| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Sep 2022 16:28:59 -0300
From: Marcelo Tosatti <mtosatti@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: Frederic Weisbecker <frederic@...nel.org>,
Juri Lelli <juri.lelli@...hat.com>,
Daniel Bristot de Oliveira <bristot@...nel.org>,
Prasad Pandit <ppandit@...hat.com>,
Valentin Schneider <vschneid@...hat.com>,
Yair Podemsky <ypodemsk@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>
Subject: [RFC PATCH 0/7] cpu isolation: infra to block interference to select CPUs
There are a number of codepaths in the kernel that interrupt
code execution in remote CPUs. A subset of such codepaths are
triggered from userspace and can therefore return errors.
Introduce a cpumask named "block interference", writable from userspace.
This cpumask (and associated helpers) can be used by code that executes
code on remote CPUs to optionally return an error.
Note: the word "interference" has been chosen since "interruption" is
often confused with "device interrupt".
To protect readers VS writers of this cpumask, a per-CPU read-write
semaphore is used. This is acceptable since the codepaths which
trigger such interferences are not (or should not be) hot.
What is proposed is to incrementally modify code that can return errors
in two ways:
1) Introduction of fail variants of the functions that generate
code execution on remote CPUs. This way the modified code should
look like:
block_interf_read_lock();
ret = smp_call_func_single_fail() / stop_machine_fail() / ...
block_interf_read_unlock();
This is grep friendly (so one can search for smp_call_function_* variants)
and re-uses code.
2) Usage of block interference CPU mask helpers. For certain
users of smp_call_func_*, stop_machine_* functions it
is natural to check for block interference CPUs before
calling the functions for remote code execution.
For example if its not desirable to perform error handling at
smp_call_func_* time, or if performing the error handling requires
unjustified complexity. Then:
block_interf_read_lock();
if target cpumask intersects with block interference cpumask {
block_interf_read_unlock();
return error
}
...
ret = smp_call_function_single / stop_machine() / ...
...
block_interf_read_unlock();
Regarding housekeeping flags, it is usually the case that initialization might
require code execution on interference blocked CPUs (for example MTRR
initialization, resctrlfs initialization, MSR writes, ...). Therefore
tagging the CPUs after system initialization is necessary, which
is not possible with current housekeeping flags infrastructure.
This patchset converts clockevent and clocksource unbind, perf_event_open
system call, and /proc/mtrr writes, but there are several more users
to convert (eg: MSR reads/writes, resctrlfs, etc).
Sending this as an RFC to know whether folks think this is the
right direction.
Powered by blists - more mailing lists