From: Michael Ellerman <mpe@ellerman.id.au>
To: "David Laight" <David.Laight@ACULAB.COM>,
"'Michal Suchánek'" <msuchanek@suse.de>,
"Petr Mladek" <pmladek@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
"linux-arch\@vger.kernel.org" <linux-arch@vger.kernel.org>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"linux-s390\@vger.kernel.org" <linux-s390@vger.kernel.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Michal Hocko <mhocko@suse.cz>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Stephen Rothwell <sfr@ozlabs.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
"linuxppc-dev\@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
"Tobin C . Harding" <me@tobin.cc>
Subject: RE: [PATCH] vsprintf: Do not break early boot with probing addresses
Date: Fri, 10 May 2019 20:21:02 +1000 [thread overview]
Message-ID: <87ef56vcdt.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <8ad8bb83b7034f7e92df12040fb8c2c2@AcuMS.aculab.com>
David Laight <David.Laight@ACULAB.COM> writes:
> From: Michal Suchánek
>> Sent: 09 May 2019 14:38
> ...
>> > The problem is the combination of some new code called via printk(),
>> > check_pointer() which calls probe_kernel_read(). That then calls
>> > allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early
>> > (before we've patched features).
>>
>> There is early_mmu_has_feature for this case. mmu_has_feature does not
>> work before patching so parts of kernel that can run before patching
>> must use the early_ variant which actually runs code reading the
>> feature bitmap to determine the answer.
>
> Does the early_ variant get patched so the it is reasonably
> efficient after the 'patching' is done?
No they don't get patched ever. The name is a bit misleading I guess.
> Or should there be a third version which gets patched across?
For a case like this it's entirely safe to just skip the code early in
boot, so if it was a static_key_false everything would just work.
Unfortunately the way the code is currently written we would have to
change all MMU features to static_key_false and that risks breaking
something else.
We have a long standing TODO to rework all our feature logic and unify
CPU/MMU/firmware/etc. features. Possibly as part of that we can come up
with a scheme where the default value is per-feature bit.
Having said all that, in this case the overhead of the test and branch
is small compared to the cost of writing to the SPR which controls user
access and then doing an isync, so it's all somewhat premature
optimisation.
cheers
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: "David Laight" <David.Laight@ACULAB.COM>,
"'Michal Suchánek'" <msuchanek@suse.de>,
"Petr Mladek" <pmladek@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Michal Hocko <mhocko@suse.cz>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Stephen Rothwell <sfr@ozlabs.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
"Tobin C . Harding" <me@tobin.cc>
Subject: RE: [PATCH] vsprintf: Do not break early boot with probing addresses
Date: Fri, 10 May 2019 20:21:02 +1000 [thread overview]
Message-ID: <87ef56vcdt.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <8ad8bb83b7034f7e92df12040fb8c2c2@AcuMS.aculab.com>
David Laight <David.Laight@ACULAB.COM> writes:
> From: Michal Suchánek
>> Sent: 09 May 2019 14:38
> ...
>> > The problem is the combination of some new code called via printk(),
>> > check_pointer() which calls probe_kernel_read(). That then calls
>> > allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early
>> > (before we've patched features).
>>
>> There is early_mmu_has_feature for this case. mmu_has_feature does not
>> work before patching so parts of kernel that can run before patching
>> must use the early_ variant which actually runs code reading the
>> feature bitmap to determine the answer.
>
> Does the early_ variant get patched so the it is reasonably
> efficient after the 'patching' is done?
No they don't get patched ever. The name is a bit misleading I guess.
> Or should there be a third version which gets patched across?
For a case like this it's entirely safe to just skip the code early in
boot, so if it was a static_key_false everything would just work.
Unfortunately the way the code is currently written we would have to
change all MMU features to static_key_false and that risks breaking
something else.
We have a long standing TODO to rework all our feature logic and unify
CPU/MMU/firmware/etc. features. Possibly as part of that we can come up
with a scheme where the default value is per-feature bit.
Having said all that, in this case the overhead of the test and branch
is small compared to the cost of writing to the SPR which controls user
access and then doing an isync, so it's all somewhat premature
optimisation.
cheers
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: "David Laight" <David.Laight@ACULAB.COM>,
"'Michal Suchánek'" <msuchanek@suse.de>,
"Petr Mladek" <pmladek@suse.com>
Cc: "linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Michal Hocko <mhocko@suse.cz>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Stephen Rothwell <sfr@ozlabs.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
"Tobin C . Harding" <me@tobin.cc>
Subject: RE: [PATCH] vsprintf: Do not break early boot with probing addresses
Date: Fri, 10 May 2019 20:21:02 +1000 [thread overview]
Message-ID: <87ef56vcdt.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <8ad8bb83b7034f7e92df12040fb8c2c2@AcuMS.aculab.com>
David Laight <David.Laight@ACULAB.COM> writes:
> From: Michal Suchánek
>> Sent: 09 May 2019 14:38
> ...
>> > The problem is the combination of some new code called via printk(),
>> > check_pointer() which calls probe_kernel_read(). That then calls
>> > allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early
>> > (before we've patched features).
>>
>> There is early_mmu_has_feature for this case. mmu_has_feature does not
>> work before patching so parts of kernel that can run before patching
>> must use the early_ variant which actually runs code reading the
>> feature bitmap to determine the answer.
>
> Does the early_ variant get patched so the it is reasonably
> efficient after the 'patching' is done?
No they don't get patched ever. The name is a bit misleading I guess.
> Or should there be a third version which gets patched across?
For a case like this it's entirely safe to just skip the code early in
boot, so if it was a static_key_false everything would just work.
Unfortunately the way the code is currently written we would have to
change all MMU features to static_key_false and that risks breaking
something else.
We have a long standing TODO to rework all our feature logic and unify
CPU/MMU/firmware/etc. features. Possibly as part of that we can come up
with a scheme where the default value is per-feature bit.
Having said all that, in this case the overhead of the test and branch
is small compared to the cost of writing to the SPR which controls user
access and then doing an isync, so it's all somewhat premature
optimisation.
cheers
next prev parent reply other threads:[~2019-05-10 10:21 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-09 12:19 [PATCH] vsprintf: Do not break early boot with probing addresses Petr Mladek
2019-05-09 12:19 ` Petr Mladek
2019-05-09 13:05 ` Andy Shevchenko
2019-05-09 13:05 ` Andy Shevchenko
2019-05-09 13:13 ` Steven Rostedt
2019-05-09 13:13 ` Steven Rostedt
2019-05-09 14:06 ` Petr Mladek
2019-05-09 14:06 ` Petr Mladek
2019-05-09 13:38 ` Michal Suchánek
2019-05-09 13:38 ` Michal Suchánek
2019-05-09 13:46 ` David Laight
2019-05-09 13:46 ` David Laight
2019-05-10 10:21 ` Michael Ellerman [this message]
2019-05-10 10:21 ` Michael Ellerman
2019-05-10 10:21 ` Michael Ellerman
2019-05-10 4:32 ` Sergey Senozhatsky
2019-05-10 4:32 ` Sergey Senozhatsky
2019-05-10 4:47 ` Linus Torvalds
2019-05-10 5:07 ` Sergey Senozhatsky
2019-05-10 5:07 ` Sergey Senozhatsky
2019-05-10 6:41 ` Michael Ellerman
2019-05-10 6:41 ` Michael Ellerman
2019-05-10 6:41 ` Michael Ellerman
2019-05-10 6:41 ` Michael Ellerman
2019-05-10 8:06 ` Petr Mladek
2019-05-10 8:06 ` Petr Mladek
2019-05-10 8:16 ` Sergey Senozhatsky
2019-05-10 8:16 ` Sergey Senozhatsky
2019-05-10 8:42 ` Petr Mladek
2019-05-10 8:42 ` Petr Mladek
2019-05-10 8:51 ` Sergey Senozhatsky
2019-05-10 8:51 ` Sergey Senozhatsky
2019-05-10 14:49 ` Petr Mladek
2019-05-10 14:49 ` Petr Mladek
2019-05-10 16:24 ` Steven Rostedt
2019-05-10 16:24 ` Steven Rostedt
2019-05-10 16:32 ` Martin Schwidefsky
2019-05-10 16:32 ` Martin Schwidefsky
2019-05-10 16:40 ` Steven Rostedt
2019-05-10 16:40 ` Steven Rostedt
2019-05-10 16:45 ` Martin Schwidefsky
2019-05-10 16:45 ` Martin Schwidefsky
2019-05-13 12:24 ` Petr Mladek
2019-05-13 12:24 ` Petr Mladek
2019-05-10 16:41 ` Andy Shevchenko
2019-05-10 16:41 ` Andy Shevchenko
2019-05-10 17:35 ` christophe leroy
2019-05-10 17:35 ` christophe leroy
2019-05-13 8:52 ` David Laight
2019-05-13 8:52 ` David Laight
2019-05-13 9:13 ` Andy Shevchenko
2019-05-13 9:13 ` Andy Shevchenko
2019-05-13 9:13 ` Andy Shevchenko
2019-05-13 12:42 ` Petr Mladek
2019-05-13 12:42 ` Petr Mladek
2019-05-13 12:42 ` Petr Mladek
2019-05-13 14:15 ` Steven Rostedt
2019-05-13 14:15 ` Steven Rostedt
2019-05-13 14:15 ` Steven Rostedt
2019-05-14 2:07 ` Sergey Senozhatsky
2019-05-14 2:07 ` Sergey Senozhatsky
2019-05-14 2:07 ` Sergey Senozhatsky
2019-05-14 2:25 ` Sergey Senozhatsky
2019-05-14 2:25 ` Sergey Senozhatsky
2019-05-14 2:25 ` Sergey Senozhatsky
2019-05-14 8:28 ` David Laight
2019-05-14 8:28 ` David Laight
2019-05-14 8:28 ` David Laight
2019-05-14 9:02 ` Geert Uytterhoeven
2019-05-14 9:02 ` Geert Uytterhoeven
2019-05-14 9:02 ` Geert Uytterhoeven
2019-05-14 18:37 ` Steven Rostedt
2019-05-14 18:37 ` Steven Rostedt
2019-05-14 18:37 ` Steven Rostedt
2019-05-14 19:13 ` Geert Uytterhoeven
2019-05-14 19:13 ` Geert Uytterhoeven
2019-05-14 19:13 ` Geert Uytterhoeven
2019-05-14 19:35 ` Steven Rostedt
2019-05-14 19:35 ` Steven Rostedt
2019-05-14 19:35 ` Steven Rostedt
2019-05-15 7:23 ` Geert Uytterhoeven
2019-05-15 7:23 ` Geert Uytterhoeven
2019-05-15 7:23 ` Geert Uytterhoeven
2019-05-15 7:53 ` Petr Mladek
2019-05-15 7:53 ` Petr Mladek
2019-05-15 7:53 ` Petr Mladek
2019-05-15 6:21 ` Sergey Senozhatsky
2019-05-15 6:21 ` Sergey Senozhatsky
2019-05-15 6:21 ` Sergey Senozhatsky
2019-05-15 7:35 ` Petr Mladek
2019-05-15 7:35 ` Petr Mladek
2019-05-15 7:35 ` Petr Mladek
2019-05-15 9:00 ` David Laight
2019-05-15 9:00 ` David Laight
2019-05-15 9:00 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ef56vcdt.fsf@concordia.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=David.Laight@ACULAB.COM \
--cc=andriy.shevchenko@linux.intel.com \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=me@tobin.cc \
--cc=mhocko@suse.cz \
--cc=msuchanek@suse.de \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=schwidefsky@de.ibm.com \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=sfr@ozlabs.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.