| Message ID | 20200204175913.74901-5-avagin@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: add the time namespace support | expand |
Hi Andrei, On 04/02/2020 17:59, Andrei Vagin wrote: > If a task belongs to a time namespace then the VVAR page which contains > the system wide VDSO data is replaced with a namespace specific page > which has the same layout as the VVAR page. > > Signed-off-by: Andrei Vagin <avagin@gmail.com> > --- > arch/arm64/kernel/vdso.c | 55 +++++++++++++++++++++++++++++++++++++--- > 1 file changed, 51 insertions(+), 4 deletions(-) > > diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c > index bc93e26ae485..2e553468b183 100644 > --- a/arch/arm64/kernel/vdso.c > +++ b/arch/arm64/kernel/vdso.c > @@ -23,6 +23,7 @@ > #include <vdso/datapage.h> > #include <vdso/helpers.h> > #include <vdso/vsyscall.h> > +#include <linux/time_namespace.h> > Nit: Could you please group this with the linux/ headers and keep the alphabetical order. > #include <asm/cacheflush.h> > #include <asm/signal32.h> > @@ -171,15 +172,61 @@ int vdso_join_timens(struct task_struct *task, struct time_namespace *ns) > up_write(&mm->mmap_sem); > return 0; > } > + > +static struct page *find_timens_vvar_page(struct vm_area_struct *vma) > +{ > + if (likely(vma->vm_mm == current->mm)) > + return current->nsproxy->time_ns->vvar_page; > + > + /* > + * VM_PFNMAP | VM_IO protect .fault() handler from being called > + * through interfaces like /proc/$pid/mem or > + * process_vm_{readv,writev}() as long as there's no .access() > + * in special_mapping_vmops(). > + * For more details check_vma_flags() and __access_remote_vm() > + */ > + > + WARN(1, "vvar_page accessed remotely"); > + > + return NULL; > +} > +#else > +static inline struct page *find_timens_vvar_page(struct vm_area_struct *vma) > +{ > + return NULL; > +} > #endif > > static vm_fault_t vvar_fault(const struct vm_special_mapping *sm, > struct vm_area_struct *vma, struct vm_fault *vmf) > { > - if (vmf->pgoff == 0) > - return vmf_insert_pfn(vma, vmf->address, > - sym_to_pfn(vdso_data)); > - return VM_FAULT_SIGBUS; > + struct page *timens_page = find_timens_vvar_page(vma); > + unsigned long pfn; > + > + switch (vmf->pgoff) { > + case VVAR_DATA_PAGE_OFFSET: > + if (timens_page) > + pfn = page_to_pfn(timens_page); > + else > + pfn = sym_to_pfn(vdso_data); > + break; > + case VVAR_TIMENS_PAGE_OFFSET: > + /* > + * If a task belongs to a time namespace then a namespace > + * specific VVAR is mapped with the VVAR_DATA_PAGE_OFFSET and > + * the real VVAR page is mapped with the VVAR_TIMENS_PAGE_OFFSET > + * offset. > + * See also the comment near timens_setup_vdso_data(). > + */ > + if (!timens_page) > + return VM_FAULT_SIGBUS; > + pfn = sym_to_pfn(vdso_data); > + break; > + default: > + return VM_FAULT_SIGBUS; > + } > + > + return vmf_insert_pfn(vma, vmf->address, pfn); > } > > static int __setup_additional_pages(enum arch_vdso_type arch_index, >
diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index bc93e26ae485..2e553468b183 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -23,6 +23,7 @@ #include <vdso/datapage.h> #include <vdso/helpers.h> #include <vdso/vsyscall.h> +#include <linux/time_namespace.h> #include <asm/cacheflush.h> #include <asm/signal32.h> @@ -171,15 +172,61 @@ int vdso_join_timens(struct task_struct *task, struct time_namespace *ns) up_write(&mm->mmap_sem); return 0; } + +static struct page *find_timens_vvar_page(struct vm_area_struct *vma) +{ + if (likely(vma->vm_mm == current->mm)) + return current->nsproxy->time_ns->vvar_page; + + /* + * VM_PFNMAP | VM_IO protect .fault() handler from being called + * through interfaces like /proc/$pid/mem or + * process_vm_{readv,writev}() as long as there's no .access() + * in special_mapping_vmops(). + * For more details check_vma_flags() and __access_remote_vm() + */ + + WARN(1, "vvar_page accessed remotely"); + + return NULL; +} +#else +static inline struct page *find_timens_vvar_page(struct vm_area_struct *vma) +{ + return NULL; +} #endif static vm_fault_t vvar_fault(const struct vm_special_mapping *sm, struct vm_area_struct *vma, struct vm_fault *vmf) { - if (vmf->pgoff == 0) - return vmf_insert_pfn(vma, vmf->address, - sym_to_pfn(vdso_data)); - return VM_FAULT_SIGBUS; + struct page *timens_page = find_timens_vvar_page(vma); + unsigned long pfn; + + switch (vmf->pgoff) { + case VVAR_DATA_PAGE_OFFSET: + if (timens_page) + pfn = page_to_pfn(timens_page); + else + pfn = sym_to_pfn(vdso_data); + break; + case VVAR_TIMENS_PAGE_OFFSET: + /* + * If a task belongs to a time namespace then a namespace + * specific VVAR is mapped with the VVAR_DATA_PAGE_OFFSET and + * the real VVAR page is mapped with the VVAR_TIMENS_PAGE_OFFSET + * offset. + * See also the comment near timens_setup_vdso_data(). + */ + if (!timens_page) + return VM_FAULT_SIGBUS; + pfn = sym_to_pfn(vdso_data); + break; + default: + return VM_FAULT_SIGBUS; + } + + return vmf_insert_pfn(vma, vmf->address, pfn); } static int __setup_additional_pages(enum arch_vdso_type arch_index,
If a task belongs to a time namespace then the VVAR page which contains the system wide VDSO data is replaced with a namespace specific page which has the same layout as the VVAR page. Signed-off-by: Andrei Vagin <avagin@gmail.com> --- arch/arm64/kernel/vdso.c | 55 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 51 insertions(+), 4 deletions(-)