From: Will Deacon <will.deacon@arm.com> To: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arch@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>, Catalin Marinas <catalin.marinas@arm.com>, Daniel Lezcano <daniel.lezcano@linaro.org>, Russell King <linux@armlinux.org.uk>, Ralf Baechle <ralf@linux-mips.org>, Mark Salyzyn <salyzyn@android.com>, Paul Burton <paul.burton@mips.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Peter Collingbourne <pcc@google.com>, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v2 06/28] kernel: Define gettimeofday vdso common code Date: Fri, 7 Dec 2018 17:53:22 +0000 [thread overview] Message-ID: <20181207175321.GA11430@edgewater-inn.cambridge.arm.com> (raw) In-Reply-To: <alpine.DEB.2.21.1811292230430.1657@nanos.tec.linutronix.de> Hi Thomas, You got me at this bit: On Thu, Nov 29, 2018 at 11:11:52PM +0100, Thomas Gleixner wrote: > On Thu, 29 Nov 2018, Vincenzo Frascino wrote: > > +static __always_inline notrace int __do_realtime_or_tai( > > + const struct vdso_data *vd, > > + struct __vdso_timespec *ts, > > + bool is_tai) > > +{ > > + u32 seq, cs_mono_mult, cs_shift; > > + u64 ns, sec; > > + u64 cycle_last, cs_mono_mask; > > + > > + if (vd->use_syscall) > > + return -1; > > +repeat: > > + seq = vdso_read_begin(vd); > > + cycle_last = vd->cs_cycle_last; > > + cs_mono_mult = vd->cs_mono_mult; > > + cs_shift = vd->cs_shift; > > + cs_mono_mask = vd->cs_mono_mask; > > + > > + if (is_tai) > > + sec = vd->tai_sec; > > + else > > + sec = vd->xtime_clock_sec; > > + ns = vd->xtime_clock_nsec; > > + > > + if (unlikely(vdso_read_retry(vd, seq))) > > + goto repeat; > > + > > + ns += get_clock_shifted_nsec(cycle_last, cs_mono_mult, cs_mono_mask); > > This is broken. You cannot read the counter outside the seq count protected > region. Please tell the ARM64 folks that their VDSO asm maze is broken. We'll fix the maze, but could you explain a bit about the brokenness, please? The write side in update_vsyscall() is only touching the data page, so I think we've got those fields covered correctly with the seqlock. We'd only have to worry about protecting the counter if it could be written somehow. Is your concern to do with migrating between systems, where the new system has a counter with a different offset? If so, what does the program flow look like when migrating in? I guess somehow we ensure that update_vsyscall() is invoked before userspace can resume. Anyway, moving the counter read into the protected region is a little fiddly because the memory barriers we have in there won't give us the ordering we need. We'll instead need to do something nasty, like create a dependency from the counter read to the read of the seqlock: Maybe the untested crufty hack below, although this will be a nightmare to implement in C. Will --->8 diff --git a/arch/arm64/kernel/vdso/gettimeofday.S b/arch/arm64/kernel/vdso/gettimeofday.S index c39872a7b03c..2d1dfecae76b 100644 --- a/arch/arm64/kernel/vdso/gettimeofday.S +++ b/arch/arm64/kernel/vdso/gettimeofday.S @@ -73,6 +73,8 @@ x_tmp .req x8 movn x_tmp, #0xff00, lsl #48 and \res, x_tmp, \res mul \res, \res, \mult + and x_tmp, x_tmp, xzr + add vdso_data, vdso_data, x_tmp .endm /* @@ -147,12 +149,12 @@ ENTRY(__kernel_gettimeofday) /* w11 = cs_mono_mult, w12 = cs_shift */ ldp w11, w12, [vdso_data, #VDSO_CS_MONO_MULT] ldp x13, x14, [vdso_data, #VDSO_XTIME_CLK_SEC] - seqcnt_check fail=1b get_nsec_per_sec res=x9 lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=1b get_ts_realtime res_sec=x10, res_nsec=x11, \ clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9 @@ -211,13 +213,13 @@ realtime: /* w11 = cs_mono_mult, w12 = cs_shift */ ldp w11, w12, [vdso_data, #VDSO_CS_MONO_MULT] ldp x13, x14, [vdso_data, #VDSO_XTIME_CLK_SEC] - seqcnt_check fail=realtime /* All computations are done with left-shifted nsecs. */ get_nsec_per_sec res=x9 lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=realtime get_ts_realtime res_sec=x10, res_nsec=x11, \ clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9 clock_gettime_return, shift=1 @@ -231,7 +233,6 @@ monotonic: ldp w11, w12, [vdso_data, #VDSO_CS_MONO_MULT] ldp x13, x14, [vdso_data, #VDSO_XTIME_CLK_SEC] ldp x3, x4, [vdso_data, #VDSO_WTM_CLK_SEC] - seqcnt_check fail=monotonic /* All computations are done with left-shifted nsecs. */ lsl x4, x4, x12 @@ -239,6 +240,7 @@ monotonic: lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=monotonic get_ts_realtime res_sec=x10, res_nsec=x11, \ clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9 @@ -253,13 +255,13 @@ monotonic_raw: /* w11 = cs_raw_mult, w12 = cs_shift */ ldp w12, w11, [vdso_data, #VDSO_CS_SHIFT] ldp x13, x14, [vdso_data, #VDSO_RAW_TIME_SEC] - seqcnt_check fail=monotonic_raw /* All computations are done with left-shifted nsecs. */ get_nsec_per_sec res=x9 lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=monotonic_raw get_ts_clock_raw res_sec=x10, res_nsec=x11, \ clock_nsec=x15, nsec_to_sec=x9
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will.deacon@arm.com> To: Thomas Gleixner <tglx@linutronix.de> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Catalin Marinas <catalin.marinas@arm.com>, Arnd Bergmann <arnd@arndb.de>, Russell King <linux@armlinux.org.uk>, Ralf Baechle <ralf@linux-mips.org>, Paul Burton <paul.burton@mips.com>, Daniel Lezcano <daniel.lezcano@linaro.org>, Mark Salyzyn <salyzyn@android.com>, Peter Collingbourne <pcc@google.com> Subject: Re: [PATCH v2 06/28] kernel: Define gettimeofday vdso common code Date: Fri, 7 Dec 2018 17:53:22 +0000 [thread overview] Message-ID: <20181207175321.GA11430@edgewater-inn.cambridge.arm.com> (raw) Message-ID: <20181207175322.nEX6KDeqIHm2RNSOLLmMRZ4JkB-oO17UJHOiUMGht4Y@z> (raw) In-Reply-To: <alpine.DEB.2.21.1811292230430.1657@nanos.tec.linutronix.de> Hi Thomas, You got me at this bit: On Thu, Nov 29, 2018 at 11:11:52PM +0100, Thomas Gleixner wrote: > On Thu, 29 Nov 2018, Vincenzo Frascino wrote: > > +static __always_inline notrace int __do_realtime_or_tai( > > + const struct vdso_data *vd, > > + struct __vdso_timespec *ts, > > + bool is_tai) > > +{ > > + u32 seq, cs_mono_mult, cs_shift; > > + u64 ns, sec; > > + u64 cycle_last, cs_mono_mask; > > + > > + if (vd->use_syscall) > > + return -1; > > +repeat: > > + seq = vdso_read_begin(vd); > > + cycle_last = vd->cs_cycle_last; > > + cs_mono_mult = vd->cs_mono_mult; > > + cs_shift = vd->cs_shift; > > + cs_mono_mask = vd->cs_mono_mask; > > + > > + if (is_tai) > > + sec = vd->tai_sec; > > + else > > + sec = vd->xtime_clock_sec; > > + ns = vd->xtime_clock_nsec; > > + > > + if (unlikely(vdso_read_retry(vd, seq))) > > + goto repeat; > > + > > + ns += get_clock_shifted_nsec(cycle_last, cs_mono_mult, cs_mono_mask); > > This is broken. You cannot read the counter outside the seq count protected > region. Please tell the ARM64 folks that their VDSO asm maze is broken. We'll fix the maze, but could you explain a bit about the brokenness, please? The write side in update_vsyscall() is only touching the data page, so I think we've got those fields covered correctly with the seqlock. We'd only have to worry about protecting the counter if it could be written somehow. Is your concern to do with migrating between systems, where the new system has a counter with a different offset? If so, what does the program flow look like when migrating in? I guess somehow we ensure that update_vsyscall() is invoked before userspace can resume. Anyway, moving the counter read into the protected region is a little fiddly because the memory barriers we have in there won't give us the ordering we need. We'll instead need to do something nasty, like create a dependency from the counter read to the read of the seqlock: Maybe the untested crufty hack below, although this will be a nightmare to implement in C. Will --->8 diff --git a/arch/arm64/kernel/vdso/gettimeofday.S b/arch/arm64/kernel/vdso/gettimeofday.S index c39872a7b03c..2d1dfecae76b 100644 --- a/arch/arm64/kernel/vdso/gettimeofday.S +++ b/arch/arm64/kernel/vdso/gettimeofday.S @@ -73,6 +73,8 @@ x_tmp .req x8 movn x_tmp, #0xff00, lsl #48 and \res, x_tmp, \res mul \res, \res, \mult + and x_tmp, x_tmp, xzr + add vdso_data, vdso_data, x_tmp .endm /* @@ -147,12 +149,12 @@ ENTRY(__kernel_gettimeofday) /* w11 = cs_mono_mult, w12 = cs_shift */ ldp w11, w12, [vdso_data, #VDSO_CS_MONO_MULT] ldp x13, x14, [vdso_data, #VDSO_XTIME_CLK_SEC] - seqcnt_check fail=1b get_nsec_per_sec res=x9 lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=1b get_ts_realtime res_sec=x10, res_nsec=x11, \ clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9 @@ -211,13 +213,13 @@ realtime: /* w11 = cs_mono_mult, w12 = cs_shift */ ldp w11, w12, [vdso_data, #VDSO_CS_MONO_MULT] ldp x13, x14, [vdso_data, #VDSO_XTIME_CLK_SEC] - seqcnt_check fail=realtime /* All computations are done with left-shifted nsecs. */ get_nsec_per_sec res=x9 lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=realtime get_ts_realtime res_sec=x10, res_nsec=x11, \ clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9 clock_gettime_return, shift=1 @@ -231,7 +233,6 @@ monotonic: ldp w11, w12, [vdso_data, #VDSO_CS_MONO_MULT] ldp x13, x14, [vdso_data, #VDSO_XTIME_CLK_SEC] ldp x3, x4, [vdso_data, #VDSO_WTM_CLK_SEC] - seqcnt_check fail=monotonic /* All computations are done with left-shifted nsecs. */ lsl x4, x4, x12 @@ -239,6 +240,7 @@ monotonic: lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=monotonic get_ts_realtime res_sec=x10, res_nsec=x11, \ clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9 @@ -253,13 +255,13 @@ monotonic_raw: /* w11 = cs_raw_mult, w12 = cs_shift */ ldp w12, w11, [vdso_data, #VDSO_CS_SHIFT] ldp x13, x14, [vdso_data, #VDSO_RAW_TIME_SEC] - seqcnt_check fail=monotonic_raw /* All computations are done with left-shifted nsecs. */ get_nsec_per_sec res=x9 lsl x9, x9, x12 get_clock_shifted_nsec res=x15, cycle_last=x10, mult=x11 + seqcnt_check fail=monotonic_raw get_ts_clock_raw res_sec=x10, res_nsec=x11, \ clock_nsec=x15, nsec_to_sec=x9
next prev parent reply other threads:[~2018-12-07 17:53 UTC|newest] Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-11-29 17:05 [PATCH v2 00/28] Unify vDSOs across more architectures Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 01/28] kernel: Standardize vdso_datapage Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 22:39 ` Thomas Gleixner 2018-11-29 22:39 ` Thomas Gleixner 2018-12-11 13:22 ` Vincenzo Frascino 2018-12-11 13:22 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 02/28] kernel: Add Monotonic boot time support Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 03/28] kernel: Add International Atomic Time support Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 04/28] kernel: Add masks support for Raw and NTP time Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 22:41 ` Thomas Gleixner 2018-11-29 22:41 ` Thomas Gleixner 2018-12-11 13:24 ` Vincenzo Frascino 2018-12-11 13:24 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 05/28] kernel: Add clock_mode support Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 06/28] kernel: Define gettimeofday vdso common code Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 20:42 ` Arnd Bergmann 2018-11-29 20:42 ` Arnd Bergmann 2018-12-11 13:39 ` Vincenzo Frascino 2018-12-11 13:39 ` Vincenzo Frascino 2018-12-11 21:41 ` Arnd Bergmann 2018-12-11 21:41 ` Arnd Bergmann 2018-12-13 9:46 ` Vincenzo Frascino 2018-12-13 9:46 ` Vincenzo Frascino 2018-11-29 22:11 ` Thomas Gleixner 2018-11-29 22:11 ` Thomas Gleixner 2018-11-30 14:29 ` Arnd Bergmann 2018-11-30 14:29 ` Arnd Bergmann 2018-12-11 14:02 ` Vincenzo Frascino 2018-12-11 14:02 ` Vincenzo Frascino 2018-12-07 17:53 ` Will Deacon [this message] 2018-12-07 17:53 ` Will Deacon 2019-02-08 17:35 ` Will Deacon 2019-02-08 17:35 ` Will Deacon 2019-02-08 19:28 ` Thomas Gleixner 2019-02-08 19:28 ` Thomas Gleixner 2019-02-08 19:30 ` Thomas Gleixner 2019-02-08 19:30 ` Thomas Gleixner 2019-02-13 17:04 ` Will Deacon 2019-02-13 17:04 ` Will Deacon 2019-02-13 19:35 ` Thomas Gleixner 2019-02-13 19:35 ` Thomas Gleixner 2019-02-13 17:05 ` Will Deacon 2019-02-13 17:05 ` Will Deacon 2018-12-11 13:54 ` Vincenzo Frascino 2018-12-11 13:54 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 07/28] arm64: Build vDSO with -ffixed-x18 Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 08/28] arm64: Substitute gettimeofday with C implementation Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 09/28] arm64: compat: Alloc separate pages for vectors and sigpage Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 10/28] arm64: compat: Split kuser32 Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 11/28] arm64: compat: Refactor aarch32_alloc_vdso_pages() Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 12/28] arm64: compat: Add KUSER_HELPERS config option Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 13/28] arm64: compat: Add missing syscall numbers Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 14/28] arm64: compat: Expose signal related structures Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 15/28] arm64: compat: Generate asm offsets for signals Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 16/28] lib: vdso: Add compat support Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 17/28] arm64: compat: Add vDSO Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 18/28] arm64: Refactor vDSO code Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 19/28] arm64: compat: vDSO setup for compat layer Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 20/28] arm64: elf: vDSO code page discovery Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 21/28] arm64: compat: Get sigreturn trampolines from vDSO Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 22/28] arm64: Add vDSO compat support Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 23/28] arm64: Enable compat vDSO support Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 24/28] arm: Add support for generic vDSO Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-12-10 22:13 ` Mark Salyzyn 2018-12-10 22:13 ` Mark Salyzyn 2018-12-11 14:15 ` Vincenzo Frascino 2018-12-11 14:15 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 25/28] mips: Introduce vdso_direct Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 26/28] clock: csrc-4k: Add support for vdso_direct Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 27/28] clock: gic-timer: " Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino 2018-11-29 17:05 ` [PATCH v2 28/28] mips: Add support for generic vDSO Vincenzo Frascino 2018-11-29 17:05 ` Vincenzo Frascino
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181207175321.GA11430@edgewater-inn.cambridge.arm.com \ --to=will.deacon@arm.com \ --cc=arnd@arndb.de \ --cc=catalin.marinas@arm.com \ --cc=daniel.lezcano@linaro.org \ --cc=linux-arch@vger.kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux@armlinux.org.uk \ --cc=paul.burton@mips.com \ --cc=pcc@google.com \ --cc=ralf@linux-mips.org \ --cc=salyzyn@android.com \ --cc=tglx@linutronix.de \ --cc=vincenzo.frascino@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).