[RFC PATCH v8 12/14] xpfo, mm: optimize spinlock usage in xpfo_kunmap

From: Khalid Aziz
Date: Wed Feb 13 2019 - 19:06:35 EST

Next message: Khalid Aziz: "[RFC PATCH v8 11/14] xpfo, mm: remove dependency on CONFIG_PAGE_EXTENSION"
Previous message: Khalid Aziz: "[RFC PATCH v8 14/14] xpfo, mm: Optimize XPFO TLB flushes by batching them together"
In reply to: Khalid Aziz: "[RFC PATCH v8 14/14] xpfo, mm: Optimize XPFO TLB flushes by batching them together"
Next in thread: Khalid Aziz: "[RFC PATCH v8 11/14] xpfo, mm: remove dependency on CONFIG_PAGE_EXTENSION"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Julian Stecklina <jsteckli@xxxxxxxxx>

Only the xpfo_kunmap call that needs to actually unmap the page
needs to be serialized. We need to be careful to handle the case,
where after the atomic decrement of the mapcount, a xpfo_kmap
increased the mapcount again. In this case, we can safely skip
modifying the page table.

Model-checked with up to 4 concurrent callers with Spin.

Signed-off-by: Julian Stecklina <jsteckli@xxxxxxxxx>
Signed-off-by: Khalid Aziz <khalid.aziz@xxxxxxxxxx>
Cc: x86@xxxxxxxxxx
Cc: kernel-hardening@xxxxxxxxxxxxxxxxxx
Cc: Vasileios P. Kemerlis <vpk@xxxxxxxxxxxxxxx>
Cc: Juerg Haefliger <juerg.haefliger@xxxxxxxxxxxxx>
Cc: Tycho Andersen <tycho@xxxxxxxxxx>
Cc: Marco Benatto <marco.antonio.780@xxxxxxxxx>
Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
---
mm/xpfo.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/mm/xpfo.c b/mm/xpfo.c
index dc03c423c52f..5157cbebce4b 100644
--- a/mm/xpfo.c
+++ b/mm/xpfo.c
@@ -124,28 +124,35 @@ EXPORT_SYMBOL(xpfo_kmap);

void xpfo_kunmap(void *kaddr, struct page *page)
{
+ bool flush_tlb = false;
+
if (!static_branch_unlikely(&xpfo_inited))
return;

if (!PageXpfoUser(page))
return;

- spin_lock(&page->xpfo_lock);
-
/*
* The page is to be allocated back to user space, so unmap it from the
* kernel, flush the TLB and tag it as a user page.
*/
if (atomic_dec_return(&page->xpfo_mapcount) == 0) {
-#ifdef CONFIG_XPFO_DEBUG
- BUG_ON(PageXpfoUnmapped(page));
-#endif
- SetPageXpfoUnmapped(page);
- set_kpte(kaddr, page, __pgprot(0));
- xpfo_flush_kernel_tlb(page, 0);
+ spin_lock(&page->xpfo_lock);
+
+ /*
+ * In the case, where we raced with kmap after the
+ * atomic_dec_return, we must not nuke the mapping.
+ */
+ if (atomic_read(&page->xpfo_mapcount) == 0) {
+ SetPageXpfoUnmapped(page);
+ set_kpte(kaddr, page, __pgprot(0));
+ flush_tlb = true;
+ }
+ spin_unlock(&page->xpfo_lock);
}

- spin_unlock(&page->xpfo_lock);
+ if (flush_tlb)
+ xpfo_flush_kernel_tlb(page, 0);
}
EXPORT_SYMBOL(xpfo_kunmap);

--
2.17.1

Next message: Khalid Aziz: "[RFC PATCH v8 11/14] xpfo, mm: remove dependency on CONFIG_PAGE_EXTENSION"
Previous message: Khalid Aziz: "[RFC PATCH v8 14/14] xpfo, mm: Optimize XPFO TLB flushes by batching them together"
In reply to: Khalid Aziz: "[RFC PATCH v8 14/14] xpfo, mm: Optimize XPFO TLB flushes by batching them together"
Next in thread: Khalid Aziz: "[RFC PATCH v8 11/14] xpfo, mm: remove dependency on CONFIG_PAGE_EXTENSION"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]