From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org, Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Marc Zyngier <maz@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Peter Zijlstra <peterz@infradead.org>,
Morten Rasmussen <morten.rasmussen@arm.com>,
Qais Yousef <qais.yousef@arm.com>,
Suren Baghdasaryan <surenb@google.com>,
kernel-team@android.com
Subject: [PATCH 4/6] arm64: Kill 32-bit applications scheduled on 64-bit-only CPUs
Date: Tue, 27 Oct 2020 21:51:16 +0000 [thread overview]
Message-ID: <20201027215118.27003-5-will@kernel.org> (raw)
In-Reply-To: <20201027215118.27003-1-will@kernel.org>
Scheduling a 32-bit application on a 64-bit-only CPU is a bad idea.
Ensure that 32-bit applications always take the slow-path when returning
to userspace on a system with mismatched support at EL0, so that we can
avoid trying to run on a 64-bit-only CPU and force a SIGKILL instead.
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/kernel/process.c | 21 ++++++++++++++++++++-
arch/arm64/kernel/signal.c | 26 ++++++++++++++++++++++++++
2 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 4784011cecac..c45b5f9dd66b 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -542,6 +542,17 @@ static void erratum_1418040_thread_switch(struct task_struct *prev,
write_sysreg(val, cntkctl_el1);
}
+static void compat_thread_switch(struct task_struct *next)
+{
+ if (!is_compat_thread(task_thread_info(next)))
+ return;
+
+ if (!system_has_mismatched_32bit_el0())
+ return;
+
+ set_tsk_thread_flag(next, TIF_NOTIFY_RESUME);
+}
+
/*
* Thread switching.
*/
@@ -558,6 +569,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
uao_thread_switch(next);
ssbs_thread_switch(next);
erratum_1418040_thread_switch(prev, next);
+ compat_thread_switch(next);
/*
* Complete any pending TLB or cache maintenance on this CPU in case
@@ -620,8 +632,15 @@ unsigned long arch_align_stack(unsigned long sp)
*/
void arch_setup_new_exec(void)
{
- current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0;
+ unsigned long mmflags = 0;
+
+ if (is_compat_task()) {
+ mmflags = MMCF_AARCH32;
+ if (system_has_mismatched_32bit_el0())
+ set_tsk_thread_flag(current, TIF_NOTIFY_RESUME);
+ }
+ current->mm->context.flags = mmflags;
ptrauth_thread_init_user(current);
if (task_spec_ssb_noexec(current)) {
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index a8184cad8890..bcb6ca2d9a7c 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -911,6 +911,19 @@ static void do_signal(struct pt_regs *regs)
restore_saved_sigmask();
}
+static bool cpu_affinity_invalid(struct pt_regs *regs)
+{
+ if (!compat_user_mode(regs))
+ return false;
+
+ /*
+ * We're preemptible, but a reschedule will cause us to check the
+ * affinity again.
+ */
+ return !cpumask_test_cpu(raw_smp_processor_id(),
+ system_32bit_el0_cpumask());
+}
+
asmlinkage void do_notify_resume(struct pt_regs *regs,
unsigned long thread_flags)
{
@@ -948,6 +961,19 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
if (thread_flags & _TIF_NOTIFY_RESUME) {
tracehook_notify_resume(regs);
rseq_handle_notify_resume(NULL, regs);
+
+ /*
+ * If we reschedule after checking the affinity
+ * then we must ensure that TIF_NOTIFY_RESUME
+ * is set so that we check the affinity again.
+ * Since tracehook_notify_resume() clears the
+ * flag, ensure that the compiler doesn't move
+ * it after the affinity check.
+ */
+ barrier();
+
+ if (cpu_affinity_invalid(regs))
+ force_sig(SIGKILL);
}
if (thread_flags & _TIF_FOREIGN_FPSTATE)
--
2.29.0.rc2.309.g374f81d7ae-goog
next prev parent reply other threads:[~2020-10-27 21:51 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-27 21:51 [PATCH 0/6] An alternative series for asymmetric AArch32 systems Will Deacon
2020-10-27 21:51 ` [PATCH 1/6] KVM: arm64: Handle Asymmetric " Will Deacon
2020-10-27 21:51 ` [PATCH 2/6] arm64: Allow mismatched 32-bit EL0 support Will Deacon
2020-10-28 11:12 ` Catalin Marinas
2020-10-28 11:17 ` Will Deacon
2020-10-28 11:22 ` Catalin Marinas
2020-10-28 11:23 ` Will Deacon
2020-10-28 11:49 ` Catalin Marinas
2020-10-28 12:40 ` Will Deacon
2020-10-28 18:56 ` Catalin Marinas
2020-10-29 22:20 ` Will Deacon
2020-10-30 11:18 ` Catalin Marinas
2020-10-30 16:13 ` Will Deacon
2020-11-02 11:44 ` Catalin Marinas
2020-11-05 21:38 ` Will Deacon
2020-11-06 12:54 ` Qais Yousef
2020-11-06 13:00 ` Will Deacon
2020-11-06 14:48 ` Qais Yousef
2020-11-09 13:52 ` Will Deacon
2020-11-11 16:27 ` Qais Yousef
2020-11-12 10:24 ` Will Deacon
2020-11-12 11:55 ` Qais Yousef
2020-11-12 16:49 ` Qais Yousef
2020-11-12 17:06 ` Marc Zyngier
2020-11-12 17:36 ` Qais Yousef
2020-11-12 17:44 ` Will Deacon
2020-11-12 17:36 ` Will Deacon
2020-11-13 10:45 ` Qais Yousef
2020-11-06 14:30 ` Catalin Marinas
2020-10-28 11:18 ` Catalin Marinas
2020-10-28 11:21 ` Will Deacon
2020-10-27 21:51 ` [PATCH 3/6] KVM: arm64: Kill 32-bit vCPUs on systems with mismatched " Will Deacon
2020-10-27 21:51 ` Will Deacon [this message]
2020-10-28 12:10 ` [PATCH 4/6] arm64: Kill 32-bit applications scheduled on 64-bit-only CPUs Catalin Marinas
2020-10-28 12:36 ` Will Deacon
2020-10-27 21:51 ` [PATCH 5/6] arm64: Advertise CPUs capable of running 32-bit applcations in sysfs Will Deacon
2020-10-28 8:37 ` Greg Kroah-Hartman
2020-10-28 9:51 ` Will Deacon
2020-10-28 12:15 ` Catalin Marinas
2020-10-28 12:27 ` Will Deacon
2020-10-28 15:14 ` Catalin Marinas
2020-10-28 15:35 ` Will Deacon
2020-10-27 21:51 ` [PATCH 6/6] arm64: Hook up cmdline parameter to allow mismatched 32-bit EL0 Will Deacon
2020-10-29 18:42 ` [PATCH 0/6] An alternative series for asymmetric AArch32 systems Suren Baghdasaryan
2020-10-29 22:17 ` Will Deacon
2020-10-30 16:16 ` Marc Zyngier
2020-10-30 16:24 ` Will Deacon
2020-10-30 17:04 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201027215118.27003-5-will@kernel.org \
--to=will@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=kernel-team@android.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=morten.rasmussen@arm.com \
--cc=peterz@infradead.org \
--cc=qais.yousef@arm.com \
--cc=surenb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).