Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1904486imm; Sat, 23 Jun 2018 05:19:27 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI5MrWRZNHpIaBEmC/Rh1mjADooY8Azo0WBvIh+HXRL/cKsGRxPJU6vPB3Ch1YFvKTb0RD0 X-Received: by 2002:a62:e70e:: with SMTP id s14-v6mr5709727pfh.131.1529756367268; Sat, 23 Jun 2018 05:19:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529756367; cv=none; d=google.com; s=arc-20160816; b=AQYPoL2ewvp/g+g3u1Vs/fQ+UoV8SYKNT0gW3YfRatCjd5rfRyZBQ83OguiMkZmLet dHRXCsFr76kutgiJZ+3SGndruCpF0Clrf0GpSlIdG8nEDldANASe5c0VNCQuinWjnRmQ 2fGcmdnxukzh3iYnS8JJS2i8WAc1IldswIhi8DWjDI8UHH8xYNUuLsRUvtGpboz7+xgk Pid72ckY9m5GFmGso05+SD2FQ+4BGdkIPbq7aEv9QaH9LKq8Ou/QLS3NIXnZcLTWxkQb tvTKYFZWPGbP0Ibi7evfygcbqWzbODF1cDb/4hLjC7hVcWiMpeubQlDFnTQ22B+tW5RQ 8amg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:mime-version:robot-unsubscribe:robot-id :git-commit-id:subject:to:references:in-reply-to:reply-to:cc :message-id:from:date:arc-authentication-results; bh=hEvcM3Mhqt4NLRSLIwp9dqVo5Y7UxhPp8Q0h/e/FKb8=; b=qxHE5VRZTz4cfwiZj8vsbbAVDH3j9nWZ9P7FPjCF3cGEBTxnjnQaYFwcvNcRJEZRwK xI5KwWdkPdrh7+OgsJycRM9x3tk4teNRxn5syR5b4t2BZFWW7yfEEyGRrGTrMxIfkm7J u+hN9GxPEvkVVMFpi4wK+ntU44WI+cvPgg39ALCltGBBUZ0YtVLRe5f5hlF7k3KXYO73 r3JWBxfR16c1wctCnfPh+HbAJvSymELWtSuht+PhZ7zwEOK4Y+6gLMyHAVioqix1a0je mfEIyvRLg2Aytdh99oSYnurVEDSPMCI6XhnmGVv1/ZALwXHKJ51f4qagbAoWgvQSLaIU HK6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b65-v6si9649338pfj.2.2018.06.23.05.19.12; Sat, 23 Jun 2018 05:19:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751945AbeFWMSe (ORCPT + 99 others); Sat, 23 Jun 2018 08:18:34 -0400 Received: from terminus.zytor.com ([198.137.202.136]:46163 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751640AbeFWMSd (ORCPT ); Sat, 23 Jun 2018 08:18:33 -0400 Received: from terminus.zytor.com (localhost [127.0.0.1]) by terminus.zytor.com (8.15.2/8.15.2) with ESMTPS id w5NCISP2464787 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 23 Jun 2018 05:18:28 -0700 Received: (from tipbot@localhost) by terminus.zytor.com (8.15.2/8.15.2/Submit) id w5NCIRJO464784; Sat, 23 Jun 2018 05:18:27 -0700 Date: Sat, 23 Jun 2018 05:18:27 -0700 X-Authentication-Warning: terminus.zytor.com: tipbot set sender to tipbot@zytor.com using -f From: tip-bot for Reinette Chatre Message-ID: Cc: hpa@zytor.com, tglx@linutronix.de, mingo@kernel.org, linux-kernel@vger.kernel.org, reinette.chatre@intel.com Reply-To: tglx@linutronix.de, hpa@zytor.com, mingo@kernel.org, reinette.chatre@intel.com, linux-kernel@vger.kernel.org In-Reply-To: References: To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/cache] x86/intel_rdt: Utilities to restrict/restore access to specific files Git-Commit-ID: 2a5d76a4fc6469ea9dd6f02fcd4dad3a129bc1c0 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, DATE_IN_FUTURE_96_Q autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on terminus.zytor.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: 2a5d76a4fc6469ea9dd6f02fcd4dad3a129bc1c0 Gitweb: https://git.kernel.org/tip/2a5d76a4fc6469ea9dd6f02fcd4dad3a129bc1c0 Author: Reinette Chatre AuthorDate: Fri, 22 Jun 2018 15:42:13 -0700 Committer: Thomas Gleixner CommitDate: Sat, 23 Jun 2018 13:03:46 +0200 x86/intel_rdt: Utilities to restrict/restore access to specific files In support of Cache Pseudo-Locking we need to restrict access to specific resctrl files to protect the state of a resource group used for pseudo-locking from being changed in unsupported ways. Introduce two utilities that can be used to either restrict or restore the access to all files irrelevant to cache pseudo-locking when pseudo-locking in progress for the resource group. At this time introduce a new source file, intel_rdt_pseudo_lock.c, that will contain most of the code related to cache pseudo-locking. Temporarily mark these new functions as unused to silence compile warnings until they are used. Signed-off-by: Reinette Chatre Signed-off-by: Thomas Gleixner Cc: fenghua.yu@intel.com Cc: tony.luck@intel.com Cc: vikas.shivappa@linux.intel.com Cc: gavin.hindman@intel.com Cc: jithu.joseph@intel.com Cc: dave.hansen@intel.com Cc: hpa@zytor.com Link: https://lkml.kernel.org/r/ab6319d1244366be3f9b7f9fba1c3da4810a274b.1529706536.git.reinette.chatre@intel.com --- arch/x86/kernel/cpu/Makefile | 3 +- arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c | 113 ++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile index 7a40196967cb..c4e02555563a 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -35,7 +35,8 @@ obj-$(CONFIG_CPU_SUP_CENTAUR) += centaur.o obj-$(CONFIG_CPU_SUP_TRANSMETA_32) += transmeta.o obj-$(CONFIG_CPU_SUP_UMC_32) += umc.o -obj-$(CONFIG_INTEL_RDT) += intel_rdt.o intel_rdt_rdtgroup.o intel_rdt_monitor.o intel_rdt_ctrlmondata.o +obj-$(CONFIG_INTEL_RDT) += intel_rdt.o intel_rdt_rdtgroup.o intel_rdt_monitor.o +obj-$(CONFIG_INTEL_RDT) += intel_rdt_ctrlmondata.o intel_rdt_pseudo_lock.o obj-$(CONFIG_X86_MCE) += mcheck/ obj-$(CONFIG_MTRR) += mtrr/ diff --git a/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c new file mode 100644 index 000000000000..dc79b3090ac5 --- /dev/null +++ b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Resource Director Technology (RDT) + * + * Pseudo-locking support built on top of Cache Allocation Technology (CAT) + * + * Copyright (C) 2018 Intel Corporation + * + * Author: Reinette Chatre + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include "intel_rdt.h" + +/** + * rdtgroup_locksetup_user_restrict - Restrict user access to group + * @rdtgrp: resource group needing access restricted + * + * A resource group used for cache pseudo-locking cannot have cpus or tasks + * assigned to it. This is communicated to the user by restricting access + * to all the files that can be used to make such changes. + * + * Permissions restored with rdtgroup_locksetup_user_restore() + * + * Return: 0 on success, <0 on failure. If a failure occurs during the + * restriction of access an attempt will be made to restore permissions but + * the state of the mode of these files will be uncertain when a failure + * occurs. + */ +static int __attribute__ ((unused)) +rdtgroup_locksetup_user_restrict(struct rdtgroup *rdtgrp) +{ + int ret; + + ret = rdtgroup_kn_mode_restrict(rdtgrp, "tasks"); + if (ret) + return ret; + + ret = rdtgroup_kn_mode_restrict(rdtgrp, "cpus"); + if (ret) + goto err_tasks; + + ret = rdtgroup_kn_mode_restrict(rdtgrp, "cpus_list"); + if (ret) + goto err_cpus; + + if (rdt_mon_capable) { + ret = rdtgroup_kn_mode_restrict(rdtgrp, "mon_groups"); + if (ret) + goto err_cpus_list; + } + + ret = 0; + goto out; + +err_cpus_list: + rdtgroup_kn_mode_restore(rdtgrp, "cpus_list"); +err_cpus: + rdtgroup_kn_mode_restore(rdtgrp, "cpus"); +err_tasks: + rdtgroup_kn_mode_restore(rdtgrp, "tasks"); +out: + return ret; +} + +/** + * rdtgroup_locksetup_user_restore - Restore user access to group + * @rdtgrp: resource group needing access restored + * + * Restore all file access previously removed using + * rdtgroup_locksetup_user_restrict() + * + * Return: 0 on success, <0 on failure. If a failure occurs during the + * restoration of access an attempt will be made to restrict permissions + * again but the state of the mode of these files will be uncertain when + * a failure occurs. + */ +static int __attribute__ ((unused)) +rdtgroup_locksetup_user_restore(struct rdtgroup *rdtgrp) +{ + int ret; + + ret = rdtgroup_kn_mode_restore(rdtgrp, "tasks"); + if (ret) + return ret; + + ret = rdtgroup_kn_mode_restore(rdtgrp, "cpus"); + if (ret) + goto err_tasks; + + ret = rdtgroup_kn_mode_restore(rdtgrp, "cpus_list"); + if (ret) + goto err_cpus; + + if (rdt_mon_capable) { + ret = rdtgroup_kn_mode_restore(rdtgrp, "mon_groups"); + if (ret) + goto err_cpus_list; + } + + ret = 0; + goto out; + +err_cpus_list: + rdtgroup_kn_mode_restrict(rdtgrp, "cpus_list"); +err_cpus: + rdtgroup_kn_mode_restrict(rdtgrp, "cpus"); +err_tasks: + rdtgroup_kn_mode_restrict(rdtgrp, "tasks"); +out: + return ret; +}