linux/arch/powerpc/kernel
Miroslav Benes 43347d56c8 livepatch: send a fake signal to all blocking tasks
Live patching consistency model is of LEAVE_PATCHED_SET and
SWITCH_THREAD. This means that all tasks in the system have to be marked
one by one as safe to call a new patched function. Safe means when a
task is not (sleeping) in a set of patched functions. That is, no
patched function is on the task's stack. Another clearly safe place is
the boundary between kernel and userspace. The patching waits for all
tasks to get outside of the patched set or to cross the boundary. The
transition is completed afterwards.

The problem is that a task can block the transition for quite a long
time, if not forever. It could sleep in a set of patched functions, for
example.  Luckily we can force the task to leave the set by sending it a
fake signal, that is a signal with no data in signal pending structures
(no handler, no sign of proper signal delivered). Suspend/freezer use
this to freeze the tasks as well. The task gets TIF_SIGPENDING set and
is woken up (if it has been sleeping in the kernel before) or kicked by
rescheduling IPI (if it was running on other CPU). This causes the task
to go to kernel/userspace boundary where the signal would be handled and
the task would be marked as safe in terms of live patching.

There are tasks which are not affected by this technique though. The
fake signal is not sent to kthreads. They should be handled differently.
They can be woken up so they leave the patched set and their
TIF_PATCH_PENDING can be cleared thanks to stack checking.

For the sake of completeness, if the task is in TASK_RUNNING state but
not currently running on some CPU it doesn't get the IPI, but it would
eventually handle the signal anyway. Second, if the task runs in the
kernel (in TASK_RUNNING state) it gets the IPI, but the signal is not
handled on return from the interrupt. It would be handled on return to
the userspace in the future when the fake signal is sent again. Stack
checking deals with these cases in a better way.

If the task was sleeping in a syscall it would be woken by our fake
signal, it would check if TIF_SIGPENDING is set (by calling
signal_pending() predicate) and return ERESTART* or EINTR. Syscalls with
ERESTART* return values are restarted in case of the fake signal (see
do_signal()). EINTR is propagated back to the userspace program. This
could disturb the program, but...

* each process dealing with signals should react accordingly to EINTR
  return values.
* syscalls returning EINTR happen to be quite common situation in the
  system even if no fake signal is sent.
* freezer sends the fake signal and does not deal with EINTR anyhow.
  Thus EINTR values are returned when the system is resumed.

The very safe marking is done in architectures' "entry" on syscall and
interrupt/exception exit paths, and in a stack checking functions of
livepatch.  TIF_PATCH_PENDING is cleared and the next
recalc_sigpending() drops TIF_SIGPENDING. In connection with this, also
call klp_update_patch_state() before do_signal(), so that
recalc_sigpending() in dequeue_signal() can clear TIF_PATCH_PENDING
immediately and thus prevent a double call of do_signal().

Note that the fake signal is not sent to stopped/traced tasks. Such task
prevents the patching to finish till it continues again (is not traced
anymore).

Last, sending the fake signal is not automatic. It is done only when
admin requests it by writing 1 to signal sysfs attribute in livepatch
sysfs directory.

Signed-off-by: Miroslav Benes <mbenes@suse.cz>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: x86@kernel.org
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2017-12-04 22:34:57 +01:00
..
trace License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso32 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso64 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore
align.c powerpc: Fix check for copy/paste instructions in alignment handler 2017-10-25 12:42:35 +02:00
asm-offsets.c powerpc/powernv: Save/Restore additional SPRs for stop4 cpuidle 2017-08-01 21:01:20 +10:00
audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
btext.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cacheinfo.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
cacheinfo.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
compat_audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cpu_setup_6xx.S
cpu_setup_44x.S
cpu_setup_fsl_booke.S
cpu_setup_pa6t.S
cpu_setup_power.S powerpc/powernv: Fix local TLB flush for boot and MCE on POWER9 2017-07-11 12:53:53 +10:00
cpu_setup_ppc970.S
cputable.c powerpc/8xx: Use symbolic PVR value 2017-08-10 23:32:18 +10:00
crash_dump.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
crash.c powerpc/fadump: remove dependency with CONFIG_KEXEC 2017-05-08 17:15:11 -07:00
dbell.c powerpc: Introduce msgsnd/doorbell barrier primitives 2017-04-13 23:34:33 +10:00
dma-iommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dma-swiotlb.c treewide: Constify most dma_map_ops structures 2017-01-24 12:23:35 -05:00
dma.c powerpc: merge __dma_set_mask into dma_set_mask 2017-06-28 06:54:55 -07:00
dt_cpu_ftrs.c powerpc: Fix action argument for cpufeatures-based TLB flush 2017-10-03 16:16:55 +11:00
eeh_cache.c
eeh_dev.c powerpc/eeh: Create PHB PEs after EEH is initialized 2017-09-21 14:56:00 +10:00
eeh_driver.c powerpc/eeh: Remove unnecessary pointer to phb from eeh_dev 2017-08-31 14:26:09 +10:00
eeh_event.c powerpc/pci: Always print PHB and PE numbers as hexadecimal 2016-11-22 11:57:07 +11:00
eeh_pe.c powerpc/eeh: Remove unnecessary config_addr from eeh_dev 2017-08-31 14:26:09 +10:00
eeh_sysfs.c powerpc/eeh: Remove unnecessary config_addr from eeh_dev 2017-08-31 14:26:09 +10:00
eeh.c powerpc/eeh: Create PHB PEs after EEH is initialized 2017-09-21 14:56:00 +10:00
entry_32.S powerpc/32: Avoid risk of unrecoverable TLBmiss inside entry_32.S 2017-08-15 22:55:53 +10:00
entry_64.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
epapr_hcalls.S
epapr_paravirt.c
exceptions-64e.S powerpc/64e: Fix hang when debugging programs with relocated kernel 2017-04-30 01:05:18 -05:00
exceptions-64s.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fadump.c powerpc/powernv: Use kernel crash path for machine checks 2017-08-31 14:26:04 +10:00
firmware.c
fpu.S Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2016-10-14 14:26:58 -07:00
fsl_booke_entry_mapping.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head_8xx.S powerpc/8xx: Reduce DTLB miss handler by one insn 2017-08-15 22:55:55 +10:00
head_32.S powerpc/mm: Use symbolic constants for filtering SRR1 bits on ISIs 2017-08-03 16:06:44 +10:00
head_40x.S
head_44x.S
head_64.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
head_booke.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
head_fsl_booke.S
hw_breakpoint.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next 2017-02-18 21:37:14 +11:00
idle_6xx.S
idle_book3e.S
idle_book3s.S powerpc/64s: idle POWER9 can execute stop in virtual mode 2017-08-29 21:42:14 +10:00
idle_e500.S
idle_power4.S
idle.c
ima_kexec.c powerpc: ima: send the kexec buffer to the next kernel 2016-12-20 09:48:44 -08:00
io-workarounds.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
io.c
iomap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu.c powerpc/iommu: Use permission-specific DEVICE_ATTR variants 2017-09-01 16:42:54 +10:00
irq.c powerpc/64s: Merge HV and non-HV paths for doorbell IRQ replay 2017-08-23 23:13:27 +10:00
isa-bridge.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
jump_label.c
kexec_elf_64.c powerpc: ima: send the kexec buffer to the next kernel 2016-12-20 09:48:44 -08:00
kgdb.c powerpc/8xx: Getting rid of remaining use of CONFIG_8xx 2017-08-10 23:32:12 +10:00
kprobes-ftrace.c powerpc/kprobes: Add support for KPROBES_ON_FTRACE 2017-04-24 19:07:58 +10:00
kprobes.c powerpc/kprobes: Dereference function pointers only if the address does not belong to kernel text 2017-11-01 15:51:03 +11:00
kvm_emul.S
kvm.c powerpc/64: Fix watchdog configuration regressions 2017-08-31 14:26:00 +10:00
l2cr_6xx.S powerpc/l2cr_6xx: Fix invalid use of register expressions 2017-08-15 21:04:32 +10:00
legacy_serial.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
machine_kexec_32.c
machine_kexec_64.c powerpc: Add purgatory for kexec_file_load() implementation. 2016-11-30 23:15:26 +11:00
machine_kexec_file_64.c resource: Provide resource struct in resource walk callback 2017-11-07 15:35:57 +01:00
machine_kexec.c
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mce_power.c powerpc: Fix workaround for spurious MCE on POWER9 2017-09-29 14:19:44 +10:00
mce.c powerpc/mce: Move 64-bit machine check code into mce.c 2017-08-10 23:31:31 +10:00
misc_32.S powerpc/40x: Clear MSR_DR in one insn instead of two 2017-06-02 19:20:43 +10:00
misc_64.S powerpc/kexec: Fix radix to hash kexec due to IAMR/AMOR 2017-07-10 21:07:38 +10:00
misc.S
module_32.c
module_64.c modversions: treat symbol CRCs as 32 bit quantities 2017-02-03 08:28:25 -08:00
module.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
msi.c
nvram_64.c powerpc/nvram: use memdup_user 2017-06-27 17:02:50 -07:00
of_platform.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
optprobes_head.S powerpc/kprobes: Don't save/restore DAR/DSISR to/from pt_regs for optprobes 2017-08-24 16:19:01 +10:00
optprobes.c powerpc/kprobes: Update optprobes to use emulate_update_regs() 2017-09-20 20:21:24 +10:00
paca.c treewide: make "nr_cpu_ids" unsigned 2017-09-08 18:26:48 -07:00
pci_32.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pci_64.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pci_dn.c powerpc/pci: Remove OF node back pointer from pci_dn 2017-08-31 14:26:12 +10:00
pci_of_scan.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pci-common.c powerpc: Convert to using %pOF instead of full_name 2017-08-23 22:27:04 +10:00
pci-hotplug.c
pmc.c
ppc32.h
ppc_save_regs.S
proc_powerpc.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
process.c powerpc/oops: Line up NIP & MSR with other rows 2017-08-28 22:10:00 +10:00
prom_init_check.sh
prom_init.c powerpc/xive: add XIVE Exploitation Mode to CAS 2017-09-02 21:02:38 +10:00
prom_parse.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
prom.c powerpc: Fix booting P9 hash with CONFIG_PPC_RADIX_MMU=N 2017-05-25 23:07:44 +10:00
ptrace32.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ptrace.c powerpc/tm: Flush TM only if CPU has TM feature 2017-09-20 13:30:09 +10:00
reloc_32.S
reloc_64.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
rtas_flash.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
rtas_pci.c powerpc/kernel: Change retrieval of pci_dn 2017-08-31 14:26:40 +10:00
rtas-proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtas-rtc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtas.c locking/arch, powerpc/rtas: Use arch_spin_lock() instead of arch_spin_lock_flags() 2017-10-18 15:15:07 +02:00
rtasd.c powerpc: Only obtain cpu_hotplug_lock if called by rtasd 2017-06-23 09:32:11 +02:00
setup_32.c powerpc/32: remove a NOP from memset() 2017-09-01 16:42:46 +10:00
setup_64.c powerpc/64: Fix watchdog configuration regressions 2017-08-31 14:26:00 +10:00
setup-common.c powerpc/4xx: Fix compile error with 64K pages on 40x, 44x 2017-10-03 21:59:48 +11:00
setup.h
signal_32.c signal: Remove kernel interal si_code magic 2017-07-24 14:30:28 -05:00
signal_64.c powerpc/tm: Fix illegal TM state in signal handler 2017-10-06 22:12:55 +11:00
signal.c livepatch: send a fake signal to all blocking tasks 2017-12-04 22:34:57 +01:00
signal.h
smp-tbsync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smp.c powerpc/smp: Add Power9 scheduler topology 2017-08-31 18:16:08 +10:00
stacktrace.c powerpc: Make /proc/self/stack always print the current stack 2017-03-28 14:43:59 +11:00
suspend.c
swsusp_32.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
swsusp_64.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/nmi.h> 2017-03-02 08:42:30 +01:00
swsusp_asm64.S powerpc: Fix invalid use of register expressions 2017-08-10 22:29:41 +10:00
swsusp_booke.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
swsusp.c powerpc/swsusp: Include suspend.h to silence sparse warnings 2017-03-20 19:02:49 +11:00
sys_ppc32.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
syscalls.c powerpc/tracing: Allow tracing of mmap syscalls 2017-04-12 22:32:43 +10:00
sysfs.c powerpc/sysfs: Move #ifdef CONFIG_HOTPLUG_CPU out of the function body 2017-05-03 14:45:38 +10:00
systbl_chk.c
systbl_chk.sh
systbl.S powerpc/asm: Convert .llong directives to .8byte 2017-08-31 14:26:47 +10:00
tau_6xx.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
time.c powerpc: use spin loop primitives in some functions 2017-07-02 20:40:24 +10:00
tm.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
traps.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into fixes 2017-09-20 20:05:24 +10:00
udbg_16550.c
udbg.c
uprobes.c powerpc/uprobes: Implement arch_uretprobe_is_alive() 2017-08-24 16:19:21 +10:00
vdso.c powerpc/64: Clean up ppc64_caches using a struct per cache 2017-02-06 19:46:04 +11:00
vecemu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vector.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vmlinux.lds.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
watchdog.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00