Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755602AbcCBUKk (ORCPT ); Wed, 2 Mar 2016 15:10:40 -0500 Received: from mail-db3on0100.outbound.protection.outlook.com ([157.55.234.100]:2163 "EHLO emea01-db3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755032AbcCBUKf (ORCPT ); Wed, 2 Mar 2016 15:10:35 -0500 Authentication-Results: spf=fail (sender IP is 12.216.194.146) smtp.mailfrom=ezchip.com; ezchip.com; dkim=none (message not signed) header.d=none;ezchip.com; dmarc=none action=none header.from=ezchip.com; From: Chris Metcalf To: Gilad Ben Yossef , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Andrew Morton , "Rik van Riel" , Tejun Heo , Frederic Weisbecker , Thomas Gleixner , "Paul E. McKenney" , Christoph Lameter , Viresh Kumar , Catalin Marinas , Will Deacon , Andy Lutomirski , "H. Peter Anvin" , , CC: Chris Metcalf Subject: [PATCH v10 09/12] arch/x86: enable task isolation functionality Date: Wed, 2 Mar 2016 15:09:33 -0500 Message-ID: <1456949376-4910-10-git-send-email-cmetcalf@ezchip.com> X-Mailer: git-send-email 2.1.2 In-Reply-To: <1456949376-4910-1-git-send-email-cmetcalf@ezchip.com> References: <1456949376-4910-1-git-send-email-cmetcalf@ezchip.com> X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1;AM1FFO11OLC012;1:YQvhYkHYZlolka5hHlFCRc1zYTGLAN0xnAHbCLvCMDLsRNoMw3sUCYs4Q9b6MN3I3JwPVBELNFKcvoCpY8/K0yxUVx2+f0Qlbt+WBnRY+iDMovWNAXT0Su8us1X95v3qxS1pp335ubk+1dc1O/dTM/1gG+OKIHyS+n8pX1Z+yZS0V2i2XRFiIGeCQECCXm5dyjMibh1RmS69LfCJvCDw2wJWR3ivHCdzHXC2qhArBS9mxOUxfwMNioVdCAeVhfeGSa0F+g6exLtAZqeCkV53pOlfFmlbrGrsbu47xFmO7FHas2HP0MUfDahXM5zqN6oh1TkRClGvpAGOZRAUd7axsmC/yMtPfAN3jVzL36/UwkCuRs7+UAOWQWACzLrUiTPQzfojGL1vdablr3uf6T2Sgx8YFyNOPyW/3A+RVEXhToaOwx9s9og1f2Yrnqco0hEGRGBGTd807NJVwzi+nHZnyoztu7+KJ+T/zvx933m0XIQ= X-Forefront-Antispam-Report: CIP:12.216.194.146;CTRY:US;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(2980300002)(1109001)(339900001)(199003)(189002)(105606002)(19580405001)(4001430100002)(36756003)(85426001)(50226001)(6806005)(107886002)(11100500001)(2950100001)(19580395003)(106466001)(2906002)(104016004)(50466002)(42186005)(4326007)(87936001)(47776003)(81156012)(5003940100001)(2201001)(5001970100001)(33646002)(229853001)(586003)(48376002)(1220700001)(5001770100001)(1096002)(189998001)(50986999)(5008740100001)(92566002)(76176999)(921003)(42882005)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR05MB1689;H:ld-1.internal.tilera.com;FPR:;SPF:Fail;MLV:sfv;A:1;MX:1;LANG:en; MIME-Version: 1.0 Content-Type: text/plain X-Microsoft-Exchange-Diagnostics: 1;HE1PR05MB1689;2:17fl4lJ8P9PqL6KYI7ZybJNKAFwZ17b36MhEHfCMJjpVfUeOp70wczJYSJ4BNxXxbCkATnEGPek1xbk2jZdixmgzBLbnNjG4eid7z4fJqoExHtIDYM3mhHGT3eOqJWICoUZn/wT23o+5XhJSyfKc+w==;3:k0fSApDowWA4Vrto75Le9otQVe/H1TVIB/OBXVm6reRCNguDS5heiR+T4KEK4j93THUI4vUdUoUOmjHawWPXxysvhLWsUGRt3FmV9b2ImGqR07AqhAr+5jbNiqDCf1m7AuqcMKOqHN19XaQ3vlAy2ZcXyhqLwc1v/RMViAkZrVeeRDQN3r2TK4PdrZ+30sZ0CMoH+15eE+YVFVzlGGKty65+8kfDTENIbprxz6mBvug=;25:oOeUur9wFf9bkUIA6gOnH6k/xnQ7h2Tv7K44nyMG3YAF/FDlv/xieDMx5xFhSNPUcfxKk3ZmXpi/Hbh6JaXnYQAu6O/K9XUJ04HVLgs6kUHRFEJ0rOTTmqphJUZ5EFlQC/GKus9CVRyW7Cyvey7z/uJSmM59Ozzys6kre0AYVsGBWQkAamMqX3Bg/2rvqOD6LW8XP6im9AjwFTkTv//GtVuqL+0mAH5GGQnmpXE4Vu3f8QJsC7UPf0q1vobHQz4yN/9yJ3df1G/YvEgkvq5zBvHC9klZ2jigcTHak3wrqKIxOEqVJBtiQrwnO8j86YocUw2sngeQ95rarSavtyqOZA== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR05MB1689; X-MS-Office365-Filtering-Correlation-Id: 1e4a74fe-627f-4ed9-bbf6-08d342d6b41f X-MLNXRule-EZCH-Linux: Rule triggered X-MLNXRule-Acc-Dom-4: Rule triggered X-Microsoft-Exchange-Diagnostics: 1;HE1PR05MB1689;20:OOxkv7pYyR1kJRliClKO5dA21waRoqLL7AVS5wi4NSnglA4roCz6fHWUABsjjI4W0NN+KDsvIecZ48YM2d+Hly40rgRLFEkW+HYE/2sY/815WB4Z1LJIaKKVWbmizjUwAGgV5SwTXO+6p6DT0HEDY1YQMAmReSaffgAeWMiZdJz/lOxUKsIc+vILDnNumqwM7CxWR/m6nZC7nWp6gdQ78Bia+/YM2PNdmw19fcsm1fDFO+oksC0saxCXuQFbE9XpsyXt7aI9IxrZqVMaJpwpa0YFg2ggIVFG+MwY2UowrXRDLy+krBQaOrSjRry0wOarHv2fLaV4Sucwc9AYMTj1rynryycdycTMqzUjcl6dAgxeU/YVezmYQjlkwUhn5xx4UOEBH+z5Gzz2Tc68KWE65SpvpOJ3jIAiMkmAtLx+xg612uwBAdSGnNbsn1N88dPJU9tDPRFK/BHGWRDDdGxe4TNiLLUu9sySjN0CdBqKk8C9rPsCOp1wZqi3aJF793IJqyY+FdEt2nfQ/cNNSaArJ3JeB7mkueBq8EHgRUyPyn0Lt2cCmJcA6CCFWSgp82S5SFaXe2tkU2XGqLJZT1FzI7R4lGJ5zhBGBX27yoEUHB8= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(13024025)(5005006)(13018025)(8121501046)(13015025)(13017025)(13023025)(10201501046)(3002001);SRVR:HE1PR05MB1689;BCL:0;PCL:0;RULEID:;SRVR:HE1PR05MB1689; X-Microsoft-Exchange-Diagnostics: 1;HE1PR05MB1689;4:a1NA32GkH6G5JKELSpBW377PC1kcONhuTl6uei2blWUCYe584ZLHF7joUa6ccR1BpKQAYI/CT6BPhFbli9r4wTvtYTTGtkOsyCg7+ie/kS7QnGMStXE5e8FljpYDuERp/gfArVJqsi3rbl5g3WI/sF1pqSJ1kuaCMXgvFCVDE/p/u3xaFcvdSX9PiShp+L2mdFek5rjXfO1XS4raVG4Lln8afNPqSWd31VJsEkKpy/CgkQUKlJH04gVJN5hb00IwPxgFCfiMqLucRprVbUUqNv8OY0CuyYem2CPCd5YJ+9FQy8h0qKGxgTnhPow+AAbmdnAqtIoliK0bgCNUiED755JwIjzMBi2Xb45RGEVxARfcXCWAhZUTdERbtFl+LcHWFQndOC7ErcrvD3gfkNTLt3skANq8MYYT3URTZogGy5hSIJobjMsyGAoC2xkr8dXffEOp3TLEiTrV1P7zXU/55w== X-Forefront-PRVS: 086943A159 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;HE1PR05MB1689;23:fE0bKuPYOpZlZgU9gEoqxh/3BDOX5dJm433K55fY3?= =?us-ascii?Q?MlHxliJp8GuKCxr3+sjHw0lnJNdt4JMlv3N7IzrZwQs87BUjosSFihJsv3OQ?= =?us-ascii?Q?w9Y2Q4Di6S/dmeMyUE2KxtQiQe9V42n9cP5RML4DU+PzN65K3TiT9lIJz2hl?= =?us-ascii?Q?95Y4lgd4SKPHJc7ODpEzt+kMseujszIn6BHH1PTbLIEyPOlP6tDXEaSmQxR/?= =?us-ascii?Q?tw4W3juU9GZ2rZ4zfNEbZbPyX7D3wx9UDaaVLt34rvjE61bbeKbcfr1AjR5V?= =?us-ascii?Q?yv7ETgWy2jvafig9+d0vY+IA1UxTCnTc/wcXTyzc60pGbNiJyHOhdevwsozs?= =?us-ascii?Q?bASMhNUd4oKIs2XYLJXTSlBR3VgcBak5kdaG2AjmlAq3LzbXOLW9joKAYrjm?= =?us-ascii?Q?cH5EcqhIYpnKSIb6IHWIdcW1i/GK+D3xPxvUYyGq+UVaKfffoPn5UJI0F0qn?= =?us-ascii?Q?TGF1MNGOL4qSpoEGsC0lcky9BD82b9v2utNlZAczf6OhVvqcFyu9Jz0BJo6R?= =?us-ascii?Q?Nk+Mqf8xiYaZS0kv08w7+vBqoX4DKi5O3WiWxS9raRtWRMn1gnOx6rHe3SBC?= =?us-ascii?Q?3m24u2A55YQXkXjIuFoC3iq44AlxSZds5oi6R7u4fYHPOT9zpKeoD06ZySpj?= =?us-ascii?Q?U3qH+1KhqfisQwWf1s6X819DjNVH4sFLL3lP2euqMpXxa/tKruU+6ipIFzuZ?= =?us-ascii?Q?DllPbhiPqvUtE9qUw6iLZruY0/L7ek7CybQpqb8g+PCq7JV27+Fs4/NOSVFz?= =?us-ascii?Q?SSoJ67liLmP9Z0ywrX/yZLyvsOIQcAP78Zm6ggoYZv60IJRmsMT7GK2rLyAl?= =?us-ascii?Q?LopjM4hC5UvvJkQUrTY+s6C5c5Pg6u6aC0MGfuhwOQOfq6zvi1P81Zmqo6WC?= =?us-ascii?Q?Le0Q4rXOOr3dokFI+dx5ZxEJBj/VnFjLjfEFQ4AqYleZlFJSEfuzkn6RxwKV?= =?us-ascii?Q?bIS1PifgSZoTJGPqEKRfKDKTnb/hW9LqyATs/oYEWL83sUonTynHBjBhcRuK?= =?us-ascii?Q?K+V6JRE2x23cA5osbv8xzPvD9OcXCJx7NscbmBZyUafYcU+/sDbMfUZYz/DA?= =?us-ascii?Q?Fmp1geS1ZRXVB8y2dDv++30K3jxPRn6haAUpIqyDFIG/LNEJ2e1LqWZlDZki?= =?us-ascii?Q?fbJG4CrVaKaAzHq5FFkF+2TzNjRYvH9oWO5eJYVh6BcdeoLhR+Dvg=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR05MB1689;5:ziWJouijC+OzH05DBuTvMEMgMEpDUvy6H0MW86HD9k2jRkfvrRuHNcxKJxUoPh7DosfooGGz3fp7js13L5f0VQ6e2t8wnNZyeNpXYDTeeBQSifkx8CiRo+o9taJvzfE6nAAbTXs9m+PYXBV2c6Ou8A==;24:MfiRGn4o1Y02JHesa9XBbTqKk7WiwJWNQmuaHq6OB2Id+aCvIrSgngsGpwG2hle5sGpbFB/CczvWX1Fp/YyKZiuyvBxrO2YDq9fzvswtCo0= X-OriginatorOrg: ezchip.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2016 20:10:29.7573 (UTC) X-MS-Exchange-CrossTenant-Id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a652971c-7d2e-4d9b-a6a4-d149256f461b;Ip=[12.216.194.146];Helo=[ld-1.internal.tilera.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR05MB1689 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3939 Lines: 120 In prepare_exit_to_usermode(), call task_isolation_ready() when we are checking the thread-info flags, and after we've handled the other work, call task_isolation_enter() unconditionally. In syscall_trace_enter_phase1(), we add the necessary support for strict-mode detection of syscalls. We add strict reporting for the kernel exception types that do not result in signals, namely non-signalling page faults and non-signalling MPX fixups. Signed-off-by: Chris Metcalf --- arch/x86/entry/common.c | 18 ++++++++++++++++-- arch/x86/kernel/traps.c | 2 ++ arch/x86/mm/fault.c | 2 ++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index 03663740c866..27c71165416b 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -91,6 +92,10 @@ unsigned long syscall_trace_enter_phase1(struct pt_regs *regs, u32 arch) */ if (work & _TIF_NOHZ) { enter_from_user_mode(); + if (task_isolation_check_syscall(regs->orig_ax)) { + regs->orig_ax = -1; + return 0; + } work &= ~_TIF_NOHZ; } #endif @@ -254,17 +259,26 @@ static void exit_to_usermode_loop(struct pt_regs *regs, u32 cached_flags) if (cached_flags & _TIF_USER_RETURN_NOTIFY) fire_user_return_notifiers(); + task_isolation_enter(); + /* Disable IRQs and retry */ local_irq_disable(); cached_flags = READ_ONCE(pt_regs_to_thread_info(regs)->flags); - if (!(cached_flags & EXIT_TO_USERMODE_LOOP_FLAGS)) + if (!(cached_flags & EXIT_TO_USERMODE_LOOP_FLAGS) && + task_isolation_ready()) break; } } +#ifdef CONFIG_TASK_ISOLATION +# define EXIT_TO_USERMODE_FLAGS (EXIT_TO_USERMODE_LOOP_FLAGS | _TIF_NOHZ) +#else +# define EXIT_TO_USERMODE_FLAGS EXIT_TO_USERMODE_LOOP_FLAGS +#endif + /* Called with IRQs disabled. */ __visible inline void prepare_exit_to_usermode(struct pt_regs *regs) { @@ -278,7 +292,7 @@ __visible inline void prepare_exit_to_usermode(struct pt_regs *regs) cached_flags = READ_ONCE(pt_regs_to_thread_info(regs)->flags); - if (unlikely(cached_flags & EXIT_TO_USERMODE_LOOP_FLAGS)) + if (unlikely(cached_flags & EXIT_TO_USERMODE_FLAGS)) exit_to_usermode_loop(regs, cached_flags); user_enter(); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index ade185a46b1d..82bf53ec1e98 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -36,6 +36,7 @@ #include #include #include +#include #ifdef CONFIG_EISA #include @@ -398,6 +399,7 @@ dotraplinkage void do_bounds(struct pt_regs *regs, long error_code) case 2: /* Bound directory has invalid entry. */ if (mpx_handle_bd_fault()) goto exit_trap; + task_isolation_check_exception("bounds check"); break; /* Success, it was handled */ case 1: /* Bound violation. */ info = mpx_generate_siginfo(regs); diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index e830c71a1323..e2b42bc79d81 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -14,6 +14,7 @@ #include /* prefetchw */ #include /* exception_enter(), ... */ #include /* faulthandler_disabled() */ +#include /* task_isolation_check_exception */ #include /* dotraplinkage, ... */ #include /* pgd_*(), ... */ @@ -1155,6 +1156,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, local_irq_enable(); error_code |= PF_USER; flags |= FAULT_FLAG_USER; + task_isolation_check_exception("page fault at %#lx", address); } else { if (regs->flags & X86_EFLAGS_IF) local_irq_enable(); -- 2.1.2