Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp122203imj; Wed, 13 Feb 2019 05:46:23 -0800 (PST) X-Google-Smtp-Source: AHgI3IadphYMVznTEHiOISvKM3DwURW7OH2f5w48L8DetDygA1fXTtHH5hguiOocR8iQQUty+49g X-Received: by 2002:a17:902:be10:: with SMTP id r16mr629769pls.304.1550065583242; Wed, 13 Feb 2019 05:46:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550065583; cv=none; d=google.com; s=arc-20160816; b=dbNGx/NuRLQfc/paLaCRId3C8OtMHVKvhrIUC5/uuyTEVxYqNqVlqJG1zXmtJuuk+6 UYdITYO2D1UjvaGSySGdhp1oDKBalBE+hPDVRumxnFY2mcuQ7Y/I7tDwbA2keEOjVfYm NSJLGgKYBtvk381GAR/dZIZ6yarp0zvqdeDrMP0Uo5tMBEN54srlf+wdJIItb7rEoF2q sivJpSa38VRPyUerYUQKRRJd33XYJ2CATPRAwYAuo+ZNuY7LdXJeNU4Z9d7KKVGKOa6y HKP5MaHAaf1QSRYMFSG0GOKZXhuUA0Gwx6d8QjOPiAeN7+Bp5mX1PnuazXMTKY/5C3SF 3ARw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=Zsi8qs7od4WOuy/IBRXqyTS499wOoRT8PO8cl2ZvjSQ=; b=zXqHf4EFB6HxNSXErC+vsTshsx4hJrnNN8aJgJ7/d4VRGE37xXx6jRoEq5/4gD8Bvq /xUsC0zBn9NhrpzGTl2Aycwqzmrx8QGTELjC1EqQBiO3r84t1nUSL17lFP3Q79y7Fty3 m3rh0L04Bkw4s4VdyFq+O5M2gqFjoNfQ1vkiFWd4p+HDxSs6Ih7uIdnnVw2Ne5+n8PSS iheqYcdouVt7V2/JiBPkbphWhPhrORgEZsz0gah230HMDQPuY21+Qz7sxTxhN0L+1UCi OQ1wBL4vR4P0AooLJ0kCGfZXgNl55oQP5saRjpfPdVO0WkPWlY6pardYk7a1rwguywrL CjRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y17si768648pgh.353.2019.02.13.05.46.06; Wed, 13 Feb 2019 05:46:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391535AbfBMKu2 (ORCPT + 99 others); Wed, 13 Feb 2019 05:50:28 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:51324 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731311AbfBMKu2 (ORCPT ); Wed, 13 Feb 2019 05:50:28 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8F295A78; Wed, 13 Feb 2019 02:50:27 -0800 (PST) Received: from [10.1.197.45] (e112298-lin.cambridge.arm.com [10.1.197.45]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 45F683F575; Wed, 13 Feb 2019 02:50:24 -0800 (PST) Subject: Re: [PATCH v3 3/4] uaccess: Check no rescheduling function is called in unsafe region To: Peter Zijlstra Cc: Ingo Molnar , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, mingo@redhat.com, catalin.marinas@arm.com, will.deacon@arm.com, james.morse@arm.com, hpa@zytor.com, valentin.schneider@arm.com References: <1547560709-56207-1-git-send-email-julien.thierry@arm.com> <1547560709-56207-4-git-send-email-julien.thierry@arm.com> <20190211134527.GA121589@gmail.com> <20190211135159.GC32511@hirez.programming.kicks-ass.net> <20190213103553.GO32494@hirez.programming.kicks-ass.net> From: Julien Thierry Message-ID: <1c2429a4-9df9-40a3-98e0-51577de4bd6a@arm.com> Date: Wed, 13 Feb 2019 10:50:21 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <20190213103553.GO32494@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13/02/2019 10:35, Peter Zijlstra wrote: > On Tue, Feb 12, 2019 at 09:15:13AM +0000, Julien Thierry wrote: > >>>>> diff --git a/kernel/sched/core.c b/kernel/sched/core.c >>>>> index a674c7db..b1bb7e9 100644 >>>>> --- a/kernel/sched/core.c >>>>> +++ b/kernel/sched/core.c >>>>> @@ -3289,6 +3289,14 @@ static inline void schedule_debug(struct task_struct *prev) >>>>> __schedule_bug(prev); >>>>> preempt_count_set(PREEMPT_DISABLED); >>>>> } >>>>> + >>>>> + if (IS_ENABLED(CONFIG_DEBUG_UACCESS_SLEEP) && >>>>> + unlikely(unsafe_user_region_active())) { >>>>> + printk(KERN_ERR "BUG: scheduling while user_access enabled: %s/%d/0x%08x\n", >>>>> + prev->comm, prev->pid, preempt_count()); >>>>> + dump_stack(); >>>>> + } >>>>> + >>>>> rcu_sleep_check(); >>>>> >>>>> profile_hit(SCHED_PROFILING, __builtin_return_address(0)); > >> I guess I'll drop the might_resched() part of this patch if that sounds >> alright. > > I'm still confused by the schedule_debug() part. How is that not broken? Hmmm, I am not exactly sure which part you expect to be broken, I guess it's because of the nature of the uaccess unsafe accessor usage. Basically, the following is a definite no: if (user_access_begin(ptr, size)) { [...] //something that calls schedule [...] user_access_end(); } However the following is fine: - user_access_begin(ptr, size) - taking irq/exception - get preempted - get resumed at some point in time - restore state + eret - user_access_end() That's because exceptions/irq implicitly "suspend" the user access region. (That's what I'm trying to clarify with the comment) So, unsafe_user_region_active() should return false in a irq/exception context. Is this what you were concerned about? Or there still something that might be broken? Thanks, -- Julien Thierry