[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210126185412.175204-1-figiel@google.com>
Date: Tue, 26 Jan 2021 19:54:12 +0100
From: Piotr Figiel <figiel@...gle.com>
To: Alexey Dobriyan <adobriyan@...il.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>,
Alexey Gladkov <gladkov.alexey@...il.com>,
Michel Lespinasse <walken@...gle.com>,
Bernd Edlinger <bernd.edlinger@...mail.de>,
Andrei Vagin <avagin@...il.com>,
mathieu.desnoyers@...icios.com, viro@...iv.linux.org.uk,
peterz@...radead.org, paulmck@...nel.org, boqun.feng@...il.com
Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
posk@...gle.com, kyurtsever@...gle.com, ckennelly@...gle.com,
pjt@...gle.com, Piotr Figiel <figiel@...gle.com>
Subject: [PATCH v3] fs/proc: Expose RSEQ configuration
For userspace checkpoint and restore (C/R) some way of getting process
state containing RSEQ configuration is needed.
There are two ways this information is going to be used:
- to re-enable RSEQ for threads which had it enabled before C/R
- to detect if a thread was in a critical section during C/R
Since C/R preserves TLS memory and addresses RSEQ ABI will be restored
using the address registered before C/R.
Detection whether the thread is in a critical section during C/R is
needed to enforce behavior of RSEQ abort during C/R. Attaching with
ptrace() before registers are dumped itself doesn't cause RSEQ abort.
Restoring the instruction pointer within the critical section is
problematic because rseq_cs may get cleared before the control is
passed to the migrated application code leading to RSEQ invariants not
being preserved.
To achieve above goals expose the RSEQ structure address and the
signature value with the new per-thread procfs file "rseq".
Signed-off-by: Piotr Figiel <figiel@...gle.com>
---
v3:
- added locking so that the proc file always shows consistent pair of
RSEQ ABI address and the signature
- changed string formatting to use %px for the RSEQ ABI address
v2:
- fixed string formatting for 32-bit architectures
v1:
- https://lkml.kernel.org/r/20210113174127.2500051-1-figiel@google.com
---
fs/exec.c | 2 ++
fs/proc/base.c | 22 ++++++++++++++++++++++
kernel/rseq.c | 4 ++++
3 files changed, 28 insertions(+)
diff --git a/fs/exec.c b/fs/exec.c
index 5d4d52039105..5d84f98847f1 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1830,7 +1830,9 @@ static int bprm_execve(struct linux_binprm *bprm,
/* execve succeeded */
current->fs->in_exec = 0;
current->in_execve = 0;
+ task_lock(current);
rseq_execve(current);
+ task_unlock(current);
acct_update_integrals(current);
task_numa_free(current, false);
return retval;
diff --git a/fs/proc/base.c b/fs/proc/base.c
index b3422cda2a91..89232329d966 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -662,6 +662,22 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
return 0;
}
+
+#ifdef CONFIG_RSEQ
+static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns,
+ struct pid *pid, struct task_struct *task)
+{
+ int res = lock_trace(task);
+
+ if (res)
+ return res;
+ task_lock(task);
+ seq_printf(m, "%px %08x\n", task->rseq, task->rseq_sig);
+ task_unlock(task);
+ unlock_trace(task);
+ return 0;
+}
+#endif /* CONFIG_RSEQ */
#endif /* CONFIG_HAVE_ARCH_TRACEHOOK */
/************************************************************************/
@@ -3182,6 +3198,9 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
ONE("syscall", S_IRUSR, proc_pid_syscall),
+#ifdef CONFIG_RSEQ
+ ONE("rseq", S_IRUSR, proc_pid_rseq),
+#endif
#endif
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
ONE("stat", S_IRUGO, proc_tgid_stat),
@@ -3522,6 +3541,9 @@ static const struct pid_entry tid_base_stuff[] = {
&proc_pid_set_comm_operations, {}),
#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
ONE("syscall", S_IRUSR, proc_pid_syscall),
+#ifdef CONFIG_RSEQ
+ ONE("rseq", S_IRUSR, proc_pid_rseq),
+#endif
#endif
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
ONE("stat", S_IRUGO, proc_tid_stat),
diff --git a/kernel/rseq.c b/kernel/rseq.c
index a4f86a9d6937..6aea67878065 100644
--- a/kernel/rseq.c
+++ b/kernel/rseq.c
@@ -322,8 +322,10 @@ SYSCALL_DEFINE4(rseq, struct rseq __user *, rseq, u32, rseq_len,
ret = rseq_reset_rseq_cpu_id(current);
if (ret)
return ret;
+ task_lock(current);
current->rseq = NULL;
current->rseq_sig = 0;
+ task_unlock(current);
return 0;
}
@@ -353,8 +355,10 @@ SYSCALL_DEFINE4(rseq, struct rseq __user *, rseq, u32, rseq_len,
return -EINVAL;
if (!access_ok(rseq, rseq_len))
return -EFAULT;
+ task_lock(current);
current->rseq = rseq;
current->rseq_sig = sig;
+ task_unlock(current);
/*
* If rseq was previously inactive, and has just been
* registered, ensure the cpu_id_start and cpu_id fields
--
2.30.0.280.ga3ce27912f-goog
Powered by blists - more mailing lists