leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

powerpc: Use mm_context vas_windows counter to issue CP_ABORT

Browse Source 
set_thread_uses_vas() sets used_vas flag for a process that opened VAS
window and issue CP_ABORT during context switch for only that process.
In multi-thread application, windows can be shared. For example Thread
A can open a window and Thread B can run COPY/PASTE instructions to
send NX request which may cause corruption or snooping or a covert
channel Also once this flag is set, continue to run CP_ABORT even the
VAS window is closed.

So define vas-windows counter in process mm_context, increment this
counter for each window open and decrement it for window close. If
vas-windows is set, issue CP_ABORT during context switch. It means
clear the foreign real address mapping only if the process / thread
uses COPY/PASTE. Then disable it for that process if windows are not
open.

Moved set_thread_uses_vas() code to vas_tx_win_open() as this
functionality is needed only for userspace open windows. We are adding
VAS userspace support along with this fix. So no need to include this
fix in stable releases.

Fixes: 9d2a4d7133 ("powerpc: Define set_thread_uses_vas()")
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
Reported-by: Nicholas Piggin <npiggin@gmail.com>
Suggested-by: Milton Miller <miltonm@us.ibm.com>
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1587017291.2275.1077.camel@hbabu-laptop
This commit is contained in:
Haren Myneni
2020-04-15 23:08:11 -07:00
committed by Michael Ellerman
parent 1d955f9818
commit c420644c0a
6 changed files with 48 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
arch/powerpc/include/asm/book3s/64/mmu.h
View File

@@ -116,6 +116,9 @@ typedef struct {
/* Number of users of the external (Nest) MMU */ /* Number of users of the external (Nest) MMU */
atomic_t copros; atomic_t copros;
/* Number of user space windows opened in process mm_context */
atomic_t vas_windows;
struct hash_mm_context *hash_context; struct hash_mm_context *hash_context;
unsigned long vdso_base; unsigned long vdso_base;

30
arch/powerpc/include/asm/mmu_context.h
View File

@@ -185,11 +185,41 @@ static inline void mm_context_remove_copro(struct mm_struct *mm)
dec_mm_active_cpus(mm); dec_mm_active_cpus(mm);
} }
} }
/*
* vas_windows counter shows number of open windows in the mm
* context. During context switch, use this counter to clear the
* foreign real address mapping (CP_ABORT) for the thread / process
* that intend to use COPY/PASTE. When a process closes all windows,
* disable CP_ABORT which is expensive to run.
*
* For user context, register a copro so that TLBIs are seen by the
* nest MMU. mm_context_add/remove_vas_window() are used only for user
* space windows.
*/
static inline void mm_context_add_vas_window(struct mm_struct *mm)
{
atomic_inc(&mm->context.vas_windows);
mm_context_add_copro(mm);
}
static inline void mm_context_remove_vas_window(struct mm_struct *mm)
{
int v;
mm_context_remove_copro(mm);
v = atomic_dec_if_positive(&mm->context.vas_windows);
/* Detect imbalance between add and remove */
WARN_ON(v < 0);
}
#else #else
static inline void inc_mm_active_cpus(struct mm_struct *mm) { } static inline void inc_mm_active_cpus(struct mm_struct *mm) { }
static inline void dec_mm_active_cpus(struct mm_struct *mm) { } static inline void dec_mm_active_cpus(struct mm_struct *mm) { }
static inline void mm_context_add_copro(struct mm_struct *mm) { } static inline void mm_context_add_copro(struct mm_struct *mm) { }
static inline void mm_context_remove_copro(struct mm_struct *mm) { } static inline void mm_context_remove_copro(struct mm_struct *mm) { }
static inline void mm_context_add_vas_windows(struct mm_struct *mm) { }
static inline void mm_context_remove_vas_windows(struct mm_struct *mm) { }
#endif #endif

1
arch/powerpc/include/asm/processor.h
View File

@@ -272,7 +272,6 @@ struct thread_struct {
unsigned mmcr0; unsigned mmcr0;
unsigned used_ebb; unsigned used_ebb;
unsigned int used_vas;
#endif #endif
}; };

2
arch/powerpc/include/asm/switch_to.h
View File

@@ -102,8 +102,6 @@ static inline void clear_task_ebb(struct task_struct *t)
#endif #endif
} }
extern int set_thread_uses_vas(void);
extern int set_thread_tidr(struct task_struct *t); extern int set_thread_tidr(struct task_struct *t);
#endif /* _ASM_POWERPC_SWITCH_TO_H */ #endif /* _ASM_POWERPC_SWITCH_TO_H */

24
arch/powerpc/kernel/process.c
View File

@@ -1228,7 +1228,8 @@ struct task_struct *__switch_to(struct task_struct *prev,
* mappings, we must issue a cp_abort to clear any state and * mappings, we must issue a cp_abort to clear any state and
* prevent snooping, corruption or a covert channel. * prevent snooping, corruption or a covert channel.
*/ */
if (current->thread.used_vas) if (current->mm &&
atomic_read(&current->mm->context.vas_windows))
asm volatile(PPC_CP_ABORT); asm volatile(PPC_CP_ABORT);
} }
#endif /* CONFIG_PPC_BOOK3S_64 */ #endif /* CONFIG_PPC_BOOK3S_64 */
@@ -1467,27 +1468,6 @@ void arch_setup_new_exec(void)
} }
#endif #endif
int set_thread_uses_vas(void)
{
#ifdef CONFIG_PPC_BOOK3S_64
if (!cpu_has_feature(CPU_FTR_ARCH_300))
return -EINVAL;
current->thread.used_vas = 1;
/*
* Even a process that has no foreign real address mapping can use
* an unpaired COPY instruction (to no real effect). Issue CP_ABORT
* to clear any pending COPY and prevent a covert channel.
*
* __switch_to() will issue CP_ABORT on future context switches.
*/
asm volatile(PPC_CP_ABORT);
#endif /* CONFIG_PPC_BOOK3S_64 */
return 0;
}
#ifdef CONFIG_PPC64 #ifdef CONFIG_PPC64
/** /**
* Assign a TIDR (thread ID) for task @t and set it in the thread * Assign a TIDR (thread ID) for task @t and set it in the thread

22
arch/powerpc/platforms/powernv/vas-window.c
View File

@@ -1058,13 +1058,6 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop,
rc = -ENODEV; rc = -ENODEV;
goto free_window; goto free_window;
} }
/*
* A user mapping must ensure that context switch issues
* CP_ABORT for this thread.
*/
rc = set_thread_uses_vas();
if (rc)
goto free_window;
/* /*
* Window opened by a child thread may not be closed when * Window opened by a child thread may not be closed when
@@ -1090,7 +1083,7 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop,
mmgrab(txwin->mm); mmgrab(txwin->mm);
mmput(txwin->mm); mmput(txwin->mm);
mm_context_add_copro(txwin->mm); mm_context_add_vas_window(txwin->mm);
/* /*
* Process closes window during exit. In the case of * Process closes window during exit. In the case of
* multithread application, the child thread can open * multithread application, the child thread can open
@@ -1099,6 +1092,17 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop,
* to take pid reference for parent thread. * to take pid reference for parent thread.
*/ */
txwin->tgid = find_get_pid(task_tgid_vnr(current)); txwin->tgid = find_get_pid(task_tgid_vnr(current));
/*
* Even a process that has no foreign real address mapping can
* use an unpaired COPY instruction (to no real effect). Issue
* CP_ABORT to clear any pending COPY and prevent a covert
* channel.
*
* __switch_to() will issue CP_ABORT on future context switches
* if process / thread has any open VAS window (Use
* current->mm->context.vas_windows).
*/
asm volatile(PPC_CP_ABORT);
} }
set_vinst_win(vinst, txwin); set_vinst_win(vinst, txwin);
@@ -1332,7 +1336,7 @@ int vas_win_close(struct vas_window *window)
/* Drop references to pid and mm */ /* Drop references to pid and mm */
put_pid(window->pid); put_pid(window->pid);
if (window->mm) { if (window->mm) {
mm_context_remove_copro(window->mm); mm_context_remove_vas_window(window->mm);
mmdrop(window->mm); mmdrop(window->mm);
} }
} }