From patchwork Fri May 1 15:14:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Domenico Andreoli X-Patchwork-Id: 11522761 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BF99C13B2 for ; Fri, 1 May 2020 15:25:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A8AEF2173E for ; Fri, 1 May 2020 15:25:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="N4CaCQn3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729004AbgEAPZH (ORCPT ); Fri, 1 May 2020 11:25:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728443AbgEAPZG (ORCPT ); Fri, 1 May 2020 11:25:06 -0400 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D873AC061A0C for ; Fri, 1 May 2020 08:25:05 -0700 (PDT) Received: by mail-wm1-x342.google.com with SMTP id u16so47059wmc.5 for ; Fri, 01 May 2020 08:25:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:resent-from:resent-date:resent-message-id:resent-to :message-id:user-agent:date:from:to:cc:subject:references :mime-version:content-disposition; bh=erJNQr0Rfhi8WM3USTM5ZowAbwumtVVITXyP8kHOOKc=; b=N4CaCQn3kBMztIEdTmfhkxKUlgDiAZA9wh2vKfcr4Dp8Qv/F4zXFxTA3gkxhcHa2GB 4sz9KSZed8UL34bBU33bAX/ZDiLv1eVRMWvbRhPgog4IM3r1sn220OwwgGv5hEPESHwf VhfW2Fgnb5mfWkbHfESW+JoLvMrgn4BGMSv6A3CuDf6h3bdCg1k0XbXHZL8jWYpO6KAL FbOacfLMihJ95366rhunChTq+LbxPnnFRy8E/30uQmKf3EetfLxEV/KlHPpiSaF4PvW4 EAjONSjyIrdzF7XP+URfi35UvUPpITlW2LWqs5AInniLd9wa07xjvypHNi+pRba/qfmm Rp2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:resent-from:resent-date:resent-message-id :resent-to:message-id:user-agent:date:from:to:cc:subject:references :mime-version:content-disposition; bh=erJNQr0Rfhi8WM3USTM5ZowAbwumtVVITXyP8kHOOKc=; b=Rk/+uitOKtzzXYKG7dbsouyjJk3+4yACICaxLP768V6qr11HU9daRJWB9ACBzz12V3 HRPiv+nnpqkZThMDDcpuMM87a5OXcYTTotsHWmdjwfoY4alBHYKRzcWGV8OIsuJR+aLO zXj8VJ2xNbYKH+8WqgNr5O9GZ/bp+UQBsZ8hkVBOE9VmVH0vqXCIeAZG53bQT1aXryfB uAq8mSkS/+p+dQ0gbCyQMxHoSaCbEeW+Xzcueb3YI27C2ZKEK5PW6z4wFuyMixB7KRBt jVmL2w5orhi12BPKEaCgG3TrcICjlaL757DGftUO1Ux5QjNzxIoUZ7ClH2tGkPbifOK7 2r8Q== X-Gm-Message-State: AGi0PubC3u/MNJgBRoNAgkbPAloWKjoT5rO0yyhbJ7gs5oybgVqWYlJe hVeU6Le0LwEUdOFPWQjkJyo= X-Google-Smtp-Source: APiQypKR/+jvB6rYqRXPhVgjh6RmqH/jH1O68TseqbScXphpjKUoX09hxrWtFXY9MxXd9d0b527OrA== X-Received: by 2002:a1c:1dc3:: with SMTP id d186mr104354wmd.90.1588346684334; Fri, 01 May 2020 08:24:44 -0700 (PDT) Received: from dumbo ([2a0b:f4c2::1]) by smtp.gmail.com with ESMTPSA id a7sm9559wmj.12.2020.05.01.08.24.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2020 08:24:42 -0700 (PDT) Received: from cavok by dumbo with local (Exim 4.92) (envelope-from ) id 1jUXWr-0006YL-0e; Fri, 01 May 2020 17:24:41 +0200 Message-Id: <20200501152304.523890160@gmail.com> User-Agent: quilt/0.65 Date: Fri, 01 May 2020 17:14:53 +0200 From: Domenico Andreoli To: "Rafael J. Wysocki" , Pavel Machek Cc: Linux PM , Domenico Andreoli Subject: [PATCH v2 1/2] hibernate: incorporate concurrency handling References: <20200501151452.621900831@gmail.com> MIME-Version: 1.0 Content-Disposition: inline; filename=hibernate-incorporate-concurrency-handling Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org From: Domenico Andreoli Hibernation concurrency handling is currently delegated to user.c, where it's also used for regulating the access to the snapshot device. In the prospective of making user.c a separate configuration option, such mutual exclusion is brought into hibernate.c and made available through accessor helpers hereby introduced. v2: - move the mutual exclusion to hibernate.c (it was in user.c) - switched to refcount_t API (it was atomic_t) Signed-off-by: Domenico Andreoli Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Linux PM --- kernel/power/hibernate.c | 20 ++++++++++++++++---- kernel/power/power.h | 4 ++-- kernel/power/user.c | 10 ++++------ 3 files changed, 22 insertions(+), 12 deletions(-) Index: b/kernel/power/user.c =================================================================== --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -37,8 +37,6 @@ static struct snapshot_data { bool free_bitmaps; } snapshot_state; -atomic_t snapshot_device_available = ATOMIC_INIT(1); - static int snapshot_open(struct inode *inode, struct file *filp) { struct snapshot_data *data; @@ -49,13 +47,13 @@ static int snapshot_open(struct inode *i lock_system_sleep(); - if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { + if (!hibernate_acquire()) { error = -EBUSY; goto Unlock; } if ((filp->f_flags & O_ACCMODE) == O_RDWR) { - atomic_inc(&snapshot_device_available); + hibernate_release(); error = -ENOSYS; goto Unlock; } @@ -92,7 +90,7 @@ static int snapshot_open(struct inode *i __pm_notifier_call_chain(PM_POST_RESTORE, nr_calls, NULL); } if (error) - atomic_inc(&snapshot_device_available); + hibernate_release(); data->frozen = false; data->ready = false; @@ -122,7 +120,7 @@ static int snapshot_release(struct inode } pm_notifier_call_chain(data->mode == O_RDONLY ? PM_POST_HIBERNATION : PM_POST_RESTORE); - atomic_inc(&snapshot_device_available); + hibernate_release(); unlock_system_sleep(); Index: b/kernel/power/power.h =================================================================== --- a/kernel/power/power.h +++ b/kernel/power/power.h @@ -154,8 +154,8 @@ extern int snapshot_write_next(struct sn extern void snapshot_write_finalize(struct snapshot_handle *handle); extern int snapshot_image_loaded(struct snapshot_handle *handle); -/* If unset, the snapshot device cannot be open. */ -extern atomic_t snapshot_device_available; +extern bool hibernate_acquire(void); +extern void hibernate_release(void); extern sector_t alloc_swapdev_block(int swap); extern void free_all_swap_pages(int swap); Index: b/kernel/power/hibernate.c =================================================================== --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -67,6 +67,18 @@ bool freezer_test_done; static const struct platform_hibernation_ops *hibernation_ops; +static refcount_t hibernate_refcount = REFCOUNT_INIT(1); + +bool hibernate_acquire(void) +{ + return refcount_add_not_zero(-1, &hibernate_refcount); +} + +void hibernate_release(void) +{ + refcount_inc(&hibernate_refcount); +} + bool hibernation_available(void) { return nohibernate == 0 && !security_locked_down(LOCKDOWN_HIBERNATION); @@ -704,7 +716,7 @@ int hibernate(void) lock_system_sleep(); /* The snapshot device should not be opened while we're running */ - if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { + if (!hibernate_acquire()) { error = -EBUSY; goto Unlock; } @@ -775,7 +787,7 @@ int hibernate(void) Exit: __pm_notifier_call_chain(PM_POST_HIBERNATION, nr_calls, NULL); pm_restore_console(); - atomic_inc(&snapshot_device_available); + hibernate_release(); Unlock: unlock_system_sleep(); pr_info("hibernation exit\n"); @@ -880,7 +892,7 @@ static int software_resume(void) goto Unlock; /* The snapshot device should not be opened while we're running */ - if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { + if (!hibernate_acquire()) { error = -EBUSY; swsusp_close(FMODE_READ); goto Unlock; @@ -904,7 +916,7 @@ static int software_resume(void) __pm_notifier_call_chain(PM_POST_RESTORE, nr_calls, NULL); pm_restore_console(); pr_info("resume failed (%d)\n", error); - atomic_inc(&snapshot_device_available); + hibernate_release(); /* For success case, the suspend path will release the lock */ Unlock: mutex_unlock(&system_transition_mutex); From patchwork Fri May 1 15:14:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Domenico Andreoli X-Patchwork-Id: 11522765 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D24814B4 for ; Fri, 1 May 2020 15:25:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2584D216FD for ; Fri, 1 May 2020 15:25:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iftNOmp1" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729759AbgEAPZN (ORCPT ); Fri, 1 May 2020 11:25:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728443AbgEAPZM (ORCPT ); Fri, 1 May 2020 11:25:12 -0400 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29593C061A0C for ; Fri, 1 May 2020 08:25:11 -0700 (PDT) Received: by mail-wm1-x330.google.com with SMTP id u16so47075wmc.5 for ; Fri, 01 May 2020 08:25:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:resent-from:resent-date:resent-message-id:resent-to :message-id:user-agent:date:from:to:cc:subject:references :mime-version:content-disposition; bh=hstys9wIAfhbwE6wNgZrl/SKnLndXvXa9vEadgodDJI=; b=iftNOmp1HP6jSm4mfjo+yG2c0nkSVIB6M6v7kQ6KqSc344X/iK/EnpBme0cHIBbh2j 0iijaWpO1fKIZQPScHB0YXCRtWnXOqL/QQSHrxG7v7lwmBS5UibmId4CQu3uMWX6pgih v51nj7J0SHj+ehCSAPuYxCctwCpBNnH9uQBQIkUj6HMtwkjGTHVmJ2EGPkaPaeizViz2 tehQK0js4jmq8hhGTFJRT/EKXsgqyO/cDmos/IpfViIODdavRev3mjviysyyuyHlqJEg 1heIGwSw3An9IZXbpxgP/Oejg7OOd5/aoE2k10p8XSwYooDy/6yes70zPf93MjbBj3Yp 7OQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:resent-from:resent-date:resent-message-id :resent-to:message-id:user-agent:date:from:to:cc:subject:references :mime-version:content-disposition; bh=hstys9wIAfhbwE6wNgZrl/SKnLndXvXa9vEadgodDJI=; b=PooNBhf7454fqJhrKIjOm0GR/0SLT3Uznxjzk/XqXlVzU4JEL9jeKLj2CwVBRACxqg YWRsD3pGq7gWjL2z807agE/JAV7H9k/iikIGV4xAOg9eOAQX0rlmOiMfmX+t0IrluUQy Z8+mS74//zK0rrBMQyuGxRS+2txQAacH343rcq6Z4dvce0YUZ8BlaXzk6/dIgV5PKZ9H JkNFIqqTqAwP7cSyXiR0U3e2vxW7Y24G5m9ncc4RYpajPO/K+zCV4PMm3sNuvQEZxyK5 yz6UQII4ed6BKLAuBY4FnYhHJyDAsibW5UnvyyNpWOAlRd3aFlMeuRw79PIJmNfz99ll qYNA== X-Gm-Message-State: AGi0Pubqc/a8VboBuOll+z99/o9nUAaiHVme0S+3bWANtk1Yh7P5cL8u qqGD6xOjud4ZDf0DCeZI1gYzy1LRxUM= X-Google-Smtp-Source: APiQypKB+afelrD5W/lk5NXntEc2FAz5VLdDOX1pyxl24lqntIlhuzGV6VwNUb1xprtAzhfWeJPCcw== X-Received: by 2002:a1c:a9c3:: with SMTP id s186mr58230wme.89.1588346683858; Fri, 01 May 2020 08:24:43 -0700 (PDT) Received: from dumbo ([2a0b:f4c2::1]) by smtp.gmail.com with ESMTPSA id c190sm20978wme.4.2020.05.01.08.24.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2020 08:24:42 -0700 (PDT) Received: from cavok by dumbo with local (Exim 4.92) (envelope-from ) id 1jUXWr-0006YP-1Q; Fri, 01 May 2020 17:24:41 +0200 Message-Id: <20200501152304.609906298@gmail.com> User-Agent: quilt/0.65 Date: Fri, 01 May 2020 17:14:54 +0200 From: Domenico Andreoli To: "Rafael J. Wysocki" , Pavel Machek Cc: Linux PM , Domenico Andreoli Subject: [PATCH v2 2/2] hibernate: split snapshot dev option References: <20200501151452.621900831@gmail.com> MIME-Version: 1.0 Content-Disposition: inline; filename=hibernate-split-snapshot-dev-option Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org From: Domenico Andreoli Make it possible to reduce the attack surface in case the snapshot device is not to be used from userspace. v2: - the option is enabled by default (it was disabled by default) - remove the premature "DEPRECATED" marking - drop the redefinition of mutual exclusion helpers (in v2 they are owned by hibernte.c) in case the option is deselected - add the help message to the config option Signed-off-by: Domenico Andreoli Cc: "Rafael J. Wysocki" Cc: Pavel Machek Cc: Linux PM --- kernel/power/Kconfig | 12 ++++++++++++ kernel/power/Makefile | 3 ++- 2 files changed, 14 insertions(+), 1 deletion(-) Index: b/kernel/power/Kconfig =================================================================== --- a/kernel/power/Kconfig +++ b/kernel/power/Kconfig @@ -80,6 +80,18 @@ config HIBERNATION For more information take a look at . +config HIBERNATION_SNAPSHOT_DEV + bool "Userspace snapshot device" + depends on HIBERNATION + default y + ---help--- + Device used by the uswsusp tools. + + Say N if no snapshotting from userspace is needed, this also + reduces the attack surface of the kernel. + + If in doubt, say Y. + config PM_STD_PARTITION string "Default resume partition" depends on HIBERNATION Index: b/kernel/power/Makefile =================================================================== --- a/kernel/power/Makefile +++ b/kernel/power/Makefile @@ -10,7 +10,8 @@ obj-$(CONFIG_VT_CONSOLE_SLEEP) += consol obj-$(CONFIG_FREEZER) += process.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PM_TEST_SUSPEND) += suspend_test.o -obj-$(CONFIG_HIBERNATION) += hibernate.o snapshot.o swap.o user.o +obj-$(CONFIG_HIBERNATION) += hibernate.o snapshot.o swap.o +obj-$(CONFIG_HIBERNATION_SNAPSHOT_DEV) += user.o obj-$(CONFIG_PM_AUTOSLEEP) += autosleep.o obj-$(CONFIG_PM_WAKELOCKS) += wakelock.o