Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1438772ybb; Thu, 2 Apr 2020 00:22:22 -0700 (PDT) X-Google-Smtp-Source: APiQypL2Wi2c6a65RcpJ4VY7MDihoAgVxuaUMQSs4q9a3Bh0/B1+IhFvUPnpGAwoh/cxgz7rrKYQ X-Received: by 2002:aca:f07:: with SMTP id 7mr1224245oip.68.1585812142367; Thu, 02 Apr 2020 00:22:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585812142; cv=none; d=google.com; s=arc-20160816; b=eZpPPDJfoA0ayK/4xXVnZHF6OFSWRHatLN1zq2onhIOVzoOjJtuywodS3oRB71f15M S9CoUbyK7nImg1VSM8PnBeoy0rSfUYgs0x2Cjp9Hj/YMTVCYYhnAW/sh1RJ2vAOeOGrX O190TpTJH09aHC4MwIIfaRSmSH/okMMHul1OpKjvDDavvh9sEfStTxzR1AnvmpvN+I6u +uWLVZK7qcIZlthECmNYlgwEXtLDhkRyYXHmVwSAYa4h8wuIJus9rySWc/bn9bziMSV3 1DouOtfR50woYtb6fXxf6zJ7I+fnNi6UIM9vzWomMXaQL8aeQMq6qQdcrKenIh/YC1sQ 0QEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:cc:to:from:subject; bh=m8CEXy8B1DNnBLXzy7MtPNgeCI84StaCCqB/z3M0N/I=; b=lOPFvkrYgaJX4KzuXmZZGg3pfd5R7T/97RtcKnS4cIJWe0SvaN8D0h34axZGASkJo4 B5xdjAmD35Hos2uHOQZhnkcVYhkhheB9ULVcKgPzSHKgPXeMwVcsn1BWzr6OWbu2QFix SUfEqdJKhlkAyKAZQZws11Q/enwS/eIQeZC/ICw9RJ0bTTm8m5G/epd++yr+w1QGoUVw 2R9tvicQ4L0/uc/hcd4tVHblbIP1WDE49QH7urxqFJyIHoIvf0UIVdHuNLHcZuhDx/B/ 0IlTJ9K+bNNLt8H9P8y77clSFdBSYzJ79B738iAeRjbKnWcRKzdpGzxqRppT6WupbkN3 Qosw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y5si1984136oiy.150.2020.04.02.00.22.10; Thu, 02 Apr 2020 00:22:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387580AbgDBHU6 (ORCPT + 99 others); Thu, 2 Apr 2020 03:20:58 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:49000 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728234AbgDBHU5 (ORCPT ); Thu, 2 Apr 2020 03:20:57 -0400 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03273S6C074188; Thu, 2 Apr 2020 03:20:29 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 303wry4xf9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Apr 2020 03:20:29 -0400 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 03273s9g076210; Thu, 2 Apr 2020 03:20:28 -0400 Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 303wry4xey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Apr 2020 03:20:28 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 0327HYkO030992; Thu, 2 Apr 2020 07:20:27 GMT Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by ppma02wdc.us.ibm.com with ESMTP id 301x7772kb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 02 Apr 2020 07:20:27 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0327KR3l53346634 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Apr 2020 07:20:27 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0A313AC05B; Thu, 2 Apr 2020 07:20:27 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DD95AAC05E; Thu, 2 Apr 2020 07:20:25 +0000 (GMT) Received: from [9.70.82.143] (unknown [9.70.82.143]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 2 Apr 2020 07:20:25 +0000 (GMT) Subject: [PATCH v10 14/14] powerpc: Use mm_context vas_windows counter to issue CP_ABORT From: Haren Myneni To: mpe@ellerman.id.au Cc: mikey@neuling.org, srikar@linux.vnet.ibm.com, frederic.barrat@fr.ibm.com, ajd@linux.ibm.com, linux-kernel@vger.kernel.org, npiggin@gmail.com, hch@infradead.org, oohall@gmail.com, clg@kaod.org, sukadev@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org, herbert@gondor.apana.org.au In-Reply-To: <1585810846.2275.23.camel@hbabu-laptop> References: <1585810846.2275.23.camel@hbabu-laptop> Content-Type: text/plain; charset="UTF-8" Date: Thu, 02 Apr 2020 00:20:24 -0700 Message-ID: <1585812024.2275.68.camel@hbabu-laptop> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676 definitions=2020-04-01_04:2020-03-31,2020-04-01 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1015 bulkscore=0 malwarescore=0 suspectscore=1 phishscore=0 priorityscore=1501 spamscore=0 adultscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004020063 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org set_thread_uses_vas() sets used_vas flag for a process that opened VAS window and issue CP_ABORT during context switch for only that process. In multi-thread application, windows can be shared. For example Thread A can open a window and Thread B can run COPY/PASTE instructions to send NX request which may cause corruption or snooping or a covert channel. Also once this flag is set, continue to run CP_ABORT even the VAS window is closed. So define vas-windows counter in process mm_context, increment this counter for each window open and decrement it for window close. If vas-windows is set, issue CP_ABORT during context switch. It means clear the foreign real address mapping only if the process / thread uses COPY/PASTE. Then disable it for that process if windows are not open. Signed-off-by: Haren Myneni Reported-by: Nicholas Piggin Suggested-by: Milton Miller Suggested-by: Nicholas Piggin --- arch/powerpc/include/asm/book3s/64/mmu.h | 3 +++ arch/powerpc/include/asm/mmu_context.h | 22 ++++++++++++++++++++++ arch/powerpc/include/asm/processor.h | 1 - arch/powerpc/kernel/process.c | 8 ++++++-- arch/powerpc/platforms/powernv/vas-window.c | 1 + 5 files changed, 32 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/mmu.h b/arch/powerpc/include/asm/book3s/64/mmu.h index bb3deb7..f0a9ff6 100644 --- a/arch/powerpc/include/asm/book3s/64/mmu.h +++ b/arch/powerpc/include/asm/book3s/64/mmu.h @@ -116,6 +116,9 @@ struct patb_entry { /* Number of users of the external (Nest) MMU */ atomic_t copros; + /* Number of user space windows opened in process mm_context */ + atomic_t vas_windows; + struct hash_mm_context *hash_context; unsigned long vdso_base; diff --git a/arch/powerpc/include/asm/mmu_context.h b/arch/powerpc/include/asm/mmu_context.h index 360367c..7fd249498 100644 --- a/arch/powerpc/include/asm/mmu_context.h +++ b/arch/powerpc/include/asm/mmu_context.h @@ -185,11 +185,33 @@ static inline void mm_context_remove_copro(struct mm_struct *mm) dec_mm_active_cpus(mm); } } + +/* + * vas_windows counter shows number of open windows in the mm + * context. During context switch, use this counter to clear the + * foreign real address mapping (CP_ABORT) for the thread / process + * that intend to use COPY/PASTE. When a process closes all windows, + * disable CP_ABORT which is expensive to run. + */ +static inline void mm_context_add_vas_windows(struct mm_struct *mm) +{ + atomic_inc(&mm->context.vas_windows); +} + +static inline void mm_context_remove_vas_windows(struct mm_struct *mm) +{ + int c = atomic_dec_if_positive(&mm->context.vas_windows); + + /* Detect imbalance between add and remove */ + WARN_ON(c < 0); +} #else static inline void inc_mm_active_cpus(struct mm_struct *mm) { } static inline void dec_mm_active_cpus(struct mm_struct *mm) { } static inline void mm_context_add_copro(struct mm_struct *mm) { } static inline void mm_context_remove_copro(struct mm_struct *mm) { } +static inline void mm_context_add_vas_windows(struct mm_struct *mm) { } +static inline void mm_context_remove_vas_windows(struct mm_struct *mm) { } #endif diff --git a/arch/powerpc/include/asm/processor.h b/arch/powerpc/include/asm/processor.h index eedcbfb..bfa336f 100644 --- a/arch/powerpc/include/asm/processor.h +++ b/arch/powerpc/include/asm/processor.h @@ -272,7 +272,6 @@ struct thread_struct { unsigned mmcr0; unsigned used_ebb; - unsigned int used_vas; #endif }; diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index fad50db..a3ecaf9 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -1221,7 +1221,8 @@ struct task_struct *__switch_to(struct task_struct *prev, * mappings, we must issue a cp_abort to clear any state and * prevent snooping, corruption or a covert channel. */ - if (current->thread.used_vas) + if (current->mm && + atomic_read(¤t->mm->context.vas_windows)) asm volatile(PPC_CP_ABORT); } #endif /* CONFIG_PPC_BOOK3S_64 */ @@ -1466,7 +1467,10 @@ int set_thread_uses_vas(void) if (!cpu_has_feature(CPU_FTR_ARCH_300)) return -EINVAL; - current->thread.used_vas = 1; + if (!current->mm) + return -EINVAL; + + mm_context_add_vas_windows(current->mm); /* * Even a process that has no foreign real address mapping can use diff --git a/arch/powerpc/platforms/powernv/vas-window.c b/arch/powerpc/platforms/powernv/vas-window.c index 3ffad5a..33dfbbf 100644 --- a/arch/powerpc/platforms/powernv/vas-window.c +++ b/arch/powerpc/platforms/powernv/vas-window.c @@ -1333,6 +1333,7 @@ int vas_win_close(struct vas_window *window) put_pid(window->pid); if (window->mm) { mm_context_remove_copro(window->mm); + mm_context_remove_vas_windows(window->mm); mmdrop(window->mm); } } -- 1.8.3.1