sched: prctl() core-scheduling interface

This patch provides support for setting and copying core scheduling
'task cookies' between threads (PID), processes (TGID), and process
groups (PGID).

The value of core scheduling isn't that tasks don't share a core,
'nosmt' can do that. The value lies in exploiting all the sharing
opportunities that exist to recover possible lost performance and that
requires a degree of flexibility in the API.

From a security perspective (and there are others), the thread,
process and process group distinction is an existent hierarchal
categorization of tasks that reflects many of the security concerns
about 'data sharing'. For example, protecting against cache-snooping
by a thread that can just read the memory directly isn't all that
useful.

With this in mind, subcommands to CREATE/SHARE (TO/FROM) provide a
mechanism to create and share cookies. CREATE/SHARE_TO specify a
target pid with enum pidtype used to specify the scope of the targeted
tasks. For example, PIDTYPE_TGID will share the cookie with the
process and all of it's threads as typically desired in a security
scenario.

API:

  prctl(PR_SCHED_CORE, PR_SCHED_CORE_GET, tgtpid, pidtype, &cookie)
  prctl(PR_SCHED_CORE, PR_SCHED_CORE_CREATE, tgtpid, pidtype, NULL)
  prctl(PR_SCHED_CORE, PR_SCHED_CORE_SHARE_TO, tgtpid, pidtype, NULL)
  prctl(PR_SCHED_CORE, PR_SCHED_CORE_SHARE_FROM, srcpid, pidtype, NULL)

where 'tgtpid/srcpid == 0' implies the current process and pidtype is
kernel enum pid_type {PIDTYPE_PID, PIDTYPE_TGID, PIDTYPE_PGID, ...}.

For return values, EINVAL, ENOMEM are what they say. ESRCH means the
tgtpid/srcpid was not found. EPERM indicates lack of PTRACE permission
access to tgtpid/srcpid. ENODEV indicates your machines lacks SMT.

[peterz: complete rewrite]
Signed-off-by: Chris Hyser <chris.hyser@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Don Hiatt <dhiatt@digitalocean.com>
Tested-by: Hongyu Ning <hongyu.ning@linux.intel.com>
Tested-by: Vincent Guittot <vincent.guittot@linaro.org>
Link: https://lkml.kernel.org/r/20210422123309.039845339@infradead.org

diff --git a/include/linux/sched.h b/include/linux/sched.h
index fba47e52e482b7b6fc5c3463a7660ebb6d3a4bea..c7e7d50e2fdca1a37bfa31c841d5935bb768bc38 100644 (file)
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -2182,6 +2182,8 @@ const struct cpumask *sched_trace_rd_span(struct root_domain *rd);
 #ifdef CONFIG_SCHED_CORE
 extern void sched_core_free(struct task_struct *tsk);
 extern void sched_core_fork(struct task_struct *p);
+extern int sched_core_share_pid(unsigned int cmd, pid_t pid, enum pid_type type,
+                               unsigned long uaddr);
 #else
 static inline void sched_core_free(struct task_struct *tsk) { }
 static inline void sched_core_fork(struct task_struct *p) { }

diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 18a9f59dc067f333d3a1c86343439917606cb36b..967d9c55323d1de08992d3abbd68eaf11bf0ae64 100644 (file)
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -259,4 +259,12 @@ struct prctl_mm_map {
 #define PR_PAC_SET_ENABLED_KEYS                60
 #define PR_PAC_GET_ENABLED_KEYS                61
 
+/* Request the scheduler to share a core */
+#define PR_SCHED_CORE                  62
+# define PR_SCHED_CORE_GET             0
+# define PR_SCHED_CORE_CREATE          1 /* create unique core_sched cookie */
+# define PR_SCHED_CORE_SHARE_TO                2 /* push core_sched cookie to pid */
+# define PR_SCHED_CORE_SHARE_FROM      3 /* pull core_sched cookie to pid */
+# define PR_SCHED_CORE_MAX             4
+
 #endif /* _LINUX_PRCTL_H */

diff --git a/kernel/sched/core_sched.c b/kernel/sched/core_sched.c
index dcbbeaefaaa3a6d0ec3c4cd0d6d075f9f2a8591e..9a80e9a474c07836308e0300a061a07c337894a1 100644 (file)
--- a/kernel/sched/core_sched.c
+++ b/kernel/sched/core_sched.c
@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 
+#include <linux/prctl.h>
 #include "sched.h"
 
 /*
@@ -113,3 +114,116 @@ void sched_core_free(struct task_struct *p)
 {
        sched_core_put_cookie(p->core_cookie);
 }
+
+static void __sched_core_set(struct task_struct *p, unsigned long cookie)
+{
+       cookie = sched_core_get_cookie(cookie);
+       cookie = sched_core_update_cookie(p, cookie);
+       sched_core_put_cookie(cookie);
+}
+
+/* Called from prctl interface: PR_SCHED_CORE */
+int sched_core_share_pid(unsigned int cmd, pid_t pid, enum pid_type type,
+                        unsigned long uaddr)
+{
+       unsigned long cookie = 0, id = 0;
+       struct task_struct *task, *p;
+       struct pid *grp;
+       int err = 0;
+
+       if (!static_branch_likely(&sched_smt_present))
+               return -ENODEV;
+
+       if (type > PIDTYPE_PGID || cmd >= PR_SCHED_CORE_MAX || pid < 0 ||
+           (cmd != PR_SCHED_CORE_GET && uaddr))
+               return -EINVAL;
+
+       rcu_read_lock();
+       if (pid == 0) {
+               task = current;
+       } else {
+               task = find_task_by_vpid(pid);
+               if (!task) {
+                       rcu_read_unlock();
+                       return -ESRCH;
+               }
+       }
+       get_task_struct(task);
+       rcu_read_unlock();
+
+       /*
+        * Check if this process has the right to modify the specified
+        * process. Use the regular "ptrace_may_access()" checks.
+        */
+       if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
+               err = -EPERM;
+               goto out;
+       }
+
+       switch (cmd) {
+       case PR_SCHED_CORE_GET:
+               if (type != PIDTYPE_PID || uaddr & 7) {
+                       err = -EINVAL;
+                       goto out;
+               }
+               cookie = sched_core_clone_cookie(task);
+               if (cookie) {
+                       /* XXX improve ? */
+                       ptr_to_hashval((void *)cookie, &id);
+               }
+               err = put_user(id, (u64 __user *)uaddr);
+               goto out;
+
+       case PR_SCHED_CORE_CREATE:
+               cookie = sched_core_alloc_cookie();
+               if (!cookie) {
+                       err = -ENOMEM;
+                       goto out;
+               }
+               break;
+
+       case PR_SCHED_CORE_SHARE_TO:
+               cookie = sched_core_clone_cookie(current);
+               break;
+
+       case PR_SCHED_CORE_SHARE_FROM:
+               if (type != PIDTYPE_PID) {
+                       err = -EINVAL;
+                       goto out;
+               }
+               cookie = sched_core_clone_cookie(task);
+               __sched_core_set(current, cookie);
+               goto out;
+
+       default:
+               err = -EINVAL;
+               goto out;
+       };
+
+       if (type == PIDTYPE_PID) {
+               __sched_core_set(task, cookie);
+               goto out;
+       }
+
+       read_lock(&tasklist_lock);
+       grp = task_pid_type(task, type);
+
+       do_each_pid_thread(grp, type, p) {
+               if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS)) {
+                       err = -EPERM;
+                       goto out_tasklist;
+               }
+       } while_each_pid_thread(grp, type, p);
+
+       do_each_pid_thread(grp, type, p) {
+               __sched_core_set(p, cookie);
+       } while_each_pid_thread(grp, type, p);
+out_tasklist:
+       read_unlock(&tasklist_lock);
+
+out:
+       sched_core_put_cookie(cookie);
+       put_task_struct(task);
+       return err;
+}
+

diff --git a/kernel/sys.c b/kernel/sys.c
index 3a583a29815fad382d7ecea351fd448ba3ae2a2a..9de46a4bf4921970c0ae3821934c2d5e4868308b 100644 (file)
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2550,6 +2550,11 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
                error = set_syscall_user_dispatch(arg2, arg3, arg4,
                                                  (char __user *) arg5);
                break;
+#ifdef CONFIG_SCHED_CORE
+       case PR_SCHED_CORE:
+               error = sched_core_share_pid(arg2, arg3, arg4, arg5);
+               break;
+#endif
        default:
                error = -EINVAL;
                break;

diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h
index 18a9f59dc067f333d3a1c86343439917606cb36b..967d9c55323d1de08992d3abbd68eaf11bf0ae64 100644 (file)
--- a/tools/include/uapi/linux/prctl.h
+++ b/tools/include/uapi/linux/prctl.h
@@ -259,4 +259,12 @@ struct prctl_mm_map {
 #define PR_PAC_SET_ENABLED_KEYS                60
 #define PR_PAC_GET_ENABLED_KEYS                61
 
+/* Request the scheduler to share a core */
+#define PR_SCHED_CORE                  62
+# define PR_SCHED_CORE_GET             0
+# define PR_SCHED_CORE_CREATE          1 /* create unique core_sched cookie */
+# define PR_SCHED_CORE_SHARE_TO                2 /* push core_sched cookie to pid */
+# define PR_SCHED_CORE_SHARE_FROM      3 /* pull core_sched cookie to pid */
+# define PR_SCHED_CORE_MAX             4
+
 #endif /* _LINUX_PRCTL_H */