[PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC - Kernel

This is a discussion on [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC - Kernel ; x86: Implement prctl PR_GET_TSC and PR_SET_TSC This patch adds a configure option CONFIG_DISABLE_TSC (off by default) for the x86 platform to enable the PR_GET_TSC and PR_SET_TSC commands. These control the ability to use the timestamp counter from userspace (the RDTSC ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 23

Thread: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

  1. [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC


    x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    This patch adds a configure option CONFIG_DISABLE_TSC
    (off by default) for the x86 platform to enable the
    PR_GET_TSC and PR_SET_TSC commands. These control the
    ability to use the timestamp counter from userspace
    (the RDTSC instruction.)

    This patch uses code earlier used to disable the
    timestamp counter for the SECCOMP framework. It used
    to disable the RDTSC on 32 bit kernels, but allow it
    on x86_64. This patch makes SECCOMP disable the
    timestamp counter whenever CONFIG_DISABLE_TSC is
    enabled.

    Signed-off-by: Erik Bosman
    ---
    arch/x86/Kconfig | 15 ++++++++
    arch/x86/kernel/process_32.c | 46 ++++++++++++++++++++++--
    arch/x86/kernel/process_64.c | 72 ++++++++++++++++++++++++++++++++++++++
    include/asm-x86/processor.h | 11 ++++++
    include/asm-x86/thread_info_64.h | 4 ++-
    include/asm-x86/tsc.h | 3 ++
    kernel/seccomp.c | 2 +-
    7 files changed, 148 insertions(+), 5 deletions(-)

    diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
    index 56bef39..8b79203 100644
    --- a/arch/x86/Kconfig
    +++ b/arch/x86/Kconfig
    @@ -1122,6 +1122,21 @@ config IRQBALANCE
    The default yes will allow the kernel to do irq load balancing.
    Saying no will keep the kernel from doing irq load balancing.

    +config DISABLE_TSC
    + def_bool n
    + prompt "Make availability of the RDTSC instruction configurable"
    + depends on (X86_32 || X86_64) && EXPERIMENTAL
    + help
    + While the RDTSC instruction allows for very precise time
    + measurements, it is also a source for non-determinism
    + during the execution of a process which can be a problem in some
    + security contexts. This option adds prctl commands to configure
    + and test the availability of the RDTSC instruction on a
    + per-process basis. Choosing this option may cause a small
    + performance hit during context switching.
    +
    + If unsure, say N.
    +
    config SECCOMP
    def_bool y
    prompt "Enable seccomp to safely compute untrusted bytecode"
    diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
    index 6496344..e6a861f 100644
    --- a/arch/x86/kernel/process_32.c
    +++ b/arch/x86/kernel/process_32.c
    @@ -36,6 +36,7 @@
    #include
    #include
    #include
    +#include

    #include
    #include
    @@ -528,11 +529,12 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    }
    EXPORT_SYMBOL_GPL(start_thread);

    -#ifdef CONFIG_SECCOMP
    +#ifdef CONFIG_DISABLE_TSC
    static void hard_disable_TSC(void)
    {
    write_cr4(read_cr4() | X86_CR4_TSD);
    }
    +
    void disable_TSC(void)
    {
    preempt_disable();
    @@ -544,11 +546,48 @@ void disable_TSC(void)
    hard_disable_TSC();
    preempt_enable();
    }
    +
    static void hard_enable_TSC(void)
    {
    write_cr4(read_cr4() & ~X86_CR4_TSD);
    }
    -#endif /* CONFIG_SECCOMP */
    +
    +void enable_TSC(void)
    +{
    + preempt_disable();
    + if (test_and_clear_thread_flag(TIF_NOTSC))
    + /*
    + * Must flip the CPU state synchronously with
    + * TIF_NOTSC in the current running context.
    + */
    + hard_enable_TSC();
    + preempt_enable();
    +}
    +
    +int get_tsc_mode(unsigned long adr)
    +{
    + unsigned int val;
    +
    + if (test_thread_flag(TIF_NOTSC))
    + val = PR_TSC_SIGSEGV;
    + else
    + val = PR_TSC_ENABLE;
    +
    + return put_user(val, (unsigned int __user *)adr);
    +}
    +
    +int set_tsc_mode(unsigned int val)
    +{
    + if (val == PR_TSC_SIGSEGV)
    + disable_TSC();
    + else if (val == PR_TSC_ENABLE)
    + enable_TSC();
    + else
    + return -EINVAL;
    +
    + return 0;
    +}
    +#endif /* CONFIG_DISABLE_TSC */

    static noinline void
    __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
    @@ -582,7 +621,7 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
    set_debugreg(next->debugreg7, 7);
    }

    -#ifdef CONFIG_SECCOMP
    +#ifdef CONFIG_DISABLE_TSC
    if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
    test_tsk_thread_flag(next_p, TIF_NOTSC)) {
    /* prev and next are different */
    @@ -839,3 +878,4 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
    unsigned long range_end = mm->brk + 0x02000000;
    return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
    }
    +
    diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
    index 043a0c8..8ef8a2f 100644
    --- a/arch/x86/kernel/process_64.c
    +++ b/arch/x86/kernel/process_64.c
    @@ -37,6 +37,7 @@
    #include
    #include
    #include
    +#include

    #include
    #include
    @@ -555,6 +556,66 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    }
    EXPORT_SYMBOL_GPL(start_thread);

    +#ifdef CONFIG_DISABLE_TSC
    +static void hard_disable_TSC(void)
    +{
    + write_cr4(read_cr4() | X86_CR4_TSD);
    +}
    +
    +void disable_TSC(void)
    +{
    + preempt_disable();
    + if (!test_and_set_thread_flag(TIF_NOTSC))
    + /*
    + * Must flip the CPU state synchronously with
    + * TIF_NOTSC in the current running context.
    + */
    + hard_disable_TSC();
    + preempt_enable();
    +}
    +
    +static void hard_enable_TSC(void)
    +{
    + write_cr4(read_cr4() & ~X86_CR4_TSD);
    +}
    +
    +void enable_TSC(void)
    +{
    + preempt_disable();
    + if (test_and_clear_thread_flag(TIF_NOTSC))
    + /*
    + * Must flip the CPU state synchronously with
    + * TIF_NOTSC in the current running context.
    + */
    + hard_enable_TSC();
    + preempt_enable();
    +}
    +
    +int get_tsc_mode(unsigned long adr)
    +{
    + unsigned int val;
    +
    + if (test_thread_flag(TIF_NOTSC))
    + val = PR_TSC_SIGSEGV;
    + else
    + val = PR_TSC_ENABLE;
    +
    + return put_user(val, (unsigned int __user *)adr);
    +}
    +
    +int set_tsc_mode(unsigned int val)
    +{
    + if (val == PR_TSC_SIGSEGV)
    + disable_TSC();
    + else if (val == PR_TSC_ENABLE)
    + enable_TSC();
    + else
    + return -EINVAL;
    +
    + return 0;
    +}
    +#endif /* CONFIG_DISABLE_TSC */
    +
    /*
    * This special macro can be used to load a debugging register
    */
    @@ -592,6 +653,17 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
    loaddebug(next, 7);
    }

    +#ifdef CONFIG_DISABLE_TSC
    + if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
    + test_tsk_thread_flag(next_p, TIF_NOTSC)) {
    + /* prev and next are different */
    + if (test_tsk_thread_flag(next_p, TIF_NOTSC))
    + hard_disable_TSC();
    + else
    + hard_enable_TSC();
    + }
    +#endif
    +
    if (test_tsk_thread_flag(next_p, TIF_IO_BITMAP)) {
    /*
    * Copy the relevant range of the IO bitmap.
    diff --git a/include/asm-x86/processor.h b/include/asm-x86/processor.h
    index 7b1e3a8..64eea62 100644
    --- a/include/asm-x86/processor.h
    +++ b/include/asm-x86/processor.h
    @@ -921,4 +921,15 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,

    #define KSTK_EIP(task) (task_pt_regs(task)->ip)

    +#ifdef CONFIG_DISABLE_TSC
    +
    +/* Get/set a process' ability to use the timestamp counter instruction */
    +#define GET_TSC_CTL(adr) get_tsc_mode((adr))
    +#define SET_TSC_CTL(val) set_tsc_mode((val))
    +
    +extern int get_tsc_mode(unsigned long adr);
    +extern int set_tsc_mode(unsigned int val);
    +
    +#endif
    +
    #endif
    diff --git a/include/asm-x86/thread_info_64.h b/include/asm-x86/thread_info_64.h
    index f23fefc..ed664e8 100644
    --- a/include/asm-x86/thread_info_64.h
    +++ b/include/asm-x86/thread_info_64.h
    @@ -124,6 +124,7 @@ static inline struct thread_info *stack_thread_info(void)
    #define TIF_DEBUGCTLMSR 25 /* uses thread_struct.debugctlmsr */
    #define TIF_DS_AREA_MSR 26 /* uses thread_struct.ds_area_msr */
    #define TIF_BTS_TRACE_TS 27 /* record scheduling event timestamps */
    +#define TIF_NOTSC 28 /* TSC is not accessible in userland */

    #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
    #define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
    @@ -145,6 +146,7 @@ static inline struct thread_info *stack_thread_info(void)
    #define _TIF_DEBUGCTLMSR (1 << TIF_DEBUGCTLMSR)
    #define _TIF_DS_AREA_MSR (1 << TIF_DS_AREA_MSR)
    #define _TIF_BTS_TRACE_TS (1 << TIF_BTS_TRACE_TS)
    +#define _TIF_NOTSC (1 << TIF_NOTSC)

    /* work to do on interrupt/exception return */
    #define _TIF_WORK_MASK \
    @@ -158,7 +160,7 @@ static inline struct thread_info *stack_thread_info(void)

    /* flags to check in __switch_to() */
    #define _TIF_WORK_CTXSW \
    - (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR| _TIF_BTS_TRACE_TS)
    + (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR| _TIF_BTS_TRACE_TS|_TIF_NOTSC)
    #define _TIF_WORK_CTXSW_PREV _TIF_WORK_CTXSW
    #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)

    diff --git a/include/asm-x86/tsc.h b/include/asm-x86/tsc.h
    index d2d8eb5..3281e21 100644
    --- a/include/asm-x86/tsc.h
    +++ b/include/asm-x86/tsc.h
    @@ -17,7 +17,10 @@ typedef unsigned long long cycles_t;
    extern unsigned int cpu_khz;
    extern unsigned int tsc_khz;

    +#ifdef CONFIG_DISABLE_TSC
    extern void disable_TSC(void);
    +extern void enable_TSC(void);
    +#endif

    static inline cycles_t get_cycles(void)
    {
    diff --git a/kernel/seccomp.c b/kernel/seccomp.c
    index ad64fcb..0e0c7f0 100644
    --- a/kernel/seccomp.c
    +++ b/kernel/seccomp.c
    @@ -74,7 +74,7 @@ long prctl_set_seccomp(unsigned long seccomp_mode)
    if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) {
    current->seccomp.mode = seccomp_mode;
    set_thread_flag(TIF_SECCOMP);
    -#ifdef TIF_NOTSC
    +#ifdef CONFIG_DISABLE_TSC
    disable_TSC();
    #endif
    ret = 0;
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    On Fri, 11 Apr 2008 18:55:58 +0200 (CEST)
    Erik Bosman wrote:

    >
    > x86: Implement prctl PR_GET_TSC and PR_SET_TSC
    >
    > This patch adds a configure option CONFIG_DISABLE_TSC
    > (off by default) for the x86 platform to enable the
    > PR_GET_TSC and PR_SET_TSC commands. These control the
    > ability to use the timestamp counter from userspace
    > (the RDTSC instruction.)
    >
    > This patch uses code earlier used to disable the
    > timestamp counter for the SECCOMP framework. It used
    > to disable the RDTSC on 32 bit kernels, but allow it
    > on x86_64. This patch makes SECCOMP disable the
    > timestamp counter whenever CONFIG_DISABLE_TSC is
    > enabled.



    Hi,

    why did you make this a configuration option? In general it's not
    a good idea to make userspace visible ABI's (PR_* clearly is one of these)
    a CONFIG option unless there's some HUGE space saving going on.
    I don't see that here....

    So can you explain your rationale for making this a config option?

    Greetings,
    Arjan van de Ven

    --
    If you want to reach me at my work email, use arjan@linux.intel.com
    For development, discussion and tips for power savings,
    visit http://www.lesswatts.org
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    Arjan van de Ven wrote:
    >
    > Hi,
    >
    > why did you make this a configuration option? In general it's not
    > a good idea to make userspace visible ABI's (PR_* clearly is one of these)
    > a CONFIG option unless there's some HUGE space saving going on.
    > I don't see that here....
    >
    > So can you explain your rationale for making this a config option?
    >


    I also saw no mention about performance impact, which need to be
    considered whenever *anything* is proposed to be inserted into a hot
    path. It may be (heck, *should be*) that the performance impact isn't
    measurable, but that needs to be positively established.

    -hpa
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  4. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    On Sat, 12 Apr 2008 23:05:44 +0200 (CEST)
    Erik Bosman wrote:

    >
    >
    > On Sat, 12 Apr 2008, H. Peter Anvin wrote:
    >
    > > Arjan van de Ven wrote:
    > > >
    > > > Hi,
    > > >
    > > > why did you make this a configuration option? In general it's not
    > > > a good idea to make userspace visible ABI's (PR_* clearly is one
    > > > of these) a CONFIG option unless there's some HUGE space saving
    > > > going on. I don't see that here....
    > > >
    > > > So can you explain your rationale for making this a config option?
    > > >

    >
    > The ABI itself is not a config option (see patch 1/3.)
    > If the x86 implementation patch isn't applied, prctl() will
    > return -EINVAL, just like most other PR_* options, which are
    > only implemented on specific architectures, take
    > (PR_GET/PR_SET_ENDIAN) as an example.


    that doesn't say why you made it an option still
    Something like this (which looks like generally useful functionality)
    should just be there unless there is a really high cost....

    >
    > >
    > > I also saw no mention about performance impact, which need to be
    > > considered whenever *anything* is proposed to be inserted into a hot
    > > path. It may be (heck, *should be*) that the performance impact
    > > isn't measurable, but that needs to be positively established.
    > >

    >
    > This is why I made the implementation part configurable, although I
    > don't think the overhead will be very high since it seems to me that
    > the __switch_to_xtra function was designed explicitly to keep unusual
    > options out of the hot path.


    so you normally don't have performance overhead unless you use the feature....
    that's really good!
    It also means that there wouldn't be a need for this to be a config option, but
    instead it can just always be there.. saving us a ton of ifdefs as well as the burden
    of having an extra config option.

    --
    If you want to reach me at my work email, use arjan@linux.intel.com
    For development, discussion and tips for power savings,
    visit http://www.lesswatts.org
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  5. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC



    On Sat, 12 Apr 2008, H. Peter Anvin wrote:

    > Arjan van de Ven wrote:
    > >
    > > Hi,
    > >
    > > why did you make this a configuration option? In general it's not
    > > a good idea to make userspace visible ABI's (PR_* clearly is one of these)
    > > a CONFIG option unless there's some HUGE space saving going on.
    > > I don't see that here....
    > >
    > > So can you explain your rationale for making this a config option?
    > >


    The ABI itself is not a config option (see patch 1/3.)
    If the x86 implementation patch isn't applied, prctl() will
    return -EINVAL, just like most other PR_* options, which are
    only implemented on specific architectures, take (PR_GET/PR_SET_ENDIAN)
    as an example.

    >
    > I also saw no mention about performance impact, which need to be
    > considered whenever *anything* is proposed to be inserted into a hot
    > path. It may be (heck, *should be*) that the performance impact isn't
    > measurable, but that needs to be positively established.
    >


    This is why I made the implementation part configurable, although I don't
    think the overhead will be very high since it seems to me that the
    __switch_to_xtra function was designed explicitly to keep unusual options
    out of the hot path.


    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  6. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC



    On Sat, 12 Apr 2008, H. Peter Anvin wrote:

    >
    > I also saw no mention about performance impact, which need to be
    > considered whenever *anything* is proposed to be inserted into a hot
    > path. It may be (heck, *should be*) that the performance impact isn't
    > measurable, but that needs to be positively established.
    >
    > -hpa
    >


    It took me a while, but I have done some tests om my system with and
    without my patch applied.

    All deamons but klogd/syslogd were shut down andI used the following
    command:

    LMBENCH_SCHED="SINGLE" \
    /usr/lib/lmbench/bin/{i686-pc,x86_64}-linux-gnu/lat_ctx -s 0 2

    The variation was quite high so I ran it a 1000 times for each
    configuration.

    x86_32, patch applied, 1000x repeated, avg: 1.319, rmse: 0.081
    x86_32, patch not applied, 1000x repeated, avg: 1.335, rmse: 0.107

    x86_64, patch applied, 1000x repeated, avg: 1.417, rmse: 0.0716
    x86_64, patch not applied, 1000x repeated, avg: 1.423, rmse: 0.0745

    This is on a core 2 duo E6300.

    Erik
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  7. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    Erik Bosman wrote:
    >
    > It took me a while, but I have done some tests om my system with and
    > without my patch applied.
    >
    > All deamons but klogd/syslogd were shut down andI used the following
    > command:
    >
    > LMBENCH_SCHED="SINGLE" \
    > /usr/lib/lmbench/bin/{i686-pc,x86_64}-linux-gnu/lat_ctx -s 0 2
    >
    > The variation was quite high so I ran it a 1000 times for each
    > configuration.
    >
    > x86_32, patch applied, 1000x repeated, avg: 1.319, rmse: 0.081
    > x86_32, patch not applied, 1000x repeated, avg: 1.335, rmse: 0.107
    >
    > x86_64, patch applied, 1000x repeated, avg: 1.417, rmse: 0.0716
    > x86_64, patch not applied, 1000x repeated, avg: 1.423, rmse: 0.0745
    >
    > This is on a core 2 duo E6300.
    >


    OK, so it sounds like there is no measurable difference. Good.

    -hpa
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  8. re: [PATCH 2/3-REVISED] x86: Implement prctl PR_GET_TSC and PR_SET_TSC


    (I have made it non-configurable and it does not touch kernel/seccomp.c
    anymore. I only changed ifdef/endifs)

    This patch implements the PR_GET_TSC and PR_SET_TSC prctl()
    commands on the x86 platform (both 32 and 64 bit.) These
    commands control the ability to read the timestamp counter
    from userspace (the RDTSC instruction.)

    While the RDTSC instuction is a useful profiling tool,
    it is also the source of some non-determinism in ring-3.
    For deterministic replay applications it is useful to be
    able to trap and emulate (and record the outcome of) this
    instruction.

    This patch uses code earlier used to disable the timestamp
    counter for the SECCOMP framework. A side-effect of this
    patch is that the SECCOMP environment will now also disable
    the timestamp counter on x86_64 due to the addition of the
    TIF_NOTSC define on this platform.

    The code which enables/disables the RDTSC instruction during
    context switches is in the __switch_to_xtra function, which
    already handles other unusual conditions, so normal
    performance should not have to suffer from this change.

    Signed-off-by: Erik Bosman

    ---
    arch/x86/kernel/process_32.c | 43 +++++++++++++++++++++--
    arch/x86/kernel/process_64.c | 68 ++++++++++++++++++++++++++++++++++++++
    include/asm-x86/processor.h | 7 ++++
    include/asm-x86/thread_info_64.h | 4 ++-
    include/asm-x86/tsc.h | 1 +
    5 files changed, 118 insertions(+), 5 deletions(-)

    diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
    index 6496344..e99e615 100644
    --- a/arch/x86/kernel/process_32.c
    +++ b/arch/x86/kernel/process_32.c
    @@ -36,6 +36,7 @@
    #include
    #include
    #include
    +#include

    #include
    #include
    @@ -528,11 +529,11 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    }
    EXPORT_SYMBOL_GPL(start_thread);

    -#ifdef CONFIG_SECCOMP
    static void hard_disable_TSC(void)
    {
    write_cr4(read_cr4() | X86_CR4_TSD);
    }
    +
    void disable_TSC(void)
    {
    preempt_disable();
    @@ -544,11 +545,47 @@ void disable_TSC(void)
    hard_disable_TSC();
    preempt_enable();
    }
    +
    static void hard_enable_TSC(void)
    {
    write_cr4(read_cr4() & ~X86_CR4_TSD);
    }
    -#endif /* CONFIG_SECCOMP */
    +
    +void enable_TSC(void)
    +{
    + preempt_disable();
    + if (test_and_clear_thread_flag(TIF_NOTSC))
    + /*
    + * Must flip the CPU state synchronously with
    + * TIF_NOTSC in the current running context.
    + */
    + hard_enable_TSC();
    + preempt_enable();
    +}
    +
    +int get_tsc_mode(unsigned long adr)
    +{
    + unsigned int val;
    +
    + if (test_thread_flag(TIF_NOTSC))
    + val = PR_TSC_SIGSEGV;
    + else
    + val = PR_TSC_ENABLE;
    +
    + return put_user(val, (unsigned int __user *)adr);
    +}
    +
    +int set_tsc_mode(unsigned int val)
    +{
    + if (val == PR_TSC_SIGSEGV)
    + disable_TSC();
    + else if (val == PR_TSC_ENABLE)
    + enable_TSC();
    + else
    + return -EINVAL;
    +
    + return 0;
    +}

    static noinline void
    __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
    @@ -582,7 +619,6 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
    set_debugreg(next->debugreg7, 7);
    }

    -#ifdef CONFIG_SECCOMP
    if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
    test_tsk_thread_flag(next_p, TIF_NOTSC)) {
    /* prev and next are different */
    @@ -591,7 +627,6 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
    else
    hard_enable_TSC();
    }
    -#endif

    #ifdef X86_BTS
    if (test_tsk_thread_flag(prev_p, TIF_BTS_TRACE_TS))
    diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
    index 043a0c8..efa98af 100644
    --- a/arch/x86/kernel/process_64.c
    +++ b/arch/x86/kernel/process_64.c
    @@ -37,6 +37,7 @@
    #include
    #include
    #include
    +#include

    #include
    #include
    @@ -555,6 +556,64 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    }
    EXPORT_SYMBOL_GPL(start_thread);

    +static void hard_disable_TSC(void)
    +{
    + write_cr4(read_cr4() | X86_CR4_TSD);
    +}
    +
    +void disable_TSC(void)
    +{
    + preempt_disable();
    + if (!test_and_set_thread_flag(TIF_NOTSC))
    + /*
    + * Must flip the CPU state synchronously with
    + * TIF_NOTSC in the current running context.
    + */
    + hard_disable_TSC();
    + preempt_enable();
    +}
    +
    +static void hard_enable_TSC(void)
    +{
    + write_cr4(read_cr4() & ~X86_CR4_TSD);
    +}
    +
    +void enable_TSC(void)
    +{
    + preempt_disable();
    + if (test_and_clear_thread_flag(TIF_NOTSC))
    + /*
    + * Must flip the CPU state synchronously with
    + * TIF_NOTSC in the current running context.
    + */
    + hard_enable_TSC();
    + preempt_enable();
    +}
    +
    +int get_tsc_mode(unsigned long adr)
    +{
    + unsigned int val;
    +
    + if (test_thread_flag(TIF_NOTSC))
    + val = PR_TSC_SIGSEGV;
    + else
    + val = PR_TSC_ENABLE;
    +
    + return put_user(val, (unsigned int __user *)adr);
    +}
    +
    +int set_tsc_mode(unsigned int val)
    +{
    + if (val == PR_TSC_SIGSEGV)
    + disable_TSC();
    + else if (val == PR_TSC_ENABLE)
    + enable_TSC();
    + else
    + return -EINVAL;
    +
    + return 0;
    +}
    +
    /*
    * This special macro can be used to load a debugging register
    */
    @@ -592,6 +651,15 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
    loaddebug(next, 7);
    }

    + if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
    + test_tsk_thread_flag(next_p, TIF_NOTSC)) {
    + /* prev and next are different */
    + if (test_tsk_thread_flag(next_p, TIF_NOTSC))
    + hard_disable_TSC();
    + else
    + hard_enable_TSC();
    + }
    +
    if (test_tsk_thread_flag(next_p, TIF_IO_BITMAP)) {
    /*
    * Copy the relevant range of the IO bitmap.
    diff --git a/include/asm-x86/processor.h b/include/asm-x86/processor.h
    index 7b1e3a8..e6bf92d 100644
    --- a/include/asm-x86/processor.h
    +++ b/include/asm-x86/processor.h
    @@ -921,4 +921,11 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,

    #define KSTK_EIP(task) (task_pt_regs(task)->ip)

    +/* Get/set a process' ability to use the timestamp counter instruction */
    +#define GET_TSC_CTL(adr) get_tsc_mode((adr))
    +#define SET_TSC_CTL(val) set_tsc_mode((val))
    +
    +extern int get_tsc_mode(unsigned long adr);
    +extern int set_tsc_mode(unsigned int val);
    +
    #endif
    diff --git a/include/asm-x86/thread_info_64.h b/include/asm-x86/thread_info_64.h
    index f23fefc..ed664e8 100644
    --- a/include/asm-x86/thread_info_64.h
    +++ b/include/asm-x86/thread_info_64.h
    @@ -124,6 +124,7 @@ static inline struct thread_info *stack_thread_info(void)
    #define TIF_DEBUGCTLMSR 25 /* uses thread_struct.debugctlmsr */
    #define TIF_DS_AREA_MSR 26 /* uses thread_struct.ds_area_msr */
    #define TIF_BTS_TRACE_TS 27 /* record scheduling event timestamps */
    +#define TIF_NOTSC 28 /* TSC is not accessible in userland */

    #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
    #define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
    @@ -145,6 +146,7 @@ static inline struct thread_info *stack_thread_info(void)
    #define _TIF_DEBUGCTLMSR (1 << TIF_DEBUGCTLMSR)
    #define _TIF_DS_AREA_MSR (1 << TIF_DS_AREA_MSR)
    #define _TIF_BTS_TRACE_TS (1 << TIF_BTS_TRACE_TS)
    +#define _TIF_NOTSC (1 << TIF_NOTSC)

    /* work to do on interrupt/exception return */
    #define _TIF_WORK_MASK \
    @@ -158,7 +160,7 @@ static inline struct thread_info *stack_thread_info(void)

    /* flags to check in __switch_to() */
    #define _TIF_WORK_CTXSW \
    - (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR| _TIF_BTS_TRACE_TS)
    + (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR| _TIF_BTS_TRACE_TS|_TIF_NOTSC)
    #define _TIF_WORK_CTXSW_PREV _TIF_WORK_CTXSW
    #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)

    diff --git a/include/asm-x86/tsc.h b/include/asm-x86/tsc.h
    index d2d8eb5..0434bd8 100644
    --- a/include/asm-x86/tsc.h
    +++ b/include/asm-x86/tsc.h
    @@ -18,6 +18,7 @@ extern unsigned int cpu_khz;
    extern unsigned int tsc_khz;

    extern void disable_TSC(void);
    +extern void enable_TSC(void);

    static inline cycles_t get_cycles(void)
    {
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  9. Re: [PATCH 2/3-REVISED] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    On Mon, 14 Apr 2008 00:24:18 +0200 (CEST)
    Erik Bosman wrote:

    >
    > (I have made it non-configurable and it does not touch
    > kernel/seccomp.c anymore. I only changed ifdef/endifs)
    >
    > This patch implements the PR_GET_TSC and PR_SET_TSC prctl()
    > commands on the x86 platform (both 32 and 64 bit.) These
    > commands control the ability to read the timestamp counter
    > from userspace (the RDTSC instruction.)
    >
    > While the RDTSC instuction is a useful profiling tool,
    > it is also the source of some non-determinism in ring-3.
    > For deterministic replay applications it is useful to be
    > able to trap and emulate (and record the outcome of) this
    > instruction.
    >
    > This patch uses code earlier used to disable the timestamp
    > counter for the SECCOMP framework. A side-effect of this
    > patch is that the SECCOMP environment will now also disable
    > the timestamp counter on x86_64 due to the addition of the
    > TIF_NOTSC define on this platform.
    >
    > The code which enables/disables the RDTSC instruction during
    > context switches is in the __switch_to_xtra function, which
    > already handles other unusual conditions, so normal
    > performance should not have to suffer from this change.
    >
    > Signed-off-by: Erik Bosman



    I like this a whole lot more than the previous version; in fact
    I like how it gets rid of various ifdefs. It's a bit unfortunate that
    it duplicates for 32/64 bit but this code isn't unified yet, and at least
    your 2 functions are identical, making it not hard to deal with in the unification.
    (so .. not your fault you did all the right things)


    Acked-by: Arjan van de Ven



    Btw one other reason I like this general approach is that we can now start to get
    apps to ask for the tsc to be enabled when they use it, and then we can just say
    "no" on systems without reliable tsc...
    (obviously we can't do that right away but we should try to migrate to that approach)


    --
    If you want to reach me at my work email, use arjan@linux.intel.com
    For development, discussion and tips for power savings,
    visit http://www.lesswatts.org
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  10. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC


    * H. Peter Anvin wrote:

    >> This is on a core 2 duo E6300.

    >
    > OK, so it sounds like there is no measurable difference. Good.


    yep - that would be expected, as the patch only touches the
    switch_to_xtra() path so it does not actually modify any fastpath.

    any effect would be random code alignment changes, or perhaps some CPU
    internal inefficiency when running with TSCs disabled (which would be
    weird but still possible).

    Ingo
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  11. Re: [PATCH 2/3-REVISED] x86: Implement prctl PR_GET_TSC and PR_SET_TSC


    * Arjan van de Ven wrote:

    > I like this a whole lot more than the previous version; in fact I like
    > how it gets rid of various ifdefs. It's a bit unfortunate that it
    > duplicates for 32/64 bit but this code isn't unified yet, and at least
    > your 2 functions are identical, making it not hard to deal with in the
    > unification. (so .. not your fault you did all the right things)
    >
    > Acked-by: Arjan van de Ven


    thanks everyone for all the review - i've applied all three patches of
    Erik to x86.git and it's looking good so far in my testing as well.

    Ingo
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  12. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    Erik,

    Could you CC me please on kernel-userland API changes.

    Also it would be helpful if you could provide a short paragraph
    (plaintext is fine) that describes the new commands and would be
    suitable for inclusion in the prctl.2 (
    http://www.kernel.org/doc/man-pages/...2/prctl.2.html )
    man page -- would that be possible?

    Cheers,

    Michael

    On 4/11/08, Erik Bosman wrote:
    >
    > x86: Implement prctl PR_GET_TSC and PR_SET_TSC
    >
    > This patch adds a configure option CONFIG_DISABLE_TSC
    > (off by default) for the x86 platform to enable the
    > PR_GET_TSC and PR_SET_TSC commands. These control the
    > ability to use the timestamp counter from userspace
    > (the RDTSC instruction.)
    >
    > This patch uses code earlier used to disable the
    > timestamp counter for the SECCOMP framework. It used
    > to disable the RDTSC on 32 bit kernels, but allow it
    > on x86_64. This patch makes SECCOMP disable the
    > timestamp counter whenever CONFIG_DISABLE_TSC is
    > enabled.
    >
    > Signed-off-by: Erik Bosman
    > ---
    > arch/x86/Kconfig | 15 ++++++++
    > arch/x86/kernel/process_32.c | 46 ++++++++++++++++++++++--
    > arch/x86/kernel/process_64.c | 72 ++++++++++++++++++++++++++++++++++++++
    > include/asm-x86/processor.h | 11 ++++++
    > include/asm-x86/thread_info_64.h | 4 ++-
    > include/asm-x86/tsc.h | 3 ++
    > kernel/seccomp.c | 2 +-
    > 7 files changed, 148 insertions(+), 5 deletions(-)
    >
    > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
    > index 56bef39..8b79203 100644
    > --- a/arch/x86/Kconfig
    > +++ b/arch/x86/Kconfig
    > @@ -1122,6 +1122,21 @@ config IRQBALANCE
    > The default yes will allow the kernel to do irq load balancing.
    > Saying no will keep the kernel from doing irq load balancing.
    >
    > +config DISABLE_TSC
    > + def_bool n
    > + prompt "Make availability of the RDTSC instruction configurable"
    > + depends on (X86_32 || X86_64) && EXPERIMENTAL
    > + help
    > + While the RDTSC instruction allows for very precise time
    > + measurements, it is also a source for non-determinism
    > + during the execution of a process which can be a problem in some
    > + security contexts. This option adds prctl commands to configure
    > + and test the availability of the RDTSC instruction on a
    > + per-process basis. Choosing this option may cause a small
    > + performance hit during context switching.
    > +
    > + If unsure, say N.
    > +
    > config SECCOMP
    > def_bool y
    > prompt "Enable seccomp to safely compute untrusted bytecode"
    > diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
    > index 6496344..e6a861f 100644
    > --- a/arch/x86/kernel/process_32.c
    > +++ b/arch/x86/kernel/process_32.c
    > @@ -36,6 +36,7 @@
    > #include
    > #include
    > #include
    > +#include
    >
    > #include
    > #include
    > @@ -528,11 +529,12 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    > }
    > EXPORT_SYMBOL_GPL(start_thread);
    >
    > -#ifdef CONFIG_SECCOMP
    > +#ifdef CONFIG_DISABLE_TSC
    > static void hard_disable_TSC(void)
    > {
    > write_cr4(read_cr4() | X86_CR4_TSD);
    > }
    > +
    > void disable_TSC(void)
    > {
    > preempt_disable();
    > @@ -544,11 +546,48 @@ void disable_TSC(void)
    > hard_disable_TSC();
    > preempt_enable();
    > }
    > +
    > static void hard_enable_TSC(void)
    > {
    > write_cr4(read_cr4() & ~X86_CR4_TSD);
    > }
    > -#endif /* CONFIG_SECCOMP */
    > +
    > +void enable_TSC(void)
    > +{
    > + preempt_disable();
    > + if (test_and_clear_thread_flag(TIF_NOTSC))
    > + /*
    > + * Must flip the CPU state synchronously with
    > + * TIF_NOTSC in the current running context.
    > + */
    > + hard_enable_TSC();
    > + preempt_enable();
    > +}
    > +
    > +int get_tsc_mode(unsigned long adr)
    > +{
    > + unsigned int val;
    > +
    > + if (test_thread_flag(TIF_NOTSC))
    > + val = PR_TSC_SIGSEGV;
    > + else
    > + val = PR_TSC_ENABLE;
    > +
    > + return put_user(val, (unsigned int __user *)adr);
    > +}
    > +
    > +int set_tsc_mode(unsigned int val)
    > +{
    > + if (val == PR_TSC_SIGSEGV)
    > + disable_TSC();
    > + else if (val == PR_TSC_ENABLE)
    > + enable_TSC();
    > + else
    > + return -EINVAL;
    > +
    > + return 0;
    > +}
    > +#endif /* CONFIG_DISABLE_TSC */
    >
    > static noinline void
    > __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
    > @@ -582,7 +621,7 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
    > set_debugreg(next->debugreg7, 7);
    > }
    >
    > -#ifdef CONFIG_SECCOMP
    > +#ifdef CONFIG_DISABLE_TSC
    > if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
    > test_tsk_thread_flag(next_p, TIF_NOTSC)) {
    > /* prev and next are different */
    > @@ -839,3 +878,4 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
    > unsigned long range_end = mm->brk + 0x02000000;
    > return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
    > }
    > +
    > diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
    > index 043a0c8..8ef8a2f 100644
    > --- a/arch/x86/kernel/process_64.c
    > +++ b/arch/x86/kernel/process_64.c
    > @@ -37,6 +37,7 @@
    > #include
    > #include
    > #include
    > +#include
    >
    > #include
    > #include
    > @@ -555,6 +556,66 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    > }
    > EXPORT_SYMBOL_GPL(start_thread);
    >
    > +#ifdef CONFIG_DISABLE_TSC
    > +static void hard_disable_TSC(void)
    > +{
    > + write_cr4(read_cr4() | X86_CR4_TSD);
    > +}
    > +
    > +void disable_TSC(void)
    > +{
    > + preempt_disable();
    > + if (!test_and_set_thread_flag(TIF_NOTSC))
    > + /*
    > + * Must flip the CPU state synchronously with
    > + * TIF_NOTSC in the current running context.
    > + */
    > + hard_disable_TSC();
    > + preempt_enable();
    > +}
    > +
    > +static void hard_enable_TSC(void)
    > +{
    > + write_cr4(read_cr4() & ~X86_CR4_TSD);
    > +}
    > +
    > +void enable_TSC(void)
    > +{
    > + preempt_disable();
    > + if (test_and_clear_thread_flag(TIF_NOTSC))
    > + /*
    > + * Must flip the CPU state synchronously with
    > + * TIF_NOTSC in the current running context.
    > + */
    > + hard_enable_TSC();
    > + preempt_enable();
    > +}
    > +
    > +int get_tsc_mode(unsigned long adr)
    > +{
    > + unsigned int val;
    > +
    > + if (test_thread_flag(TIF_NOTSC))
    > + val = PR_TSC_SIGSEGV;
    > + else
    > + val = PR_TSC_ENABLE;
    > +
    > + return put_user(val, (unsigned int __user *)adr);
    > +}
    > +
    > +int set_tsc_mode(unsigned int val)
    > +{
    > + if (val == PR_TSC_SIGSEGV)
    > + disable_TSC();
    > + else if (val == PR_TSC_ENABLE)
    > + enable_TSC();
    > + else
    > + return -EINVAL;
    > +
    > + return 0;
    > +}
    > +#endif /* CONFIG_DISABLE_TSC */
    > +
    > /*
    > * This special macro can be used to load a debugging register
    > */
    > @@ -592,6 +653,17 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
    > loaddebug(next, 7);
    > }
    >
    > +#ifdef CONFIG_DISABLE_TSC
    > + if (test_tsk_thread_flag(prev_p, TIF_NOTSC) ^
    > + test_tsk_thread_flag(next_p, TIF_NOTSC)) {
    > + /* prev and next are different */
    > + if (test_tsk_thread_flag(next_p, TIF_NOTSC))
    > + hard_disable_TSC();
    > + else
    > + hard_enable_TSC();
    > + }
    > +#endif
    > +
    > if (test_tsk_thread_flag(next_p, TIF_IO_BITMAP)) {
    > /*
    > * Copy the relevant range of the IO bitmap.
    > diff --git a/include/asm-x86/processor.h b/include/asm-x86/processor.h
    > index 7b1e3a8..64eea62 100644
    > --- a/include/asm-x86/processor.h
    > +++ b/include/asm-x86/processor.h
    > @@ -921,4 +921,15 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
    >
    > #define KSTK_EIP(task) (task_pt_regs(task)->ip)
    >
    > +#ifdef CONFIG_DISABLE_TSC
    > +
    > +/* Get/set a process' ability to use the timestamp counter instruction */
    > +#define GET_TSC_CTL(adr) get_tsc_mode((adr))
    > +#define SET_TSC_CTL(val) set_tsc_mode((val))
    > +
    > +extern int get_tsc_mode(unsigned long adr);
    > +extern int set_tsc_mode(unsigned int val);
    > +
    > +#endif
    > +
    > #endif
    > diff --git a/include/asm-x86/thread_info_64.h b/include/asm-x86/thread_info_64.h
    > index f23fefc..ed664e8 100644
    > --- a/include/asm-x86/thread_info_64.h
    > +++ b/include/asm-x86/thread_info_64.h
    > @@ -124,6 +124,7 @@ static inline struct thread_info *stack_thread_info(void)
    > #define TIF_DEBUGCTLMSR 25 /* uses thread_struct.debugctlmsr */
    > #define TIF_DS_AREA_MSR 26 /* uses thread_struct.ds_area_msr */
    > #define TIF_BTS_TRACE_TS 27 /* record scheduling event timestamps */
    > +#define TIF_NOTSC 28 /* TSC is not accessible in userland */
    >
    > #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
    > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
    > @@ -145,6 +146,7 @@ static inline struct thread_info *stack_thread_info(void)
    > #define _TIF_DEBUGCTLMSR (1 << TIF_DEBUGCTLMSR)
    > #define _TIF_DS_AREA_MSR (1 << TIF_DS_AREA_MSR)
    > #define _TIF_BTS_TRACE_TS (1 << TIF_BTS_TRACE_TS)
    > +#define _TIF_NOTSC (1 << TIF_NOTSC)
    >
    > /* work to do on interrupt/exception return */
    > #define _TIF_WORK_MASK \
    > @@ -158,7 +160,7 @@ static inline struct thread_info *stack_thread_info(void)
    >
    > /* flags to check in __switch_to() */
    > #define _TIF_WORK_CTXSW \
    > - (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR| _TIF_BTS_TRACE_TS)
    > + (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR| _TIF_BTS_TRACE_TS|_TIF_NOTSC)
    > #define _TIF_WORK_CTXSW_PREV _TIF_WORK_CTXSW
    > #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)
    >
    > diff --git a/include/asm-x86/tsc.h b/include/asm-x86/tsc.h
    > index d2d8eb5..3281e21 100644
    > --- a/include/asm-x86/tsc.h
    > +++ b/include/asm-x86/tsc.h
    > @@ -17,7 +17,10 @@ typedef unsigned long long cycles_t;
    > extern unsigned int cpu_khz;
    > extern unsigned int tsc_khz;
    >
    > +#ifdef CONFIG_DISABLE_TSC
    > extern void disable_TSC(void);
    > +extern void enable_TSC(void);
    > +#endif
    >
    > static inline cycles_t get_cycles(void)
    > {
    > diff --git a/kernel/seccomp.c b/kernel/seccomp.c
    > index ad64fcb..0e0c7f0 100644
    > --- a/kernel/seccomp.c
    > +++ b/kernel/seccomp.c
    > @@ -74,7 +74,7 @@ long prctl_set_seccomp(unsigned long seccomp_mode)
    > if (seccomp_mode && seccomp_mode <= NR_SECCOMP_MODES) {
    > current->seccomp.mode = seccomp_mode;
    > set_thread_flag(TIF_SECCOMP);
    > -#ifdef TIF_NOTSC
    > +#ifdef CONFIG_DISABLE_TSC
    > disable_TSC();
    > #endif
    > ret = 0;
    >
    > --
    > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    > the body of a message to majordomo@vger.kernel.org
    > More majordomo info at http://vger.kernel.org/majordomo-info.html
    > Please read the FAQ at http://www.tux.org/lkml/
    >



    --
    I'll likely only see replies if they are CCed to mtk.manpages at gmail dot com
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  13. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC



    On Mon, 14 Apr 2008, Michael Kerrisk wrote:

    > Erik,
    >
    > Could you CC me please on kernel-userland API changes.
    >
    > Also it would be helpful if you could provide a short paragraph
    > (plaintext is fine) that describes the new commands and would be
    > suitable for inclusion in the prctl.2 (
    > http://www.kernel.org/doc/man-pages/...2/prctl.2.html )
    > man page -- would that be possible?
    >
    > Cheers,
    >
    > Michael
    >


    ..TP
    ..B PR_SET_TSC
    (Since Linux 2.6.??, only on x86)
    Set the state of the flag determining whether the timestamp counter
    can be read by the process. Pass
    \fBPR_TSC_ENABLE\fP to \fIarg2\fP to allow it to be read, or
    \fBPR_TSC_SIGSEGV\fP to generate a \fBSIGSEGV\fP when the process tries
    to read the timestamp counter.
    ..TP
    ..B PR_GET_TSC
    (Since Linux 2.6.??, only on x86)
    Get the state of the flag determining whether the timestamp counter
    can be read from \fIarg2\fP.

    This is what I would say. I hope it's clear.

    Erik
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  14. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    On Mon, Apr 14, 2008 at 1:59 PM, Erik Bosman wrote:
    >
    >
    >
    > On Mon, 14 Apr 2008, Michael Kerrisk wrote:
    >
    > > Erik,
    > >
    > > Could you CC me please on kernel-userland API changes.
    > >
    > > Also it would be helpful if you could provide a short paragraph
    > > (plaintext is fine) that describes the new commands and would be
    > > suitable for inclusion in the prctl.2 (
    > > http://www.kernel.org/doc/man-pages/...2/prctl.2.html )
    > > man page -- would that be possible?
    > >
    > > Cheers,
    > >
    > > Michael
    > >

    >
    > .TP
    > .B PR_SET_TSC
    > (Since Linux 2.6.??, only on x86)
    > Set the state of the flag determining whether the timestamp counter
    > can be read by the process. Pass
    > \fBPR_TSC_ENABLE\fP to \fIarg2\fP to allow it to be read, or
    > \fBPR_TSC_SIGSEGV\fP to generate a \fBSIGSEGV\fP when the process tries
    > to read the timestamp counter.
    > .TP
    > .B PR_GET_TSC
    > (Since Linux 2.6.??, only on x86)
    > Get the state of the flag determining whether the timestamp counter
    > can be read from \fIarg2\fP.


    Thanks Erik. Looks good as a first cut -- I may come back to you with
    questions.

    It sounds like this might go into mainline in 2.6.26, is that right?

    Cheers,

    Michael
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  15. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    On Fri, 11 Apr 2008 18:55:58 +0200 (CEST) Erik Bosman wrote:

    >
    > x86: Implement prctl PR_GET_TSC and PR_SET_TSC
    >
    > This patch adds a configure option CONFIG_DISABLE_TSC
    > (off by default) for the x86 platform to enable the
    > PR_GET_TSC and PR_SET_TSC commands. These control the
    > ability to use the timestamp counter from userspace
    > (the RDTSC instruction.)
    >
    > This patch uses code earlier used to disable the
    > timestamp counter for the SECCOMP framework. It used
    > to disable the RDTSC on 32 bit kernels, but allow it
    > on x86_64. This patch makes SECCOMP disable the
    > timestamp counter whenever CONFIG_DISABLE_TSC is
    > enabled.
    >
    > ...
    >
    > +config DISABLE_TSC
    > + def_bool n
    > + prompt "Make availability of the RDTSC instruction configurable"
    > + depends on (X86_32 || X86_64) && EXPERIMENTAL
    > + help
    > + While the RDTSC instruction allows for very precise time
    > + measurements, it is also a source for non-determinism
    > + during the execution of a process which can be a problem in some
    > + security contexts. This option adds prctl commands to configure
    > + and test the availability of the RDTSC instruction on a
    > + per-process basis. Choosing this option may cause a small
    > + performance hit during context switching.
    > +
    > + If unsure, say N.
    > +
    > config SECCOMP
    > def_bool y
    > prompt "Enable seccomp to safely compute untrusted bytecode"
    > diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
    > index 6496344..e6a861f 100644
    > --- a/arch/x86/kernel/process_32.c
    > +++ b/arch/x86/kernel/process_32.c
    > @@ -36,6 +36,7 @@
    > #include
    > #include
    > #include
    > +#include
    >
    > #include
    > #include
    > @@ -528,11 +529,12 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    > }
    > EXPORT_SYMBOL_GPL(start_thread);
    >
    > -#ifdef CONFIG_SECCOMP
    > +#ifdef CONFIG_DISABLE_TSC
    > static void hard_disable_TSC(void)
    > {
    > write_cr4(read_cr4() | X86_CR4_TSD);
    > }


    Won't this break this build if CONFIG_DISABLE_TSC=n and CONFIG_SECCOMP=y?


    The prctl.h and sys.c parts look OK to me. I'll consider this a git-x86
    patch.
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  16. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC


    * Andrew Morton wrote:

    > > --- a/arch/x86/kernel/process_32.c
    > > +++ b/arch/x86/kernel/process_32.c
    > > @@ -36,6 +36,7 @@
    > > #include
    > > #include
    > > #include
    > > +#include
    > >
    > > #include
    > > #include
    > > @@ -528,11 +529,12 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
    > > }
    > > EXPORT_SYMBOL_GPL(start_thread);
    > >
    > > -#ifdef CONFIG_SECCOMP
    > > +#ifdef CONFIG_DISABLE_TSC
    > > static void hard_disable_TSC(void)
    > > {
    > > write_cr4(read_cr4() | X86_CR4_TSD);
    > > }

    >
    > Won't this break this build if CONFIG_DISABLE_TSC=n and
    > CONFIG_SECCOMP=y?


    it would break - but there was an update patch to this 2/3 patch which
    was the one i picked up into x86.git yesterday and which worked fine in
    500 overnight randconfig build and bootup tests.

    Ingo
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  17. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    On Mon, 14 Apr 2008, Erik Bosman wrote:

    >
    >
    > On Mon, 14 Apr 2008, Michael Kerrisk wrote:
    >
    > > Erik,
    > >
    > > Could you CC me please on kernel-userland API changes.
    > >
    > > Also it would be helpful if you could provide a short paragraph
    > > (plaintext is fine) that describes the new commands and would be
    > > suitable for inclusion in the prctl.2 (
    > > http://www.kernel.org/doc/man-pages/...2/prctl.2.html )
    > > man page -- would that be possible?
    > >
    > > Cheers,
    > >
    > > Michael
    > >

    >
    > .TP
    > .B PR_SET_TSC
    > (Since Linux 2.6.??, only on x86)
    > Set the state of the flag determining whether the timestamp counter
    > can be read by the process. Pass
    > \fBPR_TSC_ENABLE\fP to \fIarg2\fP to allow it to be read, or
    > \fBPR_TSC_SIGSEGV\fP to generate a \fBSIGSEGV\fP when the process tries
    > to read the timestamp counter.
    > .TP
    > .B PR_GET_TSC
    > (Since Linux 2.6.??, only on x86)
    > Get the state of the flag determining whether the timestamp counter
    > can be read from \fIarg2\fP.


    i might be too late... but shouldn't these #defines be PR_SET_RDTSC and
    PR_GET_RDTSC or something like that?

    to me calling them PR_SET_TSC/PR_GET_TSC just seem like alternative ways
    to change/get the TSC (and could even reduce to portable TSC
    implementations... since such registers do exist on other architectures).

    -dean
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  18. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    dean gaudet wrote:
    >
    > i might be too late... but shouldn't these #defines be PR_SET_RDTSC and
    > PR_GET_RDTSC or something like that?
    >
    > to me calling them PR_SET_TSC/PR_GET_TSC just seem like alternative ways
    > to change/get the TSC (and could even reduce to portable TSC
    > implementations... since such registers do exist on other architectures).
    >


    I would argue no, the flag is "is the TSC available". RDTSC is an
    x86-specific name and would map poorly onto other architectures.

    -hpa
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  19. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    On Sat, 26 Apr 2008, H. Peter Anvin wrote:

    > dean gaudet wrote:
    > >
    > > i might be too late... but shouldn't these #defines be PR_SET_RDTSC and
    > > PR_GET_RDTSC or something like that?
    > >
    > > to me calling them PR_SET_TSC/PR_GET_TSC just seem like alternative ways to
    > > change/get the TSC (and could even reduce to portable TSC implementations...
    > > since such registers do exist on other architectures).
    > >

    >
    > I would argue no, the flag is "is the TSC available". RDTSC is an
    > x86-specific name and would map poorly onto other architectures.


    yeah but "SET TSC" to me reads as "set the TSC".... i read nothing about
    making some instruction available or not.

    although clock_gettime/clock_settime could more natural APIs for such
    things.

    -dean
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  20. Re: [PATCH 2/3] x86: Implement prctl PR_GET_TSC and PR_SET_TSC

    dean gaudet wrote:
    > On Sat, 26 Apr 2008, H. Peter Anvin wrote:
    >
    >> dean gaudet wrote:
    >>> i might be too late... but shouldn't these #defines be PR_SET_RDTSC and
    >>> PR_GET_RDTSC or something like that?
    >>>
    >>> to me calling them PR_SET_TSC/PR_GET_TSC just seem like alternative ways to
    >>> change/get the TSC (and could even reduce to portable TSC implementations...
    >>> since such registers do exist on other architectures).
    >>>

    >> I would argue no, the flag is "is the TSC available". RDTSC is an
    >> x86-specific name and would map poorly onto other architectures.

    >
    > yeah but "SET TSC" to me reads as "set the TSC".... i read nothing about
    > making some instruction available or not.
    >
    > although clock_gettime/clock_settime could more natural APIs for such
    > things.
    >


    PR_SET/PR_GET are the common prefixes, though.

    -hpa
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread
Page 1 of 2 1 2 LastLast