 14:25 ` Peter Zijlstra
2019-02-13 14:25 ` Peter Zijlstra
2019-02-13 14:39 ` Julien Thierry
2019-02-13 14:39 ` Julien Thierry
2019-02-13 14:41 ` Peter Zijlstra
2019-02-13 14:41 ` Peter Zijlstra
2019-02-13 15:45 ` Peter Zijlstra
2019-02-13 15:45 ` Peter Zijlstra
2019-02-13 18:54 ` Peter Zijlstra
2019-02-13 18:54 ` Peter Zijlstra
[not found] ` <D61C430D-4321-4114-AB85-671A3C7B8EAE@amacapital.net>
2019-02-13 22:21 ` Peter Zijlstra
2019-02-13 22:21 ` Peter Zijlstra
2019-02-13 22:49 ` Andy Lutomirski
2019-02-13 22:49 ` Andy Lutomirski
2019-02-14 10:14 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Peter Zijlstra
2019-02-14 10:14 ` Peter Zijlstra
2019-02-14 16:18 ` Brian Gerst
2019-02-14 16:18 ` Brian Gerst
2019-02-14 19:34 ` Peter Zijlstra
2019-02-14 19:34 ` Peter Zijlstra
2019-02-15 14:34 ` Brian Gerst
2019-02-15 14:34 ` Brian Gerst
2019-02-15 17:18 ` Linus Torvalds
2019-02-15 17:18 ` Linus Torvalds
2019-02-15 17:40 ` Peter Zijlstra
2019-02-15 17:40 ` Peter Zijlstra
2019-02-15 18:28 ` Andy Lutomirski
2019-02-15 18:28 ` Andy Lutomirski
2019-02-15 23:34 ` Peter Zijlstra
2019-02-15 23:34 ` Peter Zijlstra
2019-02-16 0:21 ` Linus Torvalds
2019-02-16 0:21 ` Linus Torvalds
2019-02-16 10:32 ` Peter Zijlstra
2019-02-16 10:32 ` Peter Zijlstra
2019-02-16 4:06 ` hpa
2019-02-16 4:06 ` hpa
2019-02-16 10:30 ` Peter Zijlstra
2019-02-16 10:30 ` Peter Zijlstra
2019-02-18 22:30 ` H. Peter Anvin
2019-02-18 22:30 ` H. Peter Anvin
2019-02-19 0:24 ` Linus Torvalds
2019-02-19 0:24 ` Linus Torvalds
2019-02-19 2:20 ` Andy Lutomirski
2019-02-19 2:20 ` Andy Lutomirski
2019-02-19 2:46 ` H. Peter Anvin
2019-02-19 2:46 ` H. Peter Anvin
2019-02-19 9:07 ` Julien Thierry
2019-02-19 9:07 ` Julien Thierry
2019-02-19 8:53 ` Julien Thierry
2019-02-19 8:53 ` Julien Thierry
2019-02-19 9:15 ` Peter Zijlstra
2019-02-19 9:15 ` Peter Zijlstra
2019-02-19 9:19 ` Peter Zijlstra
2019-02-19 9:19 ` Peter Zijlstra
2019-02-19 9:04 ` Peter Zijlstra
2019-02-19 9:04 ` Peter Zijlstra
2019-02-19 9:21 ` hpa
2019-02-19 9:21 ` hpa
2019-02-19 9:44 ` Peter Zijlstra
2019-02-19 9:44 ` Peter Zijlstra
2019-02-19 11:38 ` Thomas Gleixner
2019-02-19 11:38 ` Thomas Gleixner
2019-02-19 11:58 ` Peter Zijlstra
2019-02-19 11:58 ` Peter Zijlstra
2019-02-19 12:48 ` Will Deacon
2019-02-19 12:48 ` Will Deacon
2019-02-20 22:55 ` H. Peter Anvin
2019-02-20 22:55 ` H. Peter Anvin
2019-02-21 12:06 ` Julien Thierry
2019-02-21 12:06 ` Julien Thierry
2019-02-21 21:35 ` Thomas Gleixner
2019-02-21 21:35 ` Thomas Gleixner
2019-02-21 22:08 ` Linus Torvalds
2019-02-21 22:08 ` Linus Torvalds
2019-02-22 12:58 ` Peter Zijlstra
2019-02-22 12:58 ` Peter Zijlstra
2019-02-22 18:10 ` Thomas Gleixner
2019-02-22 18:10 ` Thomas Gleixner
2019-02-22 22:26 ` [RFC][PATCH] objtool: STAC/CLAC validation Peter Zijlstra
2019-02-22 22:26 ` Peter Zijlstra
2019-02-22 23:34 ` Linus Torvalds
2019-02-22 23:34 ` Linus Torvalds
2019-02-23 8:43 ` Peter Zijlstra
2019-02-23 8:43 ` Peter Zijlstra
2019-02-22 23:39 ` hpa
2019-02-22 23:39 ` hpa
2019-02-23 8:39 ` Peter Zijlstra
2019-02-23 8:39 ` Peter Zijlstra
2019-02-25 8:47 ` hpa
2019-02-25 8:47 ` hpa
2019-02-25 13:21 ` Peter Zijlstra
2019-02-25 13:21 ` Peter Zijlstra
2019-03-01 15:07 ` Peter Zijlstra
2019-03-01 15:07 ` Peter Zijlstra
2019-02-25 8:49 ` hpa
2019-02-25 8:49 ` hpa
2019-02-22 23:55 ` Andy Lutomirski
2019-02-22 23:55 ` Andy Lutomirski
2019-02-23 8:37 ` Peter Zijlstra
2019-02-23 8:37 ` Peter Zijlstra
2019-02-23 10:52 ` Peter Zijlstra
2019-02-23 10:52 ` Peter Zijlstra
2019-02-25 10:51 ` Peter Zijlstra
2019-02-25 10:51 ` Peter Zijlstra
2019-02-25 11:53 ` Peter Zijlstra
2019-02-25 11:53 ` Peter Zijlstra
2019-02-25 15:36 ` Andy Lutomirski
2019-02-25 15:36 ` Andy Lutomirski
2019-02-23 0:34 ` Andy Lutomirski
2019-02-23 1:12 ` Linus Torvalds
2019-02-23 1:16 ` Andy Lutomirski
2019-02-23 1:33 ` Linus Torvalds
2019-02-23 1:40 ` Linus Torvalds
2019-02-25 8:33 ` Julien Thierry
2019-02-25 8:33 ` Julien Thierry
2019-02-25 11:55 ` Peter Zijlstra
2019-02-25 11:55 ` Peter Zijlstra
2019-02-21 12:46 ` [PATCH] sched/x86: Save [ER]FLAGS on context switch Will Deacon
2019-02-21 12:46 ` Will Deacon
2019-02-21 22:06 ` Andy Lutomirski
2019-02-21 22:06 ` Andy Lutomirski
2019-02-18 9:03 ` [PATCH v2] " Peter Zijlstra
2019-02-18 9:03 ` Peter Zijlstra
2019-02-13 23:19 ` [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region Linus Torvalds
2019-02-13 23:19 ` Linus Torvalds
2019-01-15 13:58 ` [PATCH v3 4/4] arm64: uaccess: Implement user_access_region_active Julien Thierry
2019-01-15 13:58 ` Julien Thierry
2019-01-25 14:27 ` [PATCH v3 0/4] uaccess: Add unsafe accessors for arm64 Catalin Marinas
2019-01-25 14:27 ` Catalin Marinas
2019-01-30 16:17 ` Julien Thierry
2019-01-30 16:17 ` Julien Thierry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190211134527.GA121589@gmail.com \
--to=mingo@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=valentin.schneider@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.