From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935190AbbI2Rfw (ORCPT ); Tue, 29 Sep 2015 13:35:52 -0400 Received: from mail-am1on0079.outbound.protection.outlook.com ([157.56.112.79]:39680 "EHLO emea01-am1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932398AbbI2Rfm (ORCPT ); Tue, 29 Sep 2015 13:35:42 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=cmetcalf@ezchip.com; Subject: Re: [PATCH v7 03/11] task_isolation: support PR_TASK_ISOLATION_STRICT mode To: Andy Lutomirski References: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> <1443453446-7827-4-git-send-email-cmetcalf@ezchip.com> <5609B713.5020709@ezchip.com> CC: Gilad Ben Yossef , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Andrew Morton , Rik van Riel , Tejun Heo , Frederic Weisbecker , Thomas Gleixner , "Paul E. McKenney" , Christoph Lameter , Viresh Kumar , Catalin Marinas , Will Deacon , "linux-doc@vger.kernel.org" , Linux API , "linux-kernel@vger.kernel.org" From: Chris Metcalf Message-ID: <560ACBD9.90909@ezchip.com> Date: Tue, 29 Sep 2015 13:35:21 -0400 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [12.216.194.146] X-ClientProxiedBy: BLUPR0101CA0012.prod.exchangelabs.com (25.163.116.150) To VI1PR02MB0782.eurprd02.prod.outlook.com (25.162.14.144) X-Microsoft-Exchange-Diagnostics: 1;VI1PR02MB0782;2:tnFmY+O1YCQobGOC4FmoF/iGqgEx9JiQtXf2Esqctuk/7F63K/+S1HQWtbSIXMUcMhFpffuWYRYkOHwTMIWZHn9CrnR9c3qhScaTerwQts/2VIBszyQBvA4JfVYQ7opoqXpcIIyg++vLDUUbaTNQFR+auil0Qh9Vf5SJnxRJvVs=;3:f03w5JjKoDAz5XzRu9dQJijOyUs+D8Y2sluBsW7rG32OXv46dl/vEkhajzwqnihZuiMhDwlYY7vHEfnci01igCZeZrg6CBxNonjn5/CLf3GJietj5ylijmZ4EWFmcnhmGCvVSR1p5TzJWd4PQ/4jIQ==;25:o8+LpfsyVasTzlRL0pg8DlsYdv2s3OPTFukcs6vJeUG8s3/7JgbLtUVAV2ICyxqbUqtaXGt4tSzhzdHHqWzeyzLHFVTE4m9Nmjg3JHJ+Tw6rHyJgOF4HXWiuQoQl+qFUtieWJ3teeKG4gv2q+eFimFDQwuKACBLwdAqM3DMWuB96ctoH2fzlS/0o3XysgpTmBTDdeB0DoJCMFL2kgUyx+KRIPZXphG/1pTC0Om2EbLkVFcuQVwIX8FMJd0GAkSnu9MwuMz+8fmTdP/EXWUFOdA==;20:DbkZctlVrIjguOSzYvdIHbceZNjLbmrQ4wF7MDkqrLsMUAVxHA57EjuWIujiE897bCNKmg5gJWkFl0WGR3Suyw4hk0FD7IuVM2MplEvnQDwg9bhKB8T81iM+r/isUGMCeEuLidAduIp6diAvuxRCOGLTWidNkIoYGza5SWJ1LZA= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR02MB0782; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001);SRVR:VI1PR02MB0782;BCL:0;PCL:0;RULEID:;SRVR:VI1PR02MB0782; X-Microsoft-Exchange-Diagnostics: 1;VI1PR02MB0782;4:4svdTCZ9kOjP+0IfET3/VtJfmPKuFM5iFacNMvdLpc7Rdcn/rmxoWBLkYxEpcGVE3PxZ/DtsocT84Pf4Dkka7mTh64TzPTn0a4hB+XMrawNaZf4uhcX3VjFXK0PeXY+udSdSp5ghxCgtF+1tzVGU9rrhCq9Tg4K4mEHg9pG/tdxZixgJj9w0P14P0WacYtiUzaYzjdI/UTpES1xiNUCop/DLSLI/1mDhfyN5di1A9hy3dAgMVs98L7xFRO3V9uhdv3LUR4prDAMEV+j7QrmXCmyNlfMOdFAKDN0KZd+ISFXWVYYlM2iF+2Be3iFahanNBd7vJH0GexWJuvM8BdpMXF1IkOtpZgT/gcIImU3zHfk= X-Forefront-PRVS: 0714841678 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(6049001)(199003)(24454002)(479174004)(377454003)(189002)(50466002)(50986999)(5001830100001)(4001540100001)(19580395003)(54356999)(105586002)(77096005)(40100003)(110136002)(97736004)(81156007)(5001960100002)(93886004)(46102003)(19580405001)(5001860100001)(5008740100001)(36756003)(4001350100001)(189998001)(62966003)(122386002)(76176999)(23676002)(106356001)(2950100001)(15975445007)(68736005)(5004730100002)(5007970100001)(92566002)(77156002)(65806001)(64126003)(66066001)(33656002)(47776003)(83506001)(65816999)(64706001)(65956001)(87976001)(86362001)(42186005)(101416001)(18886065003);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR02MB0782;H:[10.7.0.41];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtWSTFQUjAyTUIwNzgyOzIzOkpEeWNCMThPOXpnYS84b2hnSmUzbmdSRHpQ?= =?utf-8?B?ekJ4a0k0dms3Nmg3NkJqRnh5VEFmMVJUOXVsMVl2Zm1BWnZTdUx1N3BZR3pH?= =?utf-8?B?UDZlS3M1UTVDTmFPREJRVlNrbTMzK2FVTzNkSjBCenNRQ0QvQXYrMVpmMm9D?= =?utf-8?B?RGZjUmZwbzRHNGtnc2d4aktoNUthOWRjMWxGSXdTY1BUMXVvN3R3eUFjSDNO?= =?utf-8?B?dzhvM2ZXYUV2WHhhV2ZKeVVCODNpUFNmOHJoUCtQWk8yUm9TZWFmeXBxZnZF?= =?utf-8?B?TDNHMTdHaDByRXpOS295QXFXcDdPVk5vVHBWTnlORFc3STNuWWEzK2pZZUt5?= =?utf-8?B?eXRVY3hORGZOTWJNQlVZVHVyUHVRUTRBRjZUY2VRZUJKQk9ZSlhoTVBraGlE?= =?utf-8?B?S0ZCNm5WQXFqYm55VEtwL2lsdC9LWVl1UEtvWlVSUlVEVzBtRjlNUGtIV09k?= =?utf-8?B?Rk1neW11K2lIeFdta0thVVhQNFBKLzRrazQxWG83dzVVRzFNRTdHUHM3NDJq?= =?utf-8?B?b0lUUjBKZE95NXl3UFVXdWduUmNmeS8xMXJtNkRxTFdaL1NoV2ZteEYvSlR6?= =?utf-8?B?OWY4WGM0bjN5MDhSYVA5Nit5MTgwaTF5VHJiN1QwRlVVNWsyVE9sM2FoZ2NN?= =?utf-8?B?WkJaRmxQdjRGdDdYbmFjWWFFajAxWGFNU0Fqd1NZOGhPamZ2VnZSNFJhUUJB?= =?utf-8?B?ZGhxdHZtMTJJTEZyRkNrNXFnVzlSOWs5azR0RkxJdnpWV2dQZ0o2elVIeU5y?= =?utf-8?B?U1BwZjVwZWpSTlgybHNmcmdhdGI2Rncrckc0U3dBSGswYXdkdmptY1grdVIx?= =?utf-8?B?T2VXNmlIYzBBd2lVRkhFTmY5MzRNN0RjY0E1dVRYdmg0T2FvcVF3OUY1T3Z4?= =?utf-8?B?RVVPT2hzZ05IaEl3SnlCK3FhNXk4V2NKczV0Z1RLNGxlYmlqYklsdEZjRlBu?= =?utf-8?B?cElFQWs2NmdHcG95U21LZ2NYdVlpUlBEeHJUUmoyb0NTNDlXUzlQT2Yzcmtz?= =?utf-8?B?ZDFuVEdVVjZSelZJaWdJNHJJZm9VUGJseVRXYmxFN2FSSEFRU043VDNBV0pu?= =?utf-8?B?VEc5bVd0Zmk3V1BZcFA1aFJ2SWxoMEdoUzRnV25ES0dQdnN1N1JhdmwrSzhw?= =?utf-8?B?NStnQjk3Und3dy9ZZDB3MUpHMHlYNlZTemFvR2NOcTF1eWR5NjJuS0NIUUFm?= =?utf-8?B?LzYvOXNBV3l5a0ZlOEZocGNEVk9vZFo4ZUdaOWZKeFd1QlJaejRoUEIrRk1G?= =?utf-8?B?NmpQRGtMcFZXSjV2QS9oTGtUOWVLVFVXUkhWaEhKWmg5eVZwUUU3QVoyK3dL?= =?utf-8?B?Smt0ZG5iZng3c3IxSU1rcTJObzAveWhvVTNCdCtHYXVLZTVjcVd3MXU4eHNp?= =?utf-8?B?dldxY3VhdndPejVBamtBK21aVllxVVMxWnFuUlhvNTIydEUwK0NkamJkbm5x?= =?utf-8?B?UU15VHJGeElKSmRYUzNUTlVLV0c0Wmc4aFFQY1VHSXF4MjI3S3Y4UHVYWGN5?= =?utf-8?B?b1htdmJnVFp2NnNvY0ZMM0lMNGxqclREQlVuczI4VVhMUld4VzRxV2FYdy93?= =?utf-8?B?TndVdkZlelJDTXljMHIza2E1YmFaeGFpTUNOSlV5UjNoVFVZNjEzaXZGdURG?= =?utf-8?B?ekdmL2VoUFZMVEhwOXltRXVneHJZQVhZTFkybElEZ2RDWk44UU5Oc3pmS0p2?= =?utf-8?B?bDl3WUxaWTZkTXY2RVI2SkxxMTV1OUJVaDc4YlN2RTJ5N0VKMDVLVVZtOWZX?= =?utf-8?B?OFpzRDV6bmpqc1BmV01ieHZvNkFFRFlueDRybjMxMGg5N2lKQ1FHSE1CenpL?= =?utf-8?B?bnIwckpsOUxUT2pEeElpTlYyTG9rQ2p3M05tRG1melI0dmlTWkQ1dUg0L01C?= =?utf-8?B?TGU1QllmaktTVHovRmVsT0dxZ3d1NlRlemwwM1JyL3cyTkExN2ZkT0I2blJF?= =?utf-8?Q?DcWMHQvcloOdqsw13VSnFf1VRy53PY=3D?= X-Microsoft-Exchange-Diagnostics: 1;VI1PR02MB0782;5:Jt0azpy/U2z/t7+Vwyx1uW3i9dnElSbqZgEfdxStEz87HxBoaqDneTaX0NK+MG0BHlIaHKG04SDFL5A2QtZ3uo1NBpa5BNbcqsjIuD0La/Orbt/UYNnPdwFxLHsFM2yF7ywP1tgT+DJ8SCvfDKrUbA==;24:oM5YKI7NBWJzaDwY3h0YT4lXhBH6e7ndAEcEAqh6+r+bbBgjvGJ/vjmrEOxMjO2COV+yyJRs9rGqYg7t1r8qdwRnN7fTUhci/IqBwFCTjxM=;20:NJFI/dMJZbRqTODF26n88bjOwn0o2cHeUCni22SVqk/tDZUiGxshzpVajO7wX88hu5hzxJxd2p28OsFJWC4cZA== SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: ezchip.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2015 17:35:36.6722 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR02MB0782 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/28/2015 06:38 PM, Andy Lutomirski wrote: > On Mon, Sep 28, 2015 at 2:54 PM, Chris Metcalf wrote: >> On 09/28/2015 04:51 PM, Andy Lutomirski wrote: >>> On Mon, Sep 28, 2015 at 11:17 AM, Chris Metcalf >>>> @@ -35,8 +36,12 @@ static inline enum ctx_state exception_enter(void) >>>> return 0; >>>> >>>> prev_ctx = this_cpu_read(context_tracking.state); >>>> - if (prev_ctx != CONTEXT_KERNEL) >>>> - context_tracking_exit(prev_ctx); >>>> + if (prev_ctx != CONTEXT_KERNEL) { >>>> + if (context_tracking_exit(prev_ctx)) { >>>> + if (task_isolation_strict()) >>>> + task_isolation_exception(); >>>> + } >>>> + } >>>> >>>> return prev_ctx; >>>> } >>> x86 does not promise to call this function. In fact, x86 is rather >>> likely to stop ever calling this function in the reasonably near >>> future. >> >> Yes, in which case we'd have to do it the same way we are doing >> it for arm64 (see patch 09/11), by calling task_isolation_exception() >> explicitly from within the relevant exception handlers. If we start >> doing that, it's probably worth wrapping up the logic into a single >> inline function to keep the added code short and sweet. >> >> If in fact this might happen in the short term, it might be a good >> idea to hook the individual exception handlers in x86 now, and not >> hook the exception_enter() mechanism at all. > It's already like that in Linus' tree. OK, I will restructure so that it doesn't rely on the context_tracking code at all, but instead requires a line of code in every relevant kernel exception handler. > FWIW, most of those exception handlers send signals, so it might pay > to do it in notify_die or die instead. Well, the most interesting category is things that don't actually trigger a signal (e.g. minor page fault) since those are things that cause significant issues with task isolation processes (kernel-induced jitter) but aren't otherwise user-visible, much like an undiscovered syscall in a third-party library can cause unexpected jitter. > For x86, the relevant info might be the actual hw error number > (error_code, which makes it into die) or the signal. If we send a > death signal, then reporting the error number the usual way might make > sense. I may just choose to use a task_isolation_exception(fmt, ...) signature so that code can printk a suitable one-liner before delivering the SIGKILL (or whatever signal was configured). -- Chris Metcalf, EZChip Semiconductor http://www.ezchip.com