Provide the actual decision function, which decides whether a time slice
extension is granted in the exit to user mode path when NEED_RESCHED is
evaluated.

The decision is made in two stages. First an inline quick check to avoid
going into the actual decision function. This checks whether:

 #1 the functionality is enabled

 #2 the exit is a return from interrupt to user mode

 #3 any TIF bit, which causes extra work is set. That includes TIF_RSEQ,
    which means the task was already scheduled out.
 
The slow path, which implements the actual user space ABI, is invoked
when:

  A) #1 is true, #2 is true and #3 is false

     It checks whether user space requested a slice extension by setting
     the request bit in the rseq slice_ctrl field. If so, it grants the
     extension and stores the slice expiry time, so that the actual exit
     code can double check whether the slice is already exhausted before
     going back.

  B) #1 - #3 are true _and_ a slice extension was granted in a previous
     loop iteration

     In this case the grant is revoked.

In case that the user space access faults or invalid state is detected, the
task is terminated with SIGSEGV.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Boqun Feng <boqun.feng@gmail.com>
---
 include/linux/rseq_entry.h |  111 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)

--- a/include/linux/rseq_entry.h
+++ b/include/linux/rseq_entry.h
@@ -41,6 +41,7 @@ DECLARE_PER_CPU(struct rseq_stats, rseq_
 #ifdef CONFIG_RSEQ
 #include <linux/jump_label.h>
 #include <linux/rseq.h>
+#include <linux/sched/signal.h>
 #include <linux/uaccess.h>
 
 #include <uapi/linux/rseq.h>
@@ -110,10 +111,120 @@ static __always_inline void rseq_slice_c
 	t->rseq.slice.state.granted = false;
 }
 
+static __always_inline bool rseq_grant_slice_extension(bool work_pending)
+{
+	struct task_struct *curr = current;
+	union rseq_slice_state state;
+	struct rseq __user *rseq;
+	u32 usr_ctrl;
+
+	if (!rseq_slice_extension_enabled())
+		return false;
+
+	/* If not enabled or not a return from interrupt, nothing to do. */
+	state = curr->rseq.slice.state;
+	state.enabled &= curr->rseq.event.user_irq;
+	if (likely(!state.state))
+		return false;
+
+	rseq = curr->rseq.usrptr;
+	if (!user_rw_masked_begin(rseq))
+		goto die;
+
+	/*
+	 * Quick check conditions where a grant is not possible or
+	 * needs to be revoked.
+	 *
+	 *  1) Any TIF bit which needs to do extra work aside of
+	 *     rescheduling prevents a grant.
+	 *
+	 *  2) A previous rescheduling request resulted in a slice
+	 *     extension grant.
+	 */
+	if (unlikely(work_pending || state.granted)) {
+		/* Clear user control unconditionally. No point for checking */
+		unsafe_put_user(0U, &rseq->slice_ctrl, fail);
+		user_access_end();
+		rseq_slice_clear_grant(curr);
+		return false;
+	}
+
+	unsafe_get_user(usr_ctrl, &rseq->slice_ctrl, fail);
+	if (likely(!(usr_ctrl & RSEQ_SLICE_EXT_REQUEST))) {
+		user_access_end();
+		return false;
+	}
+
+	/* Grant the slice extention */
+	unsafe_put_user(RSEQ_SLICE_EXT_GRANTED, &rseq->slice_ctrl, fail);
+	user_access_end();
+
+	rseq_stat_inc(rseq_stats.s_granted);
+
+	curr->rseq.slice.state.granted = true;
+	/* Store expiry time for arming the timer on the way out */
+	curr->rseq.slice.expires = data_race(rseq_slice_ext_nsecs) + ktime_get_mono_fast_ns();
+	/*
+	 * This is racy against a remote CPU setting TIF_NEED_RESCHED in
+	 * several ways:
+	 *
+	 * 1)
+	 *	CPU0			CPU1
+	 *	clear_tsk()
+	 *				set_tsk()
+	 *	clear_preempt()
+	 *				Raise scheduler IPI on CPU0
+	 *	--> IPI
+	 *	    fold_need_resched() -> Folds correctly
+	 * 2)
+	 *	CPU0			CPU1
+	 *				set_tsk()
+	 *	clear_tsk()
+	 *	clear_preempt()
+	 *				Raise scheduler IPI on CPU0
+	 *	--> IPI
+	 *	    fold_need_resched() <- NOOP as TIF_NEED_RESCHED is false
+	 *
+	 * #1 is not any different from a regular remote reschedule as it
+	 *    sets the previously not set bit and then raises the IPI which
+	 *    folds it into the preempt counter
+	 *
+	 * #2 is obviously incorrect from a scheduler POV, but it's not
+	 *    differently incorrect than the code below clearing the
+	 *    reschedule request with the safety net of the timer.
+	 *
+	 * The important part is that the clearing is protected against the
+	 * scheduler IPI and also against any other interrupt which might
+	 * end up waking up a task and setting the bits in the middle of
+	 * the operation:
+	 *
+	 *	clear_tsk()
+	 *	---> Interrupt
+	 *		wakeup_on_this_cpu()
+	 *		set_tsk()
+	 *		set_preempt()
+	 *	clear_preempt()
+	 *
+	 * which would be inconsistent state.
+	 */
+	scoped_guard(irq) {
+		clear_tsk_need_resched(curr);
+		clear_preempt_need_resched();
+	}
+	return true;
+
+fail:
+	user_access_end();
+die:
+	force_sig(SIGSEGV);
+	return false;
+}
+
 #else /* CONFIG_RSEQ_SLICE_EXTENSION */
 static inline bool rseq_slice_extension_enabled(void) { return false; }
 static inline bool rseq_arm_slice_extension_timer(void) { return false; }
 static inline void rseq_slice_clear_grant(struct task_struct *t) { }
+static inline bool rseq_grant_slice_extension(bool work_pending) { return false; }
 #endif /* !CONFIG_RSEQ_SLICE_EXTENSION */
 
 bool rseq_debug_update_user_cs(struct task_struct *t, struct pt_regs *regs, unsigned long csaddr);

Hello Thomas,

On 9/9/2025 4:30 AM, Thomas Gleixner wrote:
>  #else /* CONFIG_RSEQ_SLICE_EXTENSION */
>  static inline bool rseq_slice_extension_enabled(void) { return false; }
>  static inline bool rseq_arm_slice_extension_timer(void) { return false; }
>  static inline void rseq_slice_clear_grant(struct task_struct *t) { }
> +static inline bool rseq_grant_slice_extension(bool work_pending) { return false; }

This is still under the CONFIG_RSEQ block and when building with
CONFIG_RSEQ disabled gives the following error with changes from
Patch 11:

    kernel/entry/common.c:40:30: error: implicit declaration of function ‘rseq_grant_slice_extension’ [-Werror=implicit-function-declaration]
       40 |                         if (!rseq_grant_slice_extension(ti_work & TIF_SLICE_EXT_DENY))

Putting the rseq_grant_slice_extension() definition from above in
a separate "ifndef CONFIG_RSEQ_SLICE_EXTENSION" block at the end
keeps the build happy.

>  #endif /* !CONFIG_RSEQ_SLICE_EXTENSION */
>  
>  bool rseq_debug_update_user_cs(struct task_struct *t, struct pt_regs *regs, unsigned long csaddr);
> 

-- 
Thanks and Regards,
Prateek

On Tue, Sep 09 2025 at 13:44, K. Prateek Nayak wrote:

> Hello Thomas,
>
> On 9/9/2025 4:30 AM, Thomas Gleixner wrote:
>>  #else /* CONFIG_RSEQ_SLICE_EXTENSION */
>>  static inline bool rseq_slice_extension_enabled(void) { return false; }
>>  static inline bool rseq_arm_slice_extension_timer(void) { return false; }
>>  static inline void rseq_slice_clear_grant(struct task_struct *t) { }
>> +static inline bool rseq_grant_slice_extension(bool work_pending) { return false; }
>
> This is still under the CONFIG_RSEQ block and when building with
> CONFIG_RSEQ disabled gives the following error with changes from
> Patch 11:
>
>     kernel/entry/common.c:40:30: error: implicit declaration of function ‘rseq_grant_slice_extension’ [-Werror=implicit-function-declaration]
>        40 |                         if (!rseq_grant_slice_extension(ti_work & TIF_SLICE_EXT_DENY))
>
> Putting the rseq_grant_slice_extension() definition from above in
> a separate "ifndef CONFIG_RSEQ_SLICE_EXTENSION" block at the end
> keeps the build happy.

Duh, yes.