From patchwork Wed Jul 22 14:54:14 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alex Belits <abelits@marvell.com>
X-Patchwork-Id: 1333927
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org
 (client-ip=23.128.96.18; helo=vger.kernel.org;
 envelope-from=netdev-owner@vger.kernel.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=marvell.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="key not found in DNS" header.d=marvell.com
 header.i=@marvell.com header.a=rsa-sha256 header.s=pfpt0818
 header.b=SM0tCzIA;
	dkim=pass (1024-bit key;
 unprotected) header.d=marvell.onmicrosoft.com
 header.i=@marvell.onmicrosoft.com
 header.a=rsa-sha256 header.s=selector1-marvell-onmicrosoft-com
 header.b=t9Eu7fGz;
	dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by ozlabs.org (Postfix) with ESMTP id 4BBdmR5lvVz9sSn
	for <patchwork-incoming-netdev@ozlabs.org>;
 Thu, 23 Jul 2020 00:55:03 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732644AbgGVOzA (ORCPT
        <rfc822;patchwork-incoming-netdev@ozlabs.org>);
        Wed, 22 Jul 2020 10:55:00 -0400
Received: from mx0b-0016f401.pphosted.com ([67.231.156.173]:38176 "EHLO
        mx0b-0016f401.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1730465AbgGVOy6 (ORCPT
        <rfc822;netdev@vger.kernel.org>); Wed, 22 Jul 2020 10:54:58 -0400
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
        by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
 06MEmkQA012155;
        Wed, 22 Jul 2020 07:54:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : references : in-reply-to : content-type :
 content-id : content-transfer-encoding : mime-version; s=pfpt0818;
 bh=8IhE7wrUXd1paiBAH3lAOks9OwKS1vDzrpp5nlBKiiU=;
 b=SM0tCzIAXUKStTBuQJX2EoUmDIrfY0ci/3vGg3bjvGYygaE9zHmzgd7XQPmMGoHkerKY
 iqikY2VIKzmnUglLY79DxxVlX7xzlSh8GnMzGb/T2kgHtL81TrBlFdX3jEyGlGYY0sXO
 1ZG8vh+lbjY16hJcuDqjGQUZiWr3P00dcg1artr8wcaJCEr7H4TfqtDPKzNOu40OUdzY
 T/+lktyCR0QJb4iv8sN/GI53VBYyK3eKsBcLbiJph05OdUzg7bHBnVSAcVw6UeLMUcbr
 hGxnV4Hdy64SEo8vQ5FnHWkPzTuAB44p7BSFyTKR6j/dm6Xov+G/GFGzpYIOsxqpc0e3 lg==
Received: from sc-exch04.marvell.com ([199.233.58.184])
        by mx0b-0016f401.pphosted.com with ESMTP id 32c0kkrb9s-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
        Wed, 22 Jul 2020 07:54:18 -0700
Received: from SC-EXCH02.marvell.com (10.93.176.82) by SC-EXCH04.marvell.com
 (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 22 Jul
 2020 07:54:17 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.173)
 by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id
 15.0.1497.2 via Frontend Transport; Wed, 22 Jul 2020 07:54:17 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Pc2TDJOLIdwJfUExt4fDL6sssjvvJCca0I9PACnI0z/5+w2b8mgr0kCuUDa/cDDwkT/8pyVqCUMF7AHG7RmLXBL1oLDlEAVVItHPMRV61YTP9fZ8B8k+PdSCNY6vfyTBq6C/xdxZ6RxUwYUhpVuXGxNyn5q2kYBJpfIvVGBPCdLH7C3qAUnGb0pavIn5qDoSuJMt9Xr684RC6gAOJUOGIGt8UIiln1mMHFmpslpyy5KFeL0QiEOceonOEwt+YPHq8sDMDnhZXLs8r/yrCwT7FHoiufcuMDIWfkfbhzetAg7/sH6S71kt05MbYwXqUZ3MCQhJyRjwPHV1QEvLkiHHfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=8IhE7wrUXd1paiBAH3lAOks9OwKS1vDzrpp5nlBKiiU=;
 b=DCuy1kiXNi+qXU9nTYScltxGQyoHnNLRwlsscuS4Vm7rf5TrJAz0awQjzSQIaxkSFXC+5mI2fpyMaoskuHBePvpQk2wGL20NmBhVebgi2meVtCAR67S+D1g0rwUMIQelgNni9rKhUchhNlyjVkA8kNfdCs4xp8ZM1Ownlo0BKbpMoyzdyxYX0FlMObTLmxA9mj7TnqI3TtcembbKivD0nnDgRf0kf60XBFDLnxp9omG0CNRIdoAjTjHh8hrevytnLwVcLgESG9U+VwFEW3haEDgLcyF8x0IfYFaIvdp+qWq+m9khpo8a80WyV61suphWVr1AXSCj+J23ytYX6oHUOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com;
 dkim=pass header.d=marvell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=8IhE7wrUXd1paiBAH3lAOks9OwKS1vDzrpp5nlBKiiU=;
 b=t9Eu7fGzlaLQXOSFH1bFLbd6vbL9D1IDY/vJsjUOEpmVZYBq7dElkgVkY/NjmVgIEHywYk5w3gPlbUJSuQzR5G+3SsteqsCdmCSJCBx5tbvnrBvCmQth/5x1VS5oO0fnk+6wTcFOLjX5mlS5T8xJxfH38EU4A62LryEyDvYT+ys=
Received: from MW2PR18MB2267.namprd18.prod.outlook.com (2603:10b6:907:3::11)
 by MW2PR18MB2156.namprd18.prod.outlook.com (2603:10b6:907:a::25) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.24; Wed, 22 Jul
 2020 14:54:14 +0000
Received: from MW2PR18MB2267.namprd18.prod.outlook.com
 ([fe80::b9a6:a3f2:2263:dc32]) by MW2PR18MB2267.namprd18.prod.outlook.com
 ([fe80::b9a6:a3f2:2263:dc32%4]) with mapi id 15.20.3195.026; Wed, 22 Jul 2020
 14:54:14 +0000
From: Alex Belits <abelits@marvell.com>
To: "frederic@kernel.org" <frederic@kernel.org>,
        "rostedt@goodmis.org" <rostedt@goodmis.org>
CC: Prasun Kapoor <pkapoor@marvell.com>,
        "mingo@kernel.org" <mingo@kernel.org>,
        "davem@davemloft.net" <davem@davemloft.net>,
        "linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
        "peterz@infradead.org" <peterz@infradead.org>,
        "linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
        "catalin.marinas@arm.com" <catalin.marinas@arm.com>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "will@kernel.org" <will@kernel.org>,
        "linux-arm-kernel@lists.infradead.org"
        <linux-arm-kernel@lists.infradead.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: [PATCH v4 07/13] task_isolation: arch/x86: enable task isolation
 functionality
Thread-Topic: [PATCH v4 07/13] task_isolation: arch/x86: enable task isolation
 functionality
Thread-Index: AQHWYDf3tP4J4jNDakOQrklH/k1RhA==
Date: Wed, 22 Jul 2020 14:54:14 +0000
Message-ID: <f1c65667718caab7f4723399401f1a0b0b471aa9.camel@marvell.com>
References: <04be044c1bcd76b7438b7563edc35383417f12c8.camel@marvell.com>
In-Reply-To: <04be044c1bcd76b7438b7563edc35383417f12c8.camel@marvell.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: kernel.org; dkim=none (message not signed)
 header.d=none;kernel.org; dmarc=none action=none header.from=marvell.com;
x-originating-ip: [173.228.7.197]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 52e921dc-811f-40d1-b172-08d82e4f19e0
x-ms-traffictypediagnostic: MW2PR18MB2156:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: 
 <MW2PR18MB2156088872139362FFEAC01EBC790@MW2PR18MB2156.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 rLGl2UWWLi/PJHknjjC2WOPkoDG74JP/i2pKohav122Ap0W829KD3j8Hig32xfOwjg8PPwWNTdrwOtNJgGCO5cFNkttYkbpZKxeqctE8ZhFK41cPAAFGMjx4PFDilSKIJnMIjUliBzawzy0JoszJ48C1/bAIRbTCdTaFPZDpydhBfHkSg2q4ilXgcF5A35++S4ls1P1Vrw1jKyOXPMdD5DrNsYcFpT1OqaO0dFcho6xA7iCnzdweSb9VTtf0i3bWvHaPX+6kpoiunyTaA7MIjBAtJ7vnEXowUGmQ1nwA/l8QhQJRquQFdzjL9cLKcr15X9rhM8RfviGvt1BE/LvBIg==
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR18MB2267.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(366004)(376002)(396003)(136003)(346002)(110136005)(6486002)(2906002)(6506007)(54906003)(66476007)(478600001)(6512007)(8936002)(2616005)(8676002)(316002)(4326008)(66946007)(186003)(64756008)(86362001)(83380400001)(76116006)(91956017)(5660300002)(66446008)(36756003)(66556008)(26005)(71200400001)(7416002);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata: 
 C2sOQBfDx7XWfnxVE2h6KzHVOfj6DFLtBXqW5fVp9/26Xi07rYLmWDwyDLs6KgRWUV+xkJhE5EnXd6hTKTSUkiLVmHuisHDjsJgwgPDWMUz5X1YYQxfoOJRG9PsHUKy6LMzn2mmt8IAWB8yb4gw7KW9N9dcDfXaNgSgWPAWy8HLRs5POfTagxw0QEDZO0Q/f4uBhh3FDaCmF61SEkKsCSvDzPLIcLMjNPtVrV5ZOS4RdQWbtAnvkQPG4Bzn6euo+2klzulsSUe9BfXrCKp7AkySCf9dY0Tb1YlHshvtHOR4jiB4clUg+epP5bb7/Mqr4RPy4UaO4hc1hEaaXx82a7MDX3miBDc/VBsNgeWa9tM5Y9lWo6anRIfMPcRRUdIrvOe34aJjIUpUO1xlBo0lFd4o+77hw7Q+ovgxiUXOmzUlJymItAxyPtKquI1GdV+TnwjKfKC6f/xpvbcE+dqpmRS4/pUb5y3WTW8586tVrK8Q=
Content-ID: <656247F523334C4E90B4C97A29E836AC@namprd18.prod.outlook.com>
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR18MB2267.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 52e921dc-811f-40d1-b172-08d82e4f19e0
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 14:54:14.2646
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 FxK/obFuUAJlpJXhlQEohiiesAb17l9tQZ0WS4SFoGhNJqM4Euxv2atMOatPKgE12gQKNm91ABJqeSoM6I+smA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR18MB2156
X-OriginatorOrg: marvell.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687
 definitions=2020-07-22_08:2020-07-22,2020-07-22 signatures=0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

In prepare_exit_to_usermode(), run cleanup for tasks exited fromi
isolation and call task_isolation_start() for tasks that entered
TIF_TASK_ISOLATION.

In syscall_trace_enter(), add the necessary support for reporting
syscalls for task-isolation processes.

Add task_isolation_remote() calls for the kernel exception types
that do not result in signals, namely non-signalling page faults.

Add task_isolation_kernel_enter() calls to interrupt and syscall
entry handlers.

This mechanism relies on calls to functions that call
task_isolation_kernel_enter() early after entry into kernel. Those
functions are:

enter_from_user_mode()
  called from do_syscall_64(), do_int80_syscall_32(),
  do_fast_syscall_32(), idtentry_enter_user(),
  idtentry_enter_cond_rcu()
idtentry_enter_cond_rcu()
  called from non-raw IDT macros and other entry points
idtentry_enter_user()
nmi_enter()
xen_call_function_interrupt()
xen_call_function_single_interrupt()
xen_irq_work_interrupt()

Signed-off-by: Chris Metcalf <cmetcalf@mellanox.com>
[abelits@marvell.com: adapted for kernel 5.8]
Signed-off-by: Alex Belits <abelits@marvell.com>
---
 arch/x86/Kconfig                   |  1 +
 arch/x86/entry/common.c            | 20 +++++++++++++++++++-
 arch/x86/include/asm/barrier.h     |  2 ++
 arch/x86/include/asm/thread_info.h |  4 +++-
 arch/x86/kernel/apic/ipi.c         |  2 ++
 arch/x86/mm/fault.c                |  4 ++++
 arch/x86/xen/smp.c                 |  3 +++
 arch/x86/xen/smp_pv.c              |  2 ++
 8 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 883da0abf779..3a80142f85c8 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -149,6 +149,7 @@ config X86
 	select HAVE_ARCH_COMPAT_MMAP_BASES	if MMU && COMPAT
 	select HAVE_ARCH_PREL32_RELOCATIONS
 	select HAVE_ARCH_SECCOMP_FILTER
+	select HAVE_ARCH_TASK_ISOLATION
 	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
 	select HAVE_ARCH_STACKLEAK
 	select HAVE_ARCH_TRACEHOOK
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index f09288431f28..ab94d90a2bd5 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -26,6 +26,7 @@
 #include <linux/livepatch.h>
 #include <linux/syscalls.h>
 #include <linux/uaccess.h>
+#include <linux/isolation.h>
 
 #ifdef CONFIG_XEN_PV
 #include <xen/xen-ops.h>
@@ -86,6 +87,7 @@ static noinstr void enter_from_user_mode(void)
 {
 	enum ctx_state state = ct_state();
 
+	task_isolation_kernel_enter();
 	lockdep_hardirqs_off(CALLER_ADDR0);
 	user_exit_irqoff();
 
@@ -97,6 +99,7 @@ static noinstr void enter_from_user_mode(void)
 #else
 static __always_inline void enter_from_user_mode(void)
 {
+	task_isolation_kernel_enter();
 	lockdep_hardirqs_off(CALLER_ADDR0);
 	instrumentation_begin();
 	trace_hardirqs_off_finish();
@@ -161,6 +164,15 @@ static long syscall_trace_enter(struct pt_regs *regs)
 			return -1L;
 	}
 
+	/*
+	 * In task isolation mode, we may prevent the syscall from
+	 * running, and if so we also deliver a signal to the process.
+	 */
+	if (work & _TIF_TASK_ISOLATION) {
+	if (task_isolation_syscall(regs->orig_ax) == -1)
+		return -1L;
+		work &= ~_TIF_TASK_ISOLATION;
+	}
 #ifdef CONFIG_SECCOMP
 	/*
 	 * Do seccomp after ptrace, to catch any tracer changes.
@@ -263,6 +275,8 @@ static void __prepare_exit_to_usermode(struct pt_regs *regs)
 	lockdep_assert_irqs_disabled();
 	lockdep_sys_exit();
 
+	task_isolation_check_run_cleanup();
+
 	cached_flags = READ_ONCE(ti->flags);
 
 	if (unlikely(cached_flags & EXIT_TO_USERMODE_LOOP_FLAGS))
@@ -278,6 +292,9 @@ static void __prepare_exit_to_usermode(struct pt_regs *regs)
 	if (unlikely(cached_flags & _TIF_NEED_FPU_LOAD))
 		switch_fpu_return();
 
+	if (cached_flags & _TIF_TASK_ISOLATION)
+		task_isolation_start();
+
 #ifdef CONFIG_COMPAT
 	/*
 	 * Compat syscalls set TS_COMPAT.  Make sure we clear it before
@@ -597,7 +614,8 @@ bool noinstr idtentry_enter_cond_rcu(struct pt_regs *regs)
 		check_user_regs(regs);
 		enter_from_user_mode();
 		return false;
-	}
+	} else
+		task_isolation_kernel_enter();
 
 	/*
 	 * If this entry hit the idle task invoke rcu_irq_enter() whether
diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
index 7f828fe49797..5be6ca0519fc 100644
--- a/arch/x86/include/asm/barrier.h
+++ b/arch/x86/include/asm/barrier.h
@@ -4,6 +4,7 @@
 
 #include <asm/alternative.h>
 #include <asm/nops.h>
+#include <asm/processor.h>
 
 /*
  * Force strict CPU ordering.
@@ -53,6 +54,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index,
 
 #define dma_rmb()	barrier()
 #define dma_wmb()	barrier()
+#define instr_sync()	sync_core()
 
 #ifdef CONFIG_X86_32
 #define __smp_mb()	asm volatile("lock; addl $0,-4(%%esp)" ::: "memory", "cc")
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 8de8ceccb8bc..6dd1a5cc286d 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -93,6 +93,7 @@ struct thread_info {
 #define TIF_NOTSC		16	/* TSC is not accessible in userland */
 #define TIF_IA32		17	/* IA32 compatibility process */
 #define TIF_SLD			18	/* Restore split lock detection on context switch */
+#define TIF_TASK_ISOLATION	19	/* task isolation enabled for task */
 #define TIF_MEMDIE		20	/* is terminating due to OOM killer */
 #define TIF_POLLING_NRFLAG	21	/* idle is polling for TIF_NEED_RESCHED */
 #define TIF_IO_BITMAP		22	/* uses I/O bitmap */
@@ -123,6 +124,7 @@ struct thread_info {
 #define _TIF_NOTSC		(1 << TIF_NOTSC)
 #define _TIF_IA32		(1 << TIF_IA32)
 #define _TIF_SLD		(1 << TIF_SLD)
+#define _TIF_TASK_ISOLATION	(1 << TIF_TASK_ISOLATION)
 #define _TIF_POLLING_NRFLAG	(1 << TIF_POLLING_NRFLAG)
 #define _TIF_IO_BITMAP		(1 << TIF_IO_BITMAP)
 #define _TIF_FORCED_TF		(1 << TIF_FORCED_TF)
@@ -136,7 +138,7 @@ struct thread_info {
 /* Work to do before invoking the actual syscall. */
 #define _TIF_WORK_SYSCALL_ENTRY	\
 	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT |	\
-	 _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT)
+	 _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT | _TIF_TASK_ISOLATION)
 
 /* flags to check in __switch_to() */
 #define _TIF_WORK_CTXSW_BASE					\
diff --git a/arch/x86/kernel/apic/ipi.c b/arch/x86/kernel/apic/ipi.c
index 6ca0f91372fd..b4dfaad6a440 100644
--- a/arch/x86/kernel/apic/ipi.c
+++ b/arch/x86/kernel/apic/ipi.c
@@ -2,6 +2,7 @@
 
 #include <linux/cpumask.h>
 #include <linux/smp.h>
+#include <linux/isolation.h>
 
 #include "local.h"
 
@@ -67,6 +68,7 @@ void native_smp_send_reschedule(int cpu)
 		WARN(1, "sched: Unexpected reschedule of offline CPU#%d!\n", cpu);
 		return;
 	}
+	task_isolation_remote(cpu, "reschedule IPI");
 	apic->send_IPI(cpu, RESCHEDULE_VECTOR);
 }
 
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 1ead568c0101..e16a4f5c7e57 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -18,6 +18,7 @@
 #include <linux/uaccess.h>		/* faulthandler_disabled()	*/
 #include <linux/efi.h>			/* efi_recover_from_page_fault()*/
 #include <linux/mm_types.h>
+#include <linux/isolation.h>		/* task_isolation_interrupt     */
 
 #include <asm/cpufeature.h>		/* boot_cpu_has, ...		*/
 #include <asm/traps.h>			/* dotraplinkage, ...		*/
@@ -1332,6 +1333,9 @@ void do_user_addr_fault(struct pt_regs *regs,
 		perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, address);
 	}
 
+	/* No signal was generated, but notify task-isolation tasks. */
+	task_isolation_interrupt("page fault at %#lx", address);
+
 	check_v8086_mode(regs, address, tsk);
 }
 NOKPROBE_SYMBOL(do_user_addr_fault);
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 2097fa0ebdb5..9a3a9bae7d06 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -4,6 +4,7 @@
 #include <linux/slab.h>
 #include <linux/cpumask.h>
 #include <linux/percpu.h>
+#include <linux/isolation.h>
 
 #include <xen/events.h>
 
@@ -265,6 +266,7 @@ void xen_send_IPI_allbutself(int vector)
 
 static irqreturn_t xen_call_function_interrupt(int irq, void *dev_id)
 {
+	task_isolation_kernel_enter();
 	irq_enter();
 	generic_smp_call_function_interrupt();
 	inc_irq_stat(irq_call_count);
@@ -275,6 +277,7 @@ static irqreturn_t xen_call_function_interrupt(int irq, void *dev_id)
 
 static irqreturn_t xen_call_function_single_interrupt(int irq, void *dev_id)
 {
+	task_isolation_kernel_enter();
 	irq_enter();
 	generic_smp_call_function_single_interrupt();
 	inc_irq_stat(irq_call_count);
diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
index 171aff1b11f2..d71d3cc36c51 100644
--- a/arch/x86/xen/smp_pv.c
+++ b/arch/x86/xen/smp_pv.c
@@ -24,6 +24,7 @@
 #include <linux/cpuhotplug.h>
 #include <linux/stackprotector.h>
 #include <linux/pgtable.h>
+#include <linux/isolation.h>
 
 #include <asm/paravirt.h>
 #include <asm/idtentry.h>
@@ -482,6 +483,7 @@ static void xen_pv_stop_other_cpus(int wait)
 
 static irqreturn_t xen_irq_work_interrupt(int irq, void *dev_id)
 {
+	task_isolation_kernel_enter();
 	irq_enter();
 	irq_work_run();
 	inc_irq_stat(apic_irq_work_irqs);