From: Dave Hansen <dave.hansen@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Qiaowei Ren <qiaowei.ren@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8 00/10] Intel MPX support
Date: Fri, 12 Sep 2014 14:31:03 -0700 [thread overview]
Message-ID: <54136617.8070203@intel.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1409121543090.4178@nanos>
On 09/12/2014 12:21 PM, Thomas Gleixner wrote:
> On Thu, 11 Sep 2014, Dave Hansen wrote:
>> +When #BR fault is produced due to invalid entry, bounds table will be
>> +created in kernel on demand and kernel will not transfer this fault to
>> +userspace. So usersapce can't receive #BR fault for invalid entry, and
>> +it is not also necessary for users to create bounds tables by themselves.
>> +
>> +Certainly users can allocate bounds tables and forcibly point the bounds
>> +directory at them through XSAVE instruction, and then set valid bit
>> +of bounds entry to have this entry valid. But we have no way to track
>> +the memory usage of these user-created bounds tables. In regard to this,
>> +this behaviour is outlawed here.
>
> So what's the point of declaring it outlawed? Nothing as far as I can
> see simply because you cannot enforce it. This is possible and people
> simply will do it.
All that we want to get across is: if the kernel didn't make the mess,
we're not going to clean it up.
Userspace is free to do whatever the heck it wants. But, if it wants
the kernel to clean up the bounds tables, it needs to follow the rules
we're laying out here.
I think it boils down to two rules:
1. Don't move the bounds directory without telling the kernel.
2. The kernel will not free any memory which it did not allocate.
>> +2) We will not support the case that multiple bounds directory entries
>> +are pointed at the same bounds table.
>> +
>> +Users can be allowed to take multiple bounds directory entries and point
>> +them at the same bounds table. See more information "Intel(R) Architecture
>> +Instruction Set Extensions Programming Reference" (9.3.4).
>> +
>> +If userspace did this, it will be possible for kernel to unmap an in-use
>> +bounds table since it does not recognize sharing. So this behavior is
>> +also outlawed here.
>
> Again, this is nothing you can enforce and just saying its outlawed
> does not prevent user space from doing it and then sending hard to
> decode bug reports where it complains about mappings silently
> vanishing under it.
>
> So all you can do here is to write up a rule set how well behaving
> user space is supposed to use this facility and the kernel side of it.
"Outlaw" was probably the wrong word.
I completely agree that all we can do is set up a set of rules for what
well-behaved userspace is expected to do.
WARNING: multiple messages have this Message-ID (diff)
From: Dave Hansen <dave.hansen@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Qiaowei Ren <qiaowei.ren@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8 00/10] Intel MPX support
Date: Fri, 12 Sep 2014 14:31:03 -0700 [thread overview]
Message-ID: <54136617.8070203@intel.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1409121543090.4178@nanos>
On 09/12/2014 12:21 PM, Thomas Gleixner wrote:
> On Thu, 11 Sep 2014, Dave Hansen wrote:
>> +When #BR fault is produced due to invalid entry, bounds table will be
>> +created in kernel on demand and kernel will not transfer this fault to
>> +userspace. So usersapce can't receive #BR fault for invalid entry, and
>> +it is not also necessary for users to create bounds tables by themselves.
>> +
>> +Certainly users can allocate bounds tables and forcibly point the bounds
>> +directory at them through XSAVE instruction, and then set valid bit
>> +of bounds entry to have this entry valid. But we have no way to track
>> +the memory usage of these user-created bounds tables. In regard to this,
>> +this behaviour is outlawed here.
>
> So what's the point of declaring it outlawed? Nothing as far as I can
> see simply because you cannot enforce it. This is possible and people
> simply will do it.
All that we want to get across is: if the kernel didn't make the mess,
we're not going to clean it up.
Userspace is free to do whatever the heck it wants. But, if it wants
the kernel to clean up the bounds tables, it needs to follow the rules
we're laying out here.
I think it boils down to two rules:
1. Don't move the bounds directory without telling the kernel.
2. The kernel will not free any memory which it did not allocate.
>> +2) We will not support the case that multiple bounds directory entries
>> +are pointed at the same bounds table.
>> +
>> +Users can be allowed to take multiple bounds directory entries and point
>> +them at the same bounds table. See more information "Intel(R) Architecture
>> +Instruction Set Extensions Programming Reference" (9.3.4).
>> +
>> +If userspace did this, it will be possible for kernel to unmap an in-use
>> +bounds table since it does not recognize sharing. So this behavior is
>> +also outlawed here.
>
> Again, this is nothing you can enforce and just saying its outlawed
> does not prevent user space from doing it and then sending hard to
> decode bug reports where it complains about mappings silently
> vanishing under it.
>
> So all you can do here is to write up a rule set how well behaving
> user space is supposed to use this facility and the kernel side of it.
"Outlaw" was probably the wrong word.
I completely agree that all we can do is set up a set of rules for what
well-behaved userspace is expected to do.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2014-09-12 21:31 UTC|newest]
Thread overview: 130+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-11 8:46 [PATCH v8 00/10] Intel MPX support Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 01/10] x86, mpx: introduce VM_MPX to indicate that a VMA is MPX specific Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 02/10] x86, mpx: add MPX specific mmap interface Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 03/10] x86, mpx: add macro cpu_has_mpx Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 04/10] x86, mpx: hook #BR exception handler to allocate bound tables Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-12 22:58 ` Dave Hansen
2014-09-12 22:58 ` Dave Hansen
2014-09-13 7:24 ` Ren, Qiaowei
2014-09-13 7:24 ` Ren, Qiaowei
2014-09-24 14:40 ` Dave Hansen
2014-09-24 14:40 ` Dave Hansen
2014-09-11 8:46 ` [PATCH v8 05/10] x86, mpx: extend siginfo structure to include bound violation information Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 8:46 ` [PATCH v8 06/10] mips: sync struct siginfo with general version Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 22:13 ` Thomas Gleixner
2014-09-11 22:13 ` Thomas Gleixner
2014-09-12 2:54 ` Ren, Qiaowei
2014-09-12 2:54 ` Ren, Qiaowei
2014-09-12 8:17 ` Thomas Gleixner
2014-09-12 8:17 ` Thomas Gleixner
2014-09-13 7:13 ` Ren, Qiaowei
2014-09-13 7:13 ` Ren, Qiaowei
2014-09-11 8:46 ` [PATCH v8 07/10] x86, mpx: decode MPX instruction to get bound violation information Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 22:18 ` Thomas Gleixner
2014-09-11 22:18 ` Thomas Gleixner
2014-09-11 22:32 ` Dave Hansen
2014-09-11 22:32 ` Dave Hansen
2014-09-11 22:35 ` H. Peter Anvin
2014-09-11 22:35 ` H. Peter Anvin
2014-09-11 23:37 ` Thomas Gleixner
2014-09-11 23:37 ` Thomas Gleixner
2014-09-12 4:44 ` H. Peter Anvin
2014-09-12 4:44 ` H. Peter Anvin
2014-09-12 13:10 ` Thomas Gleixner
2014-09-12 13:10 ` Thomas Gleixner
2014-09-12 13:39 ` H. Peter Anvin
2014-09-12 13:39 ` H. Peter Anvin
2014-09-12 17:48 ` Thomas Gleixner
2014-09-12 17:48 ` Thomas Gleixner
2014-09-12 17:52 ` Thomas Gleixner
2014-09-12 17:52 ` Thomas Gleixner
2014-09-12 19:07 ` H. Peter Anvin
2014-09-12 19:07 ` H. Peter Anvin
2014-09-11 8:46 ` [PATCH v8 08/10] x86, mpx: add prctl commands PR_MPX_REGISTER, PR_MPX_UNREGISTER Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 15:03 ` Dave Hansen
2014-09-11 15:03 ` Dave Hansen
2014-09-12 3:10 ` Ren, Qiaowei
2014-09-12 3:10 ` Ren, Qiaowei
2014-09-11 23:28 ` Thomas Gleixner
2014-09-11 23:28 ` Thomas Gleixner
2014-09-12 0:10 ` Dave Hansen
2014-09-12 0:10 ` Dave Hansen
2014-09-12 8:11 ` Thomas Gleixner
2014-09-12 8:11 ` Thomas Gleixner
2014-09-12 9:24 ` Thomas Gleixner
2014-09-12 9:24 ` Thomas Gleixner
2014-09-12 14:36 ` Dave Hansen
2014-09-12 14:36 ` Dave Hansen
2014-09-12 17:34 ` Thomas Gleixner
2014-09-12 17:34 ` Thomas Gleixner
2014-09-12 18:42 ` Thomas Gleixner
2014-09-12 18:42 ` Thomas Gleixner
2014-09-12 20:35 ` Dave Hansen
2014-09-12 20:35 ` Dave Hansen
2014-09-12 20:18 ` Dave Hansen
2014-09-12 20:18 ` Dave Hansen
2014-09-13 9:01 ` Thomas Gleixner
2014-09-13 9:01 ` Thomas Gleixner
2014-09-12 15:22 ` Dave Hansen
2014-09-12 15:22 ` Dave Hansen
2014-09-12 17:42 ` Thomas Gleixner
2014-09-12 17:42 ` Thomas Gleixner
2014-09-12 20:33 ` Dave Hansen
2014-09-12 20:33 ` Dave Hansen
2014-09-15 0:00 ` One Thousand Gnomes
2014-09-15 0:00 ` One Thousand Gnomes
2014-09-16 3:20 ` Ren, Qiaowei
2014-09-16 3:20 ` Ren, Qiaowei
2014-09-16 4:17 ` Dave Hansen
2014-09-16 4:17 ` Dave Hansen
2014-09-16 7:50 ` Kevin Easton
2014-09-16 7:50 ` Kevin Easton
2014-09-18 0:40 ` Ren, Qiaowei
2014-09-18 0:40 ` Ren, Qiaowei
2014-09-18 3:23 ` Kevin Easton
2014-09-18 3:23 ` Kevin Easton
2014-09-18 2:37 ` Ren, Qiaowei
2014-09-18 2:37 ` Ren, Qiaowei
2014-09-18 4:43 ` Dave Hansen
2014-09-18 4:43 ` Dave Hansen
2014-09-18 7:17 ` Kevin Easton
2014-09-18 7:17 ` Kevin Easton
2014-09-18 6:20 ` Dave Hansen
2014-09-18 6:20 ` Dave Hansen
2014-09-11 8:46 ` [PATCH v8 09/10] x86, mpx: cleanup unused bound tables Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-11 14:59 ` Dave Hansen
2014-09-11 14:59 ` Dave Hansen
2014-09-12 3:02 ` Ren, Qiaowei
2014-09-12 3:02 ` Ren, Qiaowei
2014-09-12 4:59 ` Dave Hansen
2014-09-12 4:59 ` Dave Hansen
2014-09-15 20:53 ` Dave Hansen
2014-09-15 20:53 ` Dave Hansen
2014-09-16 8:06 ` Ren, Qiaowei
2014-09-16 8:06 ` Ren, Qiaowei
2014-09-11 8:46 ` [PATCH v8 10/10] x86, mpx: add documentation on Intel MPX Qiaowei Ren
2014-09-11 8:46 ` Qiaowei Ren
2014-09-12 0:51 ` [PATCH v8 00/10] Intel MPX support Dave Hansen
2014-09-12 0:51 ` Dave Hansen
2014-09-12 19:21 ` Thomas Gleixner
2014-09-12 19:21 ` Thomas Gleixner
2014-09-12 21:23 ` Dave Hansen
2014-09-12 21:23 ` Dave Hansen
2014-09-13 9:25 ` Thomas Gleixner
2014-09-13 9:25 ` Thomas Gleixner
2014-09-12 21:31 ` Dave Hansen [this message]
2014-09-12 21:31 ` Dave Hansen
2014-09-12 22:08 ` Dave Hansen
2014-09-12 22:08 ` Dave Hansen
2014-09-13 9:39 ` Thomas Gleixner
2014-09-13 9:39 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54136617.8070203@intel.com \
--to=dave.hansen@intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=qiaowei.ren@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.