From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <konrad.wilk@oracle.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 22 Jan
  2019 04:54:27 -0000
Received: from userp2130.oracle.com ([156.151.31.86])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <konrad.wilk@oracle.com>)
	id 1glo4v-0004F3-Pg
	for speck@linutronix.de; Tue, 22 Jan 2019 05:54:26 +0100
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
	by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id x0M4rl6H099862
	for <speck@linutronix.de>; Tue, 22 Jan 2019 04:54:19 GMT
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71])
	by userp2130.oracle.com with ESMTP id 2q3uauhcc6-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Tue, 22 Jan 2019 04:54:19 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])
	by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id x0M4sINu015361
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Tue, 22 Jan 2019 04:54:19 GMT
Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11])
	by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x0M4sItS023119
	for <speck@linutronix.de>; Tue, 22 Jan 2019 04:54:18 GMT
Date: Mon, 21 Jan 2019 23:54:17 -0500
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: [MODERATED] Re: [PATCH v5 16/27] MDSv5 10
Message-ID: <20190122045417.GL12859@char.us.oracle.com>
References: <cover.1547858934.git.ak@linux.intel.com>
 <a220daf6f508ae561a4b55574b6d32b9cee1c1b6.1547858934.git.ak@linux.intel.com>
MIME-Version: 1.0
In-Reply-To: 
 <a220daf6f508ae561a4b55574b6d32b9cee1c1b6.1547858934.git.ak@linux.intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Fri, Jan 18, 2019 at 04:50:31PM -0800, speck for Andi Kleen wrote:
> From: Andi Kleen <ak@linux.intel.com>
> Subject:  mds: Mark interrupts clear cpu, unless opted-out
> 
> Interrupts might touch user data from other processes
> in any context.
> 
> By default we clear the CPU on the next kernel exit.
> 
> Add a new IRQ_F_NO_USER interrupt flag. When the flag
> is not set on interrupt execution we clear the cpu state on

s/we clear the cpu state/we flush the CPU's MDS state's/ ?

'cpu state' implies (At least to me) - everything - like even cache.
But that is what not what we do - we do our lazy CPU flushing.
> next kernel exit.
> 
> This allows interrupts to opt-out from the extra clearing
> overhead, but is safe by default.

s/but is safe by default/if they are sanitized and carry no user data./ ?

> 
> Over time as more interrupt code is audited it can set the opt-out.

s/it can set the opt-out/we can opt-out various code/ ?

Either way:
> 
> Signed-off-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Thank you!
> ---
>  include/linux/interrupt.h | 2 ++
>  kernel/irq/handle.c       | 8 ++++++++
>  kernel/irq/manage.c       | 1 +
>  3 files changed, 11 insertions(+)
> 
> diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
> index c672f34235e7..291b7fee3afe 100644
> --- a/include/linux/interrupt.h
> +++ b/include/linux/interrupt.h
> @@ -61,6 +61,7 @@
>   *                interrupt handler after suspending interrupts. For system
>   *                wakeup devices users need to implement wakeup detection in
>   *                their interrupt handlers.
> + * IRQF_NO_USER	- Interrupt does not touch user data
>   */
>  #define IRQF_SHARED		0x00000080
>  #define IRQF_PROBE_SHARED	0x00000100
> @@ -74,6 +75,7 @@
>  #define IRQF_NO_THREAD		0x00010000
>  #define IRQF_EARLY_RESUME	0x00020000
>  #define IRQF_COND_SUSPEND	0x00040000
> +#define IRQF_NO_USER		0x00080000
>  
>  #define IRQF_TIMER		(__IRQF_TIMER | IRQF_NO_SUSPEND | IRQF_NO_THREAD)
>  
> diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c
> index 38554bc35375..e5910938ce2b 100644
> --- a/kernel/irq/handle.c
> +++ b/kernel/irq/handle.c
> @@ -13,6 +13,7 @@
>  #include <linux/sched.h>
>  #include <linux/interrupt.h>
>  #include <linux/kernel_stat.h>
> +#include <linux/clearcpu.h>
>  
>  #include <trace/events/irq.h>
>  
> @@ -149,6 +150,13 @@ irqreturn_t __handle_irq_event_percpu(struct irq_desc *desc, unsigned int *flags
>  		res = action->handler(irq, action->dev_id);
>  		trace_irq_handler_exit(irq, action, res);
>  
> +		/*
> +		 * We aren't sure if the interrupt handler did or did not
> +		 * touch user data. Schedule a cpu clear just in case.
> +		 */
> +		if (!(action->flags & IRQF_NO_USER))
> +			lazy_clear_cpu();
> +
>  		if (WARN_ONCE(!irqs_disabled(),"irq %u handler %pF enabled interrupts\n",
>  			      irq, action->handler))
>  			local_irq_disable();
> diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
> index a4888ce4667a..3f0c99240638 100644
> --- a/kernel/irq/manage.c
> +++ b/kernel/irq/manage.c
> @@ -1793,6 +1793,7 @@ EXPORT_SYMBOL(free_irq);
>   *
>   *	IRQF_SHARED		Interrupt is shared
>   *	IRQF_TRIGGER_*		Specify active edge(s) or level
> + *	IRQF_NOUSER		Does not touch user data.
>   *
>   */
>  int request_threaded_irq(unsigned int irq, irq_handler_t handler,
> -- 
> 2.17.2