From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935304AbbI2R5j (ORCPT ); Tue, 29 Sep 2015 13:57:39 -0400 Received: from mail-db3on0095.outbound.protection.outlook.com ([157.55.234.95]:9254 "EHLO emea01-db3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S935252AbbI2R5c (ORCPT ); Tue, 29 Sep 2015 13:57:32 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=cmetcalf@ezchip.com; Subject: Re: [PATCH v7 03/11] task_isolation: support PR_TASK_ISOLATION_STRICT mode To: Andy Lutomirski References: <1443453446-7827-1-git-send-email-cmetcalf@ezchip.com> <1443453446-7827-4-git-send-email-cmetcalf@ezchip.com> <5609B713.5020709@ezchip.com> <560ACBD9.90909@ezchip.com> CC: Gilad Ben Yossef , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Andrew Morton , Rik van Riel , Tejun Heo , Frederic Weisbecker , Thomas Gleixner , "Paul E. McKenney" , Christoph Lameter , Viresh Kumar , Catalin Marinas , Will Deacon , "linux-doc@vger.kernel.org" , Linux API , "linux-kernel@vger.kernel.org" From: Chris Metcalf Message-ID: <560AD0F5.6080000@ezchip.com> Date: Tue, 29 Sep 2015 13:57:09 -0400 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [12.216.194.146] X-ClientProxiedBy: CY1PR13CA0100.namprd13.prod.outlook.com (25.164.65.26) To HE1PR02MB0780.eurprd02.prod.outlook.com (25.161.118.144) X-Microsoft-Exchange-Diagnostics: 1;HE1PR02MB0780;2:E1DkqzOovSzC4Xpd3g8DAdqPqAEFCKC1N3KarnSjXPVz6ompoWhPs31rYDFu1NK2PCqGt8wkQYKXAvaHGp8q+UANIo5u/KRrsFw/a8MCgiFnq/NtH1n36WHRALaRGxqVq/0/jiUvXnILEmJT6srAjxNfftT+IvVABdVKWktj4KY=;3:NI7xF3n/dnRVCOhDF64EGldSt2hs0fT/Qb6LiikRLboZlzF4LOm1Op49+SdF+ikntjhz374pNhw6Dloz6LRbnPXOMF3IXl0bkDfXL6g++tyyW6eDXTcOpAqkR6lpFLmyjoLngOo0WfhFt69wKhl+MA==;25:7MTpkPMS0Cwo2bUuIpDMG+DeXAhJuvBMRVbKkakRADglGzvrvR3auO1yB1eYBhhmihvKmec005uwUq8oESanxJgDhcjdh0XMK713cWQ+FqcF9mdJ+3rlc3jwhr+HApLslMegRy8ztEXZIoFKqIxtiU6hYBK+iIykDDwQNYlheBJVVz/OL7tbuDBVGR1aHWffJdI7NcRhhbeWmgo/Q8CwbNqdrioYJuoWIhOedjrjfW/haXjKPvLBapQv8SRaVMBvnKTtesqC7DEAJ8bABbklgQ==;20:T+0G9cTHRg5TQJatc//MAR71caOGW7tmWAiZZY+YExZ+v6yzuMEdqk0PcTUgjFk61rkOpsvNxr8WFNNwSmDP2YEB9xPTXiJzvMvxzL/slb/GA8ag/m6vhaEIvAclwGksPU6X0heTueuicM61djrJdF4TNtyUNsC1l7PHqT8PrqM= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR02MB0780; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001);SRVR:HE1PR02MB0780;BCL:0;PCL:0;RULEID:;SRVR:HE1PR02MB0780; X-Microsoft-Exchange-Diagnostics: 1;HE1PR02MB0780;4:V3N24vKlHvTAtflIgHCOpgY+e+S1mJzT2UfUv5dBQhXa52GMgqmLoDKrk3R910Drtn4n65nffazrIFutsPAdPY4X4z4fq4LnAdQeHfiRIFtjUHrbQ1Ka8YH56+THOEQumw2ZYqOxGt+sNssUy7LamAQUVNI023NkVsetnYg89juwDm26MfrSWF5ZXpMNr5Fw1GJx4c7i3TxDvrU+gTpJwLS+B/AGEiMNHa0Zwketp5iQ9FOlbhwRahg/CmZE+185v0FHc54o1bexR61jYZatbTMzoF5zIP89Ia1q0UQqRwLgMfgnq995eGm8++syd4nfvl0XHbLX/03RZzINK4QJ3XsazEX6TVkKWqrhQOKK9wU= X-Forefront-PRVS: 0714841678 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(6049001)(52314003)(189002)(479174004)(24454002)(51914003)(199003)(52604005)(377454003)(50466002)(5007970100001)(81156007)(65956001)(36756003)(4001540100001)(101416001)(86362001)(33656002)(62966003)(5004730100002)(87976001)(5001830100001)(77156002)(59896002)(42186005)(5001860100001)(68736005)(4001350100001)(97736004)(93886004)(40100003)(15975445007)(77096005)(76176999)(87266999)(65816999)(54356999)(80316001)(19580395003)(92566002)(2950100001)(19580405001)(50986999)(46102003)(122386002)(5001960100002)(110136002)(105586002)(64126003)(106356001)(66066001)(189998001)(83506001)(23676002)(65806001)(47776003)(64706001)(5008740100001)(18886065003);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR02MB0780;H:[10.7.0.41];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtIRTFQUjAyTUIwNzgwOzIzOmxreWxqSnZiR25HQXArV21zckI5Y3luL2V2?= =?utf-8?B?NTVYT1FkeW5WOHJ4RnhKd1g3R1FqTUZTeWs4eWdPVkFBMmt1L2xtT0oySkh3?= =?utf-8?B?SWNRQWVtUDRQM3ZkaUFPd0ZJUTh6dGcwK0JkZTVxN2NwZnF5RzlQZjJXRU9t?= =?utf-8?B?N0xXSENhQUtRcC9na0g1enB4YVVDQXZYYjZ6ZDh3UnpBTVVLb3VwM2UycTVX?= =?utf-8?B?eG4vcEZWZENVMU10ZjdWcFYvY2htODJON2ZOZE9nTWJubDEwNm5rYURHTVpr?= =?utf-8?B?TjU5VmMwRnBNM083WGFXdXNoVStXTElZQ2ZGaHgwTWxqbndWT0hTTzNWTThr?= =?utf-8?B?VkZHZnNINUtNOEhwVHdRdlJWdDlNMDh5ZCsxVzFFb0tQRXBYemtWeE10dnht?= =?utf-8?B?MHAxZmlXc3NJbG9ZR0xQNG52T3JCYkMycmExbkQyeVhkeERPZFI4cnVaWDd2?= =?utf-8?B?dDlUd0ZNclloMXB1NHRKWjFySUJJaTBOcGhsZGpLWWNFL3lBTGhTVHRhdE81?= =?utf-8?B?M1EzNUZHakY5Q2w0c1JOSDhpTHc1VWJ1YjRENXorK2V0TXRoaVR2RW1Fc3JU?= =?utf-8?B?U2lCSnk2WXh2cWlkZVRyRmVicnVXRzZOL1NCellyWGx0QWtqU2JaRkxia0JH?= =?utf-8?B?c1JnRmdzbUk1WkFna09XUWhoclJSeHEvQlMrZnpHTjZlYnhFMit2b2tjNjll?= =?utf-8?B?RldaT0JCd01UbElTcVpmZ2RyMEV0ME0yS3ZmWW13cG5Qd1NURzNIeFlhWlZt?= =?utf-8?B?ekc0QmgySzJ1ZHBLSWFITDZkckJPd3dKUC9FUjdzdmZrcy9aSWh1bjB4QnVI?= =?utf-8?B?enB1aVZxc1Jsajh5cVlqT2ZoOFhxZTRjQUpRQVFVRUtub3FQOXZoOEdqdWtH?= =?utf-8?B?dmhxN0Z2dWYwSnZBNlZPdTU1aUxtd2dSeHpCajEyZGRPelJ1U0U4RlNQWERW?= =?utf-8?B?VThBQmhCMXBnUjBVMmJob1pqZFdvcXJGQlJ2SEwyUlJweGRORUQvMHlMUFd1?= =?utf-8?B?RHFrTGE5S3J4SkUzSWlBSGdDcWMrSVU1MWNzMFVDZ2FIS282T2ZEZkxCS1Rz?= =?utf-8?B?TGtjS000NlZqMWZmd0ZqYitCOHBZZVhLeDR1YnZNNmh0cm5rbUo0NWdybzlo?= =?utf-8?B?Nlo2cW5PblNlalpPVHFEaXRnWjlwYVpYMDYyTUg4aGhWTkx3SWdyalhDWThC?= =?utf-8?B?TUZGWmpWNUdDM3B2ZnBJVlhuMmc0K05qbkpyUkxMREV0cmphZzdPczFDVVpq?= =?utf-8?B?dURmWUlLYy9kMStzaXAvQnpPVDd4YjZHYldPQUtGTUZMaVp1dHBkNHpSZnND?= =?utf-8?B?eXl4MHpKQ0dRMndzWlBqblhPd1Ixc2Q0a2JaMGh5eW95b3dvOTlYNXdnK29V?= =?utf-8?B?TTB1dTNRZXo5Y3haSUlaR05vcFZHYUY1a0hmblk1RGRYUkQwam1iK3FDbGJT?= =?utf-8?B?L0tWTTdqVTNrSW8rR0RHRHI0eEgyTG4yT0hjUEpWLzhoWTVjOFVPWE1neGxr?= =?utf-8?B?dThKTzlnUGNaYlF5Z1I2OU9LeHgyZlBaOWduQUlwZkc5eS9hUkpqK0tKVWtC?= =?utf-8?B?QlJyZHZRakl1NlRkNXNKMnFNRFVCS2Fkd2tWNGtvUEVjTUtwcFpvNThNL1J4?= =?utf-8?B?T2o4ZWRFd1dVdVhRY24rRFI1ZUNHN1huUzl0S285YkdsL1cvWjk4bkdpVm9s?= =?utf-8?B?QjZsMmZPL0hOQjhSUnE0dmNiQ0ZscDVXTE5NWFhyNDdjQ0xrZEZpVUZEMTVl?= =?utf-8?B?OWFWZkZZbVJUSENXcUNtYzVHam9hbDNsQlNWMlpQeWUvV2huR2toVUt4RlZi?= =?utf-8?B?aDZ6anFYT3lySllVbDhHODhiYnZhUTRHbUN3eHlOOFRlcVpyckVkeDJlRXBZ?= =?utf-8?B?bm4zaDlCMmlub3BWTkhZVmFhK0NOQ3RIdDM5N2dVbXRmRS9nZTQrcmNuL3RH?= =?utf-8?B?WTdwdk9lZytCSzV1RHpwV0xDZ211THVrT08xWXd6UFd5a2VpZVF2M0hiOG9i?= =?utf-8?B?S0tSaW84REVqeWVuZjBFV20wdDJJdzUrRXpkK3ZyaVBJSjMzcFZxM0FxMkN5?= =?utf-8?B?TndYUWZVdWRFN0tadGFmQnRHVDBHRmhWYU5sLzNqWi95SzRZMEp3ZHovTStO?= =?utf-8?Q?rrHeR+xtlxL2TyBUggGSuWk=3D?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR02MB0780;5:awyCnITITRKLy30Ms95aiPzUxcdjmkLNUxT+Q090ldql9WvytnslP79GnnYiasqmBzG+2cow7q6vEHPvlB0ox1vllhqjbzPwDD5U7YUPwHMlYntcnT7qKg9PIltYgc9q5+YQp7f690Ty43wdwQLT9A==;24:dH3vg48+4n8VOQOwP0p6MAkibP8O+Cb8CWdWomU1NivIfKxdwbkbv1uvBHGLFe1z6u9fYZZZ6jtjJAYGNKR5BgWXnIAgcdviu01hdKOi3TY=;20:PXXvmJ7YSfoKAqGmtesqDSUtuX9tWfTGH0vyPh4yD0JzFGAleaYIHPGoELY0QjJ6w5CoXAO93jyaPEP+7bwlmg== SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: ezchip.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2015 17:57:24.2167 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR02MB0780 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/29/2015 01:46 PM, Andy Lutomirski wrote: > On Tue, Sep 29, 2015 at 10:35 AM, Chris Metcalf wrote: >> Well, the most interesting category is things that don't actually >> trigger a signal (e.g. minor page fault) since those are things that >> cause significant issues with task isolation processes >> (kernel-induced jitter) but aren't otherwise user-visible, >> much like an undiscovered syscall in a third-party library >> can cause unexpected jitter. > Would it make sense to exempt the exceptions that result in signals? > After all, those are detectable even without your patches. Going > through all of the exception types: > > divide_error, overflow, invalid_op, coprocessor_segment_overrun, > invalid_TSS, segment_not_present, stack_segment, alignment_check: > these all send signals anyway. > > double_fault is fatal. > > bounds: MPX faults can be silently fixed up, and those will need > notification. (Or user code should know not to do that, since it > requires an explicit opt in, and user code can flip it back off to get > the signals.) > > general_protection: always signals except in vm86 mode. > > int3: silently fixed if uprobes are in use, but I don't think > isolation cares about that. Otherwise signals. > > debug: The perf hw_breakpoint can result in silent fixups, but those > require explicit opt-in from the admin. Otherwise, unless there's a > bug or a debugger, the user will get a signal. (As a practical > matter, the only interesting case is the undocumented ICEBP > instruction.) > > math_error, simd_coprocessor_error: Sends a signal. > > spurious_interrupt_bug: Irrelevant on any modern CPU AFAIK. We should > just WARN if this hits. > > device_not_available: If you're using isolation without an FPU, you > have bigger problems. > > page_fault: Needs notification. > > NMI, MCE: arguably these should *not* notify or at least not fatally. > > So maybe a better approach would be to explicitly notify for the > relevant entries: IRQs, non-signalling page faults, and non-signalling > MPX fixups. Other arches would have their own lists, but they're > probably also short except for emulated instructions. IRQs should get notified via the task_isolation_debug boot flag; the intent is that they should never get delivered to nohz_full cores anyway, so we produce a console backtrace if the boot flag is enabled. This isn't tied to having a task running with TASK_ISOLATION enabled, since it just shouldn't ever happen. Thanks for reviewing the possible exception sources on x86, which I'm less familiar with than tile. Non-signalling page faults and MPX fixups sounds exactly right - and I didn't know about MPX before your email (other than the userspace side of the notion of bounds registers), so thanks for the pointer. -- Chris Metcalf, EZChip Semiconductor http://www.ezchip.com