Re: [PATCH] rseq: update kernel fields in lockstep with CONFIG_DEBUG_RSEQ

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Michael Jeanson <mjeanson@efficios.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	"Paul E. McKenney" <paulmck@kernel.org>,
	Boqun Feng <boqun.feng@gmail.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] rseq: update kernel fields in lockstep with CONFIG_DEBUG_RSEQ
Date: Sat, 22 Feb 2025 14:27:40 +0100	[thread overview]
Message-ID: <Z7nQzOQT_-9-Rbr5@gmail.com> (raw)
In-Reply-To: <20250221191401.464648-1-mjeanson@efficios.com>


* Michael Jeanson <mjeanson@efficios.com> wrote:

> With CONFIG_DEBUG_RSEQ an in-kernel copy of the read-only fields is
> kept synchronized with the user-space fields. Ensure the updates
> are done in lockstep in case we error out on a write to user-space.
> 
> Fixes: 7d5265ffcd8b ("rseq: Validate read-only fields under DEBUG_RSEQ config")
> Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
> ---
>  kernel/rseq.c | 85 +++++++++++++++++++++++++++------------------------
>  1 file changed, 45 insertions(+), 40 deletions(-)
> 
> diff --git a/kernel/rseq.c b/kernel/rseq.c
> index 2cb16091ec0a..5bdb96944e1f 100644
> --- a/kernel/rseq.c
> +++ b/kernel/rseq.c
> @@ -26,6 +26,11 @@
>  				  RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL | \
>  				  RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE)
>  
> +static struct rseq __user *rseq_user_fields(struct task_struct *t)
> +{
> +	return (struct rseq __user *) t->rseq;
> +}
> +
>  #ifdef CONFIG_DEBUG_RSEQ
>  static struct rseq *rseq_kernel_fields(struct task_struct *t)
>  {
> @@ -78,24 +83,24 @@ static int rseq_validate_ro_fields(struct task_struct *t)
>  	return -EFAULT;
>  }
>  
> -static void rseq_set_ro_fields(struct task_struct *t, u32 cpu_id_start, u32 cpu_id,
> -			       u32 node_id, u32 mm_cid)
> -{
> -	rseq_kernel_fields(t)->cpu_id_start = cpu_id;
> -	rseq_kernel_fields(t)->cpu_id = cpu_id;
> -	rseq_kernel_fields(t)->node_id = node_id;
> -	rseq_kernel_fields(t)->mm_cid = mm_cid;
> -}
> +/*
> + * Update an rseq field and its in-kernel copy in lock-step to keep a coherent
> + * state.
> + */
> +#define unsafe_rseq_set_field(t, field, value, error_label)		\
> +	do {								\
> +		unsafe_put_user(value, &rseq_user_fields(t)->field, error_label);	\
> +		rseq_kernel_fields(t)->field = value;			\
> +	} while (0)
> +
>  #else
>  static int rseq_validate_ro_fields(struct task_struct *t)
>  {
>  	return 0;
>  }
>  
> -static void rseq_set_ro_fields(struct task_struct *t, u32 cpu_id_start, u32 cpu_id,
> -			       u32 node_id, u32 mm_cid)
> -{
> -}
> +#define unsafe_rseq_set_field(t, field, value, error_label)		\
> +	unsafe_put_user(value, &rseq_user_fields(t)->field, error_label)
>  #endif
>  
>  /*
> @@ -173,17 +178,18 @@ static int rseq_update_cpu_node_id(struct task_struct *t)
>  	WARN_ON_ONCE((int) mm_cid < 0);
>  	if (!user_write_access_begin(rseq, t->rseq_len))
>  		goto efault;
> -	unsafe_put_user(cpu_id, &rseq->cpu_id_start, efault_end);
> -	unsafe_put_user(cpu_id, &rseq->cpu_id, efault_end);
> -	unsafe_put_user(node_id, &rseq->node_id, efault_end);
> -	unsafe_put_user(mm_cid, &rseq->mm_cid, efault_end);
> +
> +	unsafe_rseq_set_field(t, cpu_id_start, cpu_id, efault_end);
> +	unsafe_rseq_set_field(t, cpu_id, cpu_id, efault_end);
> +	unsafe_rseq_set_field(t, node_id, node_id, efault_end);
> +	unsafe_rseq_set_field(t, mm_cid, mm_cid, efault_end);

Could we please name the new wrapper rseq_unsafe_put_user(), to make it 
clear it's a wrapper around unsafe_put_user()?

Thanks,

	Ingo

next prev parent reply	other threads:[~2025-02-22 13:27 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-21 19:13 [PATCH] rseq: update kernel fields in lockstep with CONFIG_DEBUG_RSEQ Michael Jeanson
2025-02-22 13:27 ` Ingo Molnar [this message]
2025-02-22 13:56   ` Mathieu Desnoyers
2025-02-22 14:12     ` Ingo Molnar
2025-02-24 20:40       ` Michael Jeanson
2025-02-25  9:12         ` Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z7nQzOQT_-9-Rbr5@gmail.com \
    --to=mingo@kernel.org \
    --cc=boqun.feng@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mjeanson@efficios.com \
    --cc=paulmck@kernel.org \
    --cc=peterz@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.