lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220908192859.546633738@redhat.com>
Date:   Thu, 08 Sep 2022 16:28:59 -0300
From:   Marcelo Tosatti <mtosatti@...hat.com>
To:     linux-kernel@...r.kernel.org
Cc:     Frederic Weisbecker <frederic@...nel.org>,
        Juri Lelli <juri.lelli@...hat.com>,
        Daniel Bristot de Oliveira <bristot@...nel.org>,
        Prasad Pandit <ppandit@...hat.com>,
        Valentin Schneider <vschneid@...hat.com>,
        Yair Podemsky <ypodemsk@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: [RFC PATCH 0/7] cpu isolation: infra to block interference to select CPUs

There are a number of codepaths in the kernel that interrupt
code execution in remote CPUs. A subset of such codepaths are
triggered from userspace and can therefore return errors.

Introduce a cpumask named "block interference", writable from userspace.

This cpumask (and associated helpers) can be used by code that executes
code on remote CPUs to optionally return an error.

Note: the word "interference" has been chosen since "interruption" is
often confused with "device interrupt".

To protect readers VS writers of this cpumask, a per-CPU read-write
semaphore is used. This is acceptable since the codepaths which 
trigger such interferences are not (or should not be) hot.

What is proposed is to incrementally modify code that can return errors
in two ways:

1) Introduction of fail variants of the functions that generate 
code execution on remote CPUs. This way the modified code should
look like:

        block_interf_read_lock();

        ret = smp_call_func_single_fail() / stop_machine_fail() / ...

        block_interf_read_unlock();

This is grep friendly (so one can search for smp_call_function_* variants)
and re-uses code.

2) Usage of block interference CPU mask helpers. For certain 
users of smp_call_func_*, stop_machine_* functions it 
is natural to check for block interference CPUs before
calling the functions for remote code execution.

For example if its not desirable to perform error handling at
smp_call_func_* time, or if performing the error handling requires
unjustified complexity. Then:


        block_interf_read_lock();

	if target cpumask intersects with block interference cpumask {
		block_interf_read_unlock();
		return error
	}

	...
        ret = smp_call_function_single / stop_machine() / ...
	...

        block_interf_read_unlock();

Regarding housekeeping flags, it is usually the case that initialization might
require code execution on interference blocked CPUs (for example MTRR 
initialization, resctrlfs initialization, MSR writes, ...). Therefore 
tagging the CPUs after system initialization is necessary, which
is not possible with current housekeeping flags infrastructure.

This patchset converts clockevent and clocksource unbind, perf_event_open
system call, and /proc/mtrr writes, but there are several more users
to convert (eg: MSR reads/writes, resctrlfs, etc).

Sending this as an RFC to know whether folks think this is the
right direction.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ