From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756649AbbDJSEe (ORCPT ); Fri, 10 Apr 2015 14:04:34 -0400 Received: from mail-wi0-f170.google.com ([209.85.212.170]:37865 "EHLO mail-wi0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754924AbbDJSEa (ORCPT ); Fri, 10 Apr 2015 14:04:30 -0400 Date: Fri, 10 Apr 2015 20:04:25 +0200 From: Ingo Molnar To: Linus Torvalds Cc: "Paul E. McKenney" , Jason Low , Peter Zijlstra , Davidlohr Bueso , Tim Chen , Aswin Chandramouleeswaran , LKML Subject: Re: [PATCH] x86/uaccess: Implement get_kernel() Message-ID: <20150410180425.GC6563@gmail.com> References: <20150409175652.GI6464@linux.vnet.ibm.com> <20150409183926.GM6464@linux.vnet.ibm.com> <20150410090051.GA28549@gmail.com> <20150410091252.GA27630@gmail.com> <20150410092152.GA21332@gmail.com> <20150410111427.GA30477@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Linus Torvalds wrote: > On Fri, Apr 10, 2015 at 4:14 AM, Ingo Molnar wrote: > > > >> > >> The next patch will implement efficient > >> __copy_from_kernel_inatomic() for x86. > > > > The patch below does that. Note, for simplicity I've changed the > > interface to 'get_kernel()' (will propagate this through the other > > patches as well). > > So I think this needs a couple of changes: > > - That "get_kernel()" name is not clear enough about what the issue > is. I think it should make it clearer that it's an unsafe access > that could fault, and that we don't want a user access. > > So maybe "get_kernel_stalepointer()" or something like that. Ok. > - you're just re-implementing "__get_user_asm_ex()" afaik. Try to > share the code, renaming it to be something common. Ok, will try that. > - I think we should look at sharing the code for __get_user(). Could > we do something like this: > > (a) implement the basic "load with exceptions" as __get_with_exception() > (b) #define get_kernel_stalepointer() __get_with_exception > (c) make "__get_user()" be "stac(); __get_with_exception(); clac()" Will try. The only possible complication there might be the way we don't recover the error code in the _ex() variants, that's actually a pretty important aspect to making this zero cost. Since the error code comes back from assembly code in some cases we cannot make it go away in the _ex() case. So I'm not sure we can share code between _ex() and the normal methods - but we can certainly share with the _ex() variants. > - finally, I wonder what the exact semantics of > "get_kernel_stalepointer()" should be. I could well imagine that > what we should do is > > #ifdef CONFIG_DEBUG_PAGEALLOC > #define get_kernel_stalepointer(x,ptr) ((x)=READ_ONCE(*(ptr)), 0) > #else > #define get_kernel_stalepointer(x,ptr) __get_with_exception(x,ptr) > #endif I guess you meant that to be the other way around? > because I think it's reasonable to require that the kernel pointer > is _stale_, and not "invalid". [...] Absolutely, and I think this is a hard requirement: we don't (ever) want to dereference random addresses, due to possible mmio side effects. > [...] IOW, guarantee that it *has* been a kernel pointer, and that > the only reason it would trap is for DEBUG_PAGEALLOC. Yes. > That last point might need to be verified with hotplug memory. I > think hotplug memory does a stop_machine() or similar, but I'm not > sure. So memory hotplug does it in a pretty simple fashion IIRC: only such zones are movable and hot-unpluggable which don't contain kmalloc()-able of gfp()-able memory - they are limited purpose memory pools only usable for user pages and the page cache. So stale pointers should never point to hot-unpluggable memory. Thanks, Ingo