From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7BEBECE562 for ; Fri, 14 Sep 2018 21:13:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9A3D421476 for ; Fri, 14 Sep 2018 21:13:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9A3D421476 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728237AbeIOC3u (ORCPT ); Fri, 14 Sep 2018 22:29:50 -0400 Received: from mga02.intel.com ([134.134.136.20]:39286 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727716AbeIOC3u (ORCPT ); Fri, 14 Sep 2018 22:29:50 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Sep 2018 14:13:36 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,374,1531810800"; d="scan'208";a="257351283" Received: from 2b52.sc.intel.com ([143.183.136.51]) by orsmga005.jf.intel.com with ESMTP; 14 Sep 2018 14:13:25 -0700 Message-ID: <1536959337.12990.27.camel@intel.com> Subject: Re: [RFC PATCH v3 12/24] x86/mm: Modify ptep_set_wrprotect and pmdp_set_wrprotect for _PAGE_DIRTY_SW From: Yu-cheng Yu To: Dave Hansen , Peter Zijlstra Cc: Jann Horn , the arch/x86 maintainers , "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , kernel list , linux-doc@vger.kernel.org, Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Florian Weimer , hjl.tools@gmail.com, Jonathan Corbet , keescook@chromium.org, Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , ravi.v.shankar@intel.com, vedvyas.shanbhogue@intel.com Date: Fri, 14 Sep 2018 14:08:57 -0700 In-Reply-To: <8d9ce0e9-8fc7-8c68-4aa9-9aed9ee949f2@linux.intel.com> References: <1535660494.28258.36.camel@intel.com> <1535662366.28781.6.camel@intel.com> <20180831095300.GF24124@hirez.programming.kicks-ass.net> <1535726032.32537.0.camel@intel.com> <1535730524.501.13.camel@intel.com> <6d31bd30-6d5b-bbde-1e97-1d8255eff76d@linux.intel.com> <20180831162920.GQ24124@hirez.programming.kicks-ass.net> <1536957543.12990.9.camel@intel.com> <8d9ce0e9-8fc7-8c68-4aa9-9aed9ee949f2@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2018-09-14 at 13:46 -0700, Dave Hansen wrote: > On 09/14/2018 01:39 PM, Yu-cheng Yu wrote: > > > > With the updated ptep_set_wrprotect() below, I did MADV_WILLNEED to a shadow > > stack of 8 MB, then 10,000 fork()'s, but could not prove it is more or less > > efficient than the other.  So can we say this is probably fine in terms of > > efficiency? > Well, the first fork() will do all the hard work.  I don't think > subsequent fork()s will be affected. Are you talking about a recent commit:     1b2de5d0 mm/cow: don't bother write protecting already write-protected pages With that, subsequent fork()s will not do all the hard work. However, I have not done that for shadow stack PTEs (do we want to do that?). I think the additional benefit for shadow stack is small? > > Did you do something to ensure this code was being run? > > I would guess that a loop like this: > > for (i = 0; i < 10000; i++) { > mprotect(addr, len, PROT_READ); > mprotect(addr, len, PROT_READ|PROT_WRITE); > } > > might show it better. Would mprotect() do copy_one_pte()?  Otherwise it will not go through ptep_set_wrprotect()? From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yu-cheng Yu Subject: Re: [RFC PATCH v3 12/24] x86/mm: Modify ptep_set_wrprotect and pmdp_set_wrprotect for _PAGE_DIRTY_SW Date: Fri, 14 Sep 2018 14:08:57 -0700 Message-ID: <1536959337.12990.27.camel@intel.com> References: <1535660494.28258.36.camel@intel.com> <1535662366.28781.6.camel@intel.com> <20180831095300.GF24124@hirez.programming.kicks-ass.net> <1535726032.32537.0.camel@intel.com> <1535730524.501.13.camel@intel.com> <6d31bd30-6d5b-bbde-1e97-1d8255eff76d@linux.intel.com> <20180831162920.GQ24124@hirez.programming.kicks-ass.net> <1536957543.12990.9.camel@intel.com> <8d9ce0e9-8fc7-8c68-4aa9-9aed9ee949f2@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: <8d9ce0e9-8fc7-8c68-4aa9-9aed9ee949f2@linux.intel.com> Sender: linux-kernel-owner@vger.kernel.org To: Dave Hansen , Peter Zijlstra Cc: Jann Horn , the arch/x86 maintainers , "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , kernel list , linux-doc@vger.kernel.org, Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Florian Weimer , hjl.tools@gmail.com, Jonathan Corbet , keescook@chromium.org, Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek List-Id: linux-api@vger.kernel.org On Fri, 2018-09-14 at 13:46 -0700, Dave Hansen wrote: > On 09/14/2018 01:39 PM, Yu-cheng Yu wrote: > > > > With the updated ptep_set_wrprotect() below, I did MADV_WILLNEED to a shadow > > stack of 8 MB, then 10,000 fork()'s, but could not prove it is more or less > > efficient than the other.  So can we say this is probably fine in terms of > > efficiency? > Well, the first fork() will do all the hard work.  I don't think > subsequent fork()s will be affected. Are you talking about a recent commit:     1b2de5d0 mm/cow: don't bother write protecting already write-protected pages With that, subsequent fork()s will not do all the hard work. However, I have not done that for shadow stack PTEs (do we want to do that?). I think the additional benefit for shadow stack is small? > > Did you do something to ensure this code was being run? > > I would guess that a loop like this: > > for (i = 0; i < 10000; i++) { > mprotect(addr, len, PROT_READ); > mprotect(addr, len, PROT_READ|PROT_WRITE); > } > > might show it better. Would mprotect() do copy_one_pte()?  Otherwise it will not go through ptep_set_wrprotect()? From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id E85ED8E0001 for ; Fri, 14 Sep 2018 17:13:37 -0400 (EDT) Received: by mail-pl1-f200.google.com with SMTP id d40-v6so4873750pla.14 for ; Fri, 14 Sep 2018 14:13:37 -0700 (PDT) Received: from mga01.intel.com (mga01.intel.com. [192.55.52.88]) by mx.google.com with ESMTPS id 88-v6si8796578plc.515.2018.09.14.14.13.36 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Sep 2018 14:13:36 -0700 (PDT) Message-ID: <1536959337.12990.27.camel@intel.com> Subject: Re: [RFC PATCH v3 12/24] x86/mm: Modify ptep_set_wrprotect and pmdp_set_wrprotect for _PAGE_DIRTY_SW From: Yu-cheng Yu Date: Fri, 14 Sep 2018 14:08:57 -0700 In-Reply-To: <8d9ce0e9-8fc7-8c68-4aa9-9aed9ee949f2@linux.intel.com> References: <1535660494.28258.36.camel@intel.com> <1535662366.28781.6.camel@intel.com> <20180831095300.GF24124@hirez.programming.kicks-ass.net> <1535726032.32537.0.camel@intel.com> <1535730524.501.13.camel@intel.com> <6d31bd30-6d5b-bbde-1e97-1d8255eff76d@linux.intel.com> <20180831162920.GQ24124@hirez.programming.kicks-ass.net> <1536957543.12990.9.camel@intel.com> <8d9ce0e9-8fc7-8c68-4aa9-9aed9ee949f2@linux.intel.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: Dave Hansen , Peter Zijlstra Cc: Jann Horn , the arch/x86 maintainers , "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , kernel list , linux-doc@vger.kernel.org, Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Florian Weimer , hjl.tools@gmail.com, Jonathan Corbet , keescook@chromium.org, Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , ravi.v.shankar@intel.com, vedvyas.shanbhogue@intel.com On Fri, 2018-09-14 at 13:46 -0700, Dave Hansen wrote: > On 09/14/2018 01:39 PM, Yu-cheng Yu wrote: > > > > With the updated ptep_set_wrprotect() below, I did MADV_WILLNEED to a shadow > > stack of 8 MB, then 10,000 fork()'s, but could not prove it is more or less > > efficient than the other. A So can we say this is probably fine in terms of > > efficiency? > Well, the first fork() will do all the hard work.A A I don't think > subsequent fork()s will be affected. Are you talking about a recent commit: A A 1b2de5d0 mm/cow: don't bother write protecting already write-protected pages With that, subsequent fork()s will not do all the hard work. However, I have not done that for shadow stack PTEs (do we want to do that?). I think the additional benefit for shadow stack is small? > > Did you do something to ensure this code was being run? > > I would guess that a loop like this: > > for (i = 0; i < 10000; i++) { > mprotect(addr, len, PROT_READ); > mprotect(addr, len, PROT_READ|PROT_WRITE); > } > > might show it better. Would mprotect() do copy_one_pte()? A Otherwise it will not go through ptep_set_wrprotect()?