Commit c420644c authored by Haren Myneni's avatar Haren Myneni Committed by Michael Ellerman
Browse files

powerpc: Use mm_context vas_windows counter to issue CP_ABORT 



set_thread_uses_vas() sets used_vas flag for a process that opened VAS
window and issue CP_ABORT during context switch for only that process.
In multi-thread application, windows can be shared. For example Thread
A can open a window and Thread B can run COPY/PASTE instructions to
send NX request which may cause corruption or snooping or a covert
channel Also once this flag is set, continue to run CP_ABORT even the
VAS window is closed.

So define vas-windows counter in process mm_context, increment this
counter for each window open and decrement it for window close. If
vas-windows is set, issue CP_ABORT during context switch. It means
clear the foreign real address mapping only if the process / thread
uses COPY/PASTE. Then disable it for that process if windows are not
open.

Moved set_thread_uses_vas() code to vas_tx_win_open() as this
functionality is needed only for userspace open windows. We are adding
VAS userspace support along with this fix. So no need to include this
fix in stable releases.

Fixes: 9d2a4d71 ("powerpc: Define set_thread_uses_vas()")
Signed-off-by: default avatarHaren Myneni <haren@linux.ibm.com>
Reported-by: default avatarNicholas Piggin <npiggin@gmail.com>
Suggested-by: default avatarMilton Miller <miltonm@us.ibm.com>
Suggested-by: default avatarNicholas Piggin <npiggin@gmail.com>
Reviewed-by: default avatarNicholas Piggin <npiggin@gmail.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1587017291.2275.1077.camel@hbabu-laptop
parent 1d955f98

arch/powerpc/include/asm/book3s/64/mmu.h

+3 −0
Original line number Diff line number Diff line
@@ -116,6 +116,9 @@ typedef struct { 
	/* Number of users of the external (Nest) MMU */

	atomic_t copros;



	/* Number of user space windows opened in process mm_context */

	atomic_t vas_windows;



	struct hash_mm_context *hash_context;



	unsigned long vdso_base;

arch/powerpc/include/asm/mmu_context.h

+30 −0
Original line number Diff line number Diff line
@@ -185,11 +185,41 @@ static inline void mm_context_remove_copro(struct mm_struct *mm) 
			dec_mm_active_cpus(mm);

	}

}



/*

 * vas_windows counter shows number of open windows in the mm

 * context. During context switch, use this counter to clear the

 * foreign real address mapping (CP_ABORT) for the thread / process

 * that intend to use COPY/PASTE. When a process closes all windows,

 * disable CP_ABORT which is expensive to run.

 *

 * For user context, register a copro so that TLBIs are seen by the

 * nest MMU. mm_context_add/remove_vas_window() are used only for user

 * space windows.

 */

static inline void mm_context_add_vas_window(struct mm_struct *mm)

{

	atomic_inc(&mm->context.vas_windows);

	mm_context_add_copro(mm);

}



static inline void mm_context_remove_vas_window(struct mm_struct *mm)

{

	int v;



	mm_context_remove_copro(mm);

	v = atomic_dec_if_positive(&mm->context.vas_windows);



	/* Detect imbalance between add and remove */

	WARN_ON(v < 0);

}

#else

static inline void inc_mm_active_cpus(struct mm_struct *mm) { }

static inline void dec_mm_active_cpus(struct mm_struct *mm) { }

static inline void mm_context_add_copro(struct mm_struct *mm) { }

static inline void mm_context_remove_copro(struct mm_struct *mm) { }

static inline void mm_context_add_vas_windows(struct mm_struct *mm) { }

static inline void mm_context_remove_vas_windows(struct mm_struct *mm) { }

#endif

arch/powerpc/include/asm/processor.h

+0 −1
Original line number Diff line number Diff line
@@ -272,7 +272,6 @@ struct thread_struct { 
	unsigned 	mmcr0;



	unsigned 	used_ebb;

	unsigned int	used_vas;

#endif

};

arch/powerpc/include/asm/switch_to.h

+0 −2
Original line number Diff line number Diff line
@@ -102,8 +102,6 @@ static inline void clear_task_ebb(struct task_struct *t) 
#endif

}



extern int set_thread_uses_vas(void);



extern int set_thread_tidr(struct task_struct *t);



#endif /* _ASM_POWERPC_SWITCH_TO_H */

arch/powerpc/kernel/process.c

+2 −22
Original line number Diff line number Diff line
@@ -1228,7 +1228,8 @@ struct task_struct *__switch_to(struct task_struct *prev, 
		 * mappings, we must issue a cp_abort to clear any state and

		 * prevent snooping, corruption or a covert channel.

		 */

		if (current->thread.used_vas)

		if (current->mm &&

			atomic_read(&current->mm->context.vas_windows))

			asm volatile(PPC_CP_ABORT);

	}

#endif /* CONFIG_PPC_BOOK3S_64 */
@@ -1467,27 +1468,6 @@ void arch_setup_new_exec(void) 
}

#endif



int set_thread_uses_vas(void)

{

#ifdef CONFIG_PPC_BOOK3S_64

	if (!cpu_has_feature(CPU_FTR_ARCH_300))

		return -EINVAL;



	current->thread.used_vas = 1;



	/*

	 * Even a process that has no foreign real address mapping can use

	 * an unpaired COPY instruction (to no real effect). Issue CP_ABORT

	 * to clear any pending COPY and prevent a covert channel.

	 *

	 * __switch_to() will issue CP_ABORT on future context switches.

	 */

	asm volatile(PPC_CP_ABORT);



#endif /* CONFIG_PPC_BOOK3S_64 */

	return 0;

}



#ifdef CONFIG_PPC64

/**

 * Assign a TIDR (thread ID) for task @t and set it in the thread