From: Ira Weiny <ira.weiny@intel.com> To: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org, Andrew Morton <akpm@linux-foundation.org>, Fenghua Yu <fenghua.yu@intel.com>, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH RFC V2 17/17] x86/entry: Preserve PKRS MSR across exceptions Date: Mon, 27 Jul 2020 13:59:09 -0700 [thread overview] Message-ID: <20200727205909.GP844235@iweiny-DESK2.sc.intel.com> (raw) In-Reply-To: <874kpwtxlh.fsf@nanos.tec.linutronix.de> On Fri, Jul 24, 2020 at 11:24:58PM +0200, Thomas Gleixner wrote: > Ira, > > Thomas Gleixner <tglx@linutronix.de> writes: > > Ira Weiny <ira.weiny@intel.com> writes: > >> On Thu, Jul 23, 2020 at 09:53:20PM +0200, Thomas Gleixner wrote: > >> I think, after fixing my code (see below), using idtentry_state could still > >> work. If the per-cpu cache and the MSR is updated in idtentry_exit() that > >> should carry the state to the new cpu, correct? > > > > I'm way too tired to think about that now. Will have a look tomorrow > > with brain awake. > > Not that I'm way more awake now, but at least I have the feeling that my > brain is not completely useless. > > Let me summarize what I understood: > > 1) A per CPU cache which shadows the current state of the MSR, i.e. the > current valid key. You use that to avoid costly MSR writes if the > key does not change. Yes > > 2) On idtentry you store the key on entry in idtentry_state, clear it > in the MSR and shadow state if necessary and restore it on exit. Yes, but I've subsequently found a bug here but yea that was the intention. :-D I also maintain the ref count of the number of nested calls to kmap to ensure that kmap_atomic() is nestable during an exception independent of the number of nested calls of the interrupted thread. > 3) On context switch out you save the per CPU cache value in the task > and on context switch in you restore it from there. yes > > Yes, that works (see below for #2) and sorry for my confusion yesterday > about storing this in task state. No problem. > > #2 requires to handle the exceptions which do not go through > idtentry_enter/exit() seperately, but that's a manageable amount. It's > the ones which use IDTENTRY_RAW or a variant of it. > > #BP, #MC, #NMI, #DB, #DF need extra local storage as all the kernel > entries for those use nmi_enter()/exit(). So you just can create > wrappers around those. Somehting like this > > static __always_inline idtentry_state_t idtentry_nmi_enter(void) > { > idtentry_state_t state = {}; > > nmi_enter(); > instrumentation_begin(); > state.key = save_and_clear_key(); > instrumentation_end(); > } > > static __always_inline void idtentry_nmi_exit(idtentry_state_t state) > { > instrumentation_begin(); > restore_key(state.key); > instrumentation_end(); > nmi_exit(); > } > Thanks! > #UD and #PF are using the raw entry variant as well but still invoke > idtentry_enter()/exit(). #PF does not need any work. #UD handles > WARN/BUG without going through idtentry_enter() first, but I don't think > that's an issue unless a not 0 key would prevent writing to the console > device. You surely can figure that out. > > Hope that helps. Yes it does thank you. I'm also trying to simplify the API per Peters comments while refactoring this. Ira _______________________________________________ Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org To unsubscribe send an email to linux-nvdimm-leave@lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: Ira Weiny <ira.weiny@intel.com> To: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org, Dan Williams <dan.j.williams@intel.com>, Vishal Verma <vishal.l.verma@intel.com>, Andrew Morton <akpm@linux-foundation.org>, Fenghua Yu <fenghua.yu@intel.com>, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH RFC V2 17/17] x86/entry: Preserve PKRS MSR across exceptions Date: Mon, 27 Jul 2020 13:59:09 -0700 [thread overview] Message-ID: <20200727205909.GP844235@iweiny-DESK2.sc.intel.com> (raw) In-Reply-To: <874kpwtxlh.fsf@nanos.tec.linutronix.de> On Fri, Jul 24, 2020 at 11:24:58PM +0200, Thomas Gleixner wrote: > Ira, > > Thomas Gleixner <tglx@linutronix.de> writes: > > Ira Weiny <ira.weiny@intel.com> writes: > >> On Thu, Jul 23, 2020 at 09:53:20PM +0200, Thomas Gleixner wrote: > >> I think, after fixing my code (see below), using idtentry_state could still > >> work. If the per-cpu cache and the MSR is updated in idtentry_exit() that > >> should carry the state to the new cpu, correct? > > > > I'm way too tired to think about that now. Will have a look tomorrow > > with brain awake. > > Not that I'm way more awake now, but at least I have the feeling that my > brain is not completely useless. > > Let me summarize what I understood: > > 1) A per CPU cache which shadows the current state of the MSR, i.e. the > current valid key. You use that to avoid costly MSR writes if the > key does not change. Yes > > 2) On idtentry you store the key on entry in idtentry_state, clear it > in the MSR and shadow state if necessary and restore it on exit. Yes, but I've subsequently found a bug here but yea that was the intention. :-D I also maintain the ref count of the number of nested calls to kmap to ensure that kmap_atomic() is nestable during an exception independent of the number of nested calls of the interrupted thread. > 3) On context switch out you save the per CPU cache value in the task > and on context switch in you restore it from there. yes > > Yes, that works (see below for #2) and sorry for my confusion yesterday > about storing this in task state. No problem. > > #2 requires to handle the exceptions which do not go through > idtentry_enter/exit() seperately, but that's a manageable amount. It's > the ones which use IDTENTRY_RAW or a variant of it. > > #BP, #MC, #NMI, #DB, #DF need extra local storage as all the kernel > entries for those use nmi_enter()/exit(). So you just can create > wrappers around those. Somehting like this > > static __always_inline idtentry_state_t idtentry_nmi_enter(void) > { > idtentry_state_t state = {}; > > nmi_enter(); > instrumentation_begin(); > state.key = save_and_clear_key(); > instrumentation_end(); > } > > static __always_inline void idtentry_nmi_exit(idtentry_state_t state) > { > instrumentation_begin(); > restore_key(state.key); > instrumentation_end(); > nmi_exit(); > } > Thanks! > #UD and #PF are using the raw entry variant as well but still invoke > idtentry_enter()/exit(). #PF does not need any work. #UD handles > WARN/BUG without going through idtentry_enter() first, but I don't think > that's an issue unless a not 0 key would prevent writing to the console > device. You surely can figure that out. > > Hope that helps. Yes it does thank you. I'm also trying to simplify the API per Peters comments while refactoring this. Ira
next prev parent reply other threads:[~2020-07-27 20:59 UTC|newest] Thread overview: 157+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-07-17 7:20 [PATCH RFC V2 00/17] PKS: Add Protection Keys Supervisor (PKS) support ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 01/17] x86/pkeys: Create pkeys_internal.h ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 02/17] x86/fpu: Refactor arch_set_user_pkey_access() for PKS support ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 8:54 ` Peter Zijlstra 2020-07-17 8:54 ` Peter Zijlstra 2020-07-17 20:52 ` Ira Weiny 2020-07-17 20:52 ` Ira Weiny 2020-07-20 9:14 ` Peter Zijlstra 2020-07-20 9:14 ` Peter Zijlstra 2020-07-17 22:36 ` Dave Hansen 2020-07-17 22:36 ` Dave Hansen 2020-07-20 9:13 ` Peter Zijlstra 2020-07-20 9:13 ` Peter Zijlstra 2020-07-17 7:20 ` [PATCH RFC V2 03/17] x86/pks: Enable Protection Keys Supervisor (PKS) ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 04/17] x86/pks: Preserve the PKRS MSR on context switch ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 8:31 ` Peter Zijlstra 2020-07-17 8:31 ` Peter Zijlstra 2020-07-17 21:39 ` Ira Weiny 2020-07-17 21:39 ` Ira Weiny 2020-07-17 8:59 ` Peter Zijlstra 2020-07-17 8:59 ` Peter Zijlstra 2020-07-17 22:34 ` Ira Weiny 2020-07-17 22:34 ` Ira Weiny 2020-07-20 9:15 ` Peter Zijlstra 2020-07-20 9:15 ` Peter Zijlstra 2020-07-20 18:35 ` Ira Weiny 2020-07-20 18:35 ` Ira Weiny 2020-07-17 7:20 ` [PATCH RFC V2 05/17] x86/pks: Add PKS kernel API ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 06/17] x86/pks: Add a debugfs file for allocated PKS keys ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 07/17] Documentation/pkeys: Update documentation for kernel pkeys ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 08/17] x86/pks: Add PKS Test code ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 09/17] memremap: Convert devmap static branch to {inc,dec} ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 10/17] fs/dax: Remove unused size parameter ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 11/17] drivers/dax: Expand lock scope to cover the use of addresses ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 12/17] memremap: Add zone device access protection ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 9:10 ` Peter Zijlstra 2020-07-17 9:10 ` Peter Zijlstra 2020-07-18 5:06 ` Ira Weiny 2020-07-18 5:06 ` Ira Weiny 2020-07-20 9:16 ` Peter Zijlstra 2020-07-20 9:16 ` Peter Zijlstra 2020-07-17 9:17 ` Peter Zijlstra 2020-07-17 9:17 ` Peter Zijlstra 2020-07-18 5:51 ` Ira Weiny 2020-07-18 5:51 ` Ira Weiny 2020-07-17 9:20 ` Peter Zijlstra 2020-07-17 9:20 ` Peter Zijlstra 2020-07-17 7:20 ` [PATCH RFC V2 13/17] kmap: Add stray write protection for device pages ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 9:21 ` Peter Zijlstra 2020-07-17 9:21 ` Peter Zijlstra 2020-07-19 4:13 ` Ira Weiny 2020-07-19 4:13 ` Ira Weiny 2020-07-20 9:17 ` Peter Zijlstra 2020-07-20 9:17 ` Peter Zijlstra 2020-07-21 16:31 ` Ira Weiny 2020-07-21 16:31 ` Ira Weiny 2020-07-17 7:20 ` [PATCH RFC V2 14/17] dax: Stray write protection for dax_direct_access() ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 9:22 ` Peter Zijlstra 2020-07-17 9:22 ` Peter Zijlstra 2020-07-19 4:41 ` Ira Weiny 2020-07-19 4:41 ` Ira Weiny 2020-07-17 7:20 ` [PATCH RFC V2 15/17] nvdimm/pmem: Stray write protection for pmem->virt_addr ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 7:20 ` [PATCH RFC V2 16/17] [dax|pmem]: Enable stray write protection ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 9:25 ` Peter Zijlstra 2020-07-17 9:25 ` Peter Zijlstra 2020-07-17 7:20 ` [PATCH RFC V2 17/17] x86/entry: Preserve PKRS MSR across exceptions ira.weiny 2020-07-17 7:20 ` ira.weiny 2020-07-17 9:30 ` Peter Zijlstra 2020-07-17 9:30 ` Peter Zijlstra 2020-07-21 18:01 ` Ira Weiny 2020-07-21 18:01 ` Ira Weiny 2020-07-21 19:11 ` Peter Zijlstra 2020-07-21 19:11 ` Peter Zijlstra 2020-07-17 9:34 ` Peter Zijlstra 2020-07-17 9:34 ` Peter Zijlstra 2020-07-17 10:06 ` Peter Zijlstra 2020-07-17 10:06 ` Peter Zijlstra 2020-07-22 5:27 ` Ira Weiny 2020-07-22 5:27 ` Ira Weiny 2020-07-22 9:48 ` Peter Zijlstra 2020-07-22 9:48 ` Peter Zijlstra 2020-07-22 21:24 ` Ira Weiny 2020-07-22 21:24 ` Ira Weiny 2020-07-23 20:08 ` Thomas Gleixner 2020-07-23 20:08 ` Thomas Gleixner 2020-07-23 20:15 ` Thomas Gleixner 2020-07-23 20:15 ` Thomas Gleixner 2020-07-24 17:23 ` Ira Weiny 2020-07-24 17:23 ` Ira Weiny 2020-07-24 17:29 ` Andy Lutomirski 2020-07-24 17:29 ` Andy Lutomirski 2020-07-24 19:43 ` Ira Weiny 2020-07-24 19:43 ` Ira Weiny 2020-07-22 16:21 ` Andy Lutomirski 2020-07-22 16:21 ` Andy Lutomirski 2020-07-22 16:21 ` Andy Lutomirski 2020-07-23 16:18 ` Fenghua Yu 2020-07-23 16:18 ` Fenghua Yu 2020-07-23 16:18 ` Fenghua Yu 2020-07-23 16:23 ` Dave Hansen 2020-07-23 16:23 ` Dave Hansen 2020-07-23 16:23 ` Dave Hansen 2020-07-23 16:52 ` Fenghua Yu 2020-07-23 16:52 ` Fenghua Yu 2020-07-23 16:52 ` Fenghua Yu 2020-07-23 17:08 ` Andy Lutomirski 2020-07-23 17:08 ` Andy Lutomirski 2020-07-23 17:08 ` Andy Lutomirski 2020-07-23 17:30 ` Dave Hansen 2020-07-23 17:30 ` Dave Hansen 2020-07-23 17:30 ` Dave Hansen 2020-07-23 20:23 ` Thomas Gleixner 2020-07-23 20:23 ` Thomas Gleixner 2020-07-23 20:23 ` Thomas Gleixner 2020-07-23 20:22 ` Thomas Gleixner 2020-07-23 20:22 ` Thomas Gleixner 2020-07-23 20:22 ` Thomas Gleixner 2020-07-23 21:30 ` Andy Lutomirski 2020-07-23 21:30 ` Andy Lutomirski 2020-07-23 21:30 ` Andy Lutomirski 2020-07-23 22:14 ` Thomas Gleixner 2020-07-23 22:14 ` Thomas Gleixner 2020-07-23 22:14 ` Thomas Gleixner 2020-07-23 19:53 ` Thomas Gleixner 2020-07-23 19:53 ` Thomas Gleixner 2020-07-23 22:04 ` Ira Weiny 2020-07-23 22:04 ` Ira Weiny 2020-07-23 23:41 ` Thomas Gleixner 2020-07-23 23:41 ` Thomas Gleixner 2020-07-24 21:24 ` Thomas Gleixner 2020-07-24 21:24 ` Thomas Gleixner 2020-07-24 21:31 ` Thomas Gleixner 2020-07-24 21:31 ` Thomas Gleixner 2020-07-25 0:09 ` Andy Lutomirski 2020-07-25 0:09 ` Andy Lutomirski 2020-07-25 0:09 ` Andy Lutomirski 2020-07-27 20:59 ` Ira Weiny [this message] 2020-07-27 20:59 ` Ira Weiny 2020-07-24 22:19 ` [PATCH RFC V2 00/17] PKS: Add Protection Keys Supervisor (PKS) support Kees Cook 2020-07-24 22:19 ` Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200727205909.GP844235@iweiny-DESK2.sc.intel.com \ --to=ira.weiny@intel.com \ --cc=akpm@linux-foundation.org \ --cc=bp@alien8.de \ --cc=dave.hansen@linux.intel.com \ --cc=fenghua.yu@intel.com \ --cc=linux-doc@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-kselftest@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-nvdimm@lists.01.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=peterz@infradead.org \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.