Re: [patch V2 14/16] x86/iopl: Restrict iopl() permission scope
From: Thomas Gleixner
Date: Tue Nov 12 2019 - 05:07:12 EST
On Tue, 12 Nov 2019, Ingo Molnar wrote:
> * Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>
> > +static void task_update_io_bitmap(void)
> > +{
> > + struct thread_struct *t = ¤t->thread;
> > +
> > + preempt_disable();
> > + if (t->iopl_emul == 3 || t->io_bitmap) {
> > + /* TSS update is handled on exit to user space */
> > + set_thread_flag(TIF_IO_BITMAP);
> > + } else {
> > + clear_thread_flag(TIF_IO_BITMAP);
> > + /* Invalidate TSS */
> > + tss_update_io_bitmap();
> > + }
> > + preempt_enable();
> > +}
> > +
> > void io_bitmap_exit(void)
> > {
> > struct io_bitmap *iobm = current->thread.io_bitmap;
> >
> > - preempt_disable();
> > current->thread.io_bitmap = NULL;
> > - clear_thread_flag(TIF_IO_BITMAP);
> > - tss_update_io_bitmap();
> > - preempt_enable();
> > + task_update_io_bitmap();
>
> BTW., isn't the preempt_disable()/enable() sequence only needed around
> the tss_update_io_bitmap() call?
>
> ->iopl_emul, ->io_bitmap and TIF_IO_BITMAP can only be set by the current
> task AFAICS.
>
> I.e. critical section could be narrowed a bit.
Yes.