From: Nick Desaulniers <ndesaulniers@google.com>
To: Sean Christopherson <seanjc@google.com>
Cc: kernel test robot <lkp@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Nathan Chancellor <nathan@kernel.org>,
llvm@lists.linux.dev, kbuild-all@lists.01.org,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>,
Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org
Subject: Re: [PATCH 3/5] KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
Date: Tue, 1 Feb 2022 11:53:28 -0800 [thread overview]
Message-ID: <CAKwvOdkieUPcXgu4_GNmD_wpH5z2mzuDL+FTxRAQ4EqeF-WbvA@mail.gmail.com> (raw)
In-Reply-To: <YfmNr8OjOWvsQBKx@google.com>
On Tue, Feb 1, 2022 at 11:44 AM Sean Christopherson <seanjc@google.com> wrote:
>
> On Tue, Feb 01, 2022, kernel test robot wrote:
> > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > All errors (new ones prefixed by >>):
> >
> > In file included from arch/x86/kvm/mmu/mmu.c:4246:
> > >> arch/x86/kvm/mmu/paging_tmpl.h:244:9: error: invalid output size for constraint '+a'
> > ret = __try_cmpxchg_user(ptep_user, &orig_pte, pte, fault);
> > ^
> > arch/x86/include/asm/uaccess.h:629:11: note: expanded from macro '__try_cmpxchg_user'
> > __ret = !unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label); \
> > ^
> > arch/x86/include/asm/uaccess.h:606:18: note: expanded from macro 'unsafe_try_cmpxchg_user'
> > case 1: __ret = __try_cmpxchg_user_asm("b", "q", \
> > ^
> > arch/x86/include/asm/uaccess.h:467:22: note: expanded from macro '__try_cmpxchg_user_asm'
> > [old] "+a" (__old) \
>
> #$*&(#$ clang.
>
> clang isn't smart enough to avoid compiling the impossible conditions it will
> throw away in the end, i.e. it compiles all cases given:
>
> switch (8) {
> case 1:
> case 2:
> case 4:
> case 8:
> }
This is because Clang generally handles diagnostics, while LLVM
handles optimizations, in a pipeline, in that order. In order to know
not to emit a diagnostic, optimizations need to be run. Do you prefer
that diagnostics only get emitted for code not optimized out? In this
case, yes, but in others folks could reasonably desire the others.
Sorry, but this is a BIG architectural difference between compilers.
(FWIW; I've personally implemented warnings in clang that don't work
that way. The tradeoff is excessive memory usage and work during
compile time to basically pessimistically emit the equivalent of debug
info, and do all the work that entails keeping it up to date as you
transform the code, even if it may never trigger a warning. Changing
all diagnostics to work that way would be tantamount to rewriting most
of the frontend and would be slower and use more memory at runtime).
>
> I can fudge around that by casting the pointer, which I don't think can go sideways
> if the pointer value is a signed type?
>
> @@ -604,15 +602,15 @@ extern void __try_cmpxchg_user_wrong_size(void);
> bool __ret; \
> switch (sizeof(*(_ptr))) { \
> case 1: __ret = __try_cmpxchg_user_asm("b", "q", \
> - (_ptr), (_oldp), \
> + (u8 *)(_ptr), (_oldp), \
> (_nval), _label); \
> break; \
> case 2: __ret = __try_cmpxchg_user_asm("w", "r", \
> - (_ptr), (_oldp), \
> + (u16 *)(_ptr), (_oldp), \
> (_nval), _label); \
> break; \
> case 4: __ret = __try_cmpxchg_user_asm("l", "r", \
> - (_ptr), (_oldp), \
> + (u32 *)(_ptr), (_oldp), \
> (_nval), _label); \
> break; \
> case 8: __ret = __try_cmpxchg64_user_asm((_ptr), (_oldp), \
>
>
> clang also lacks the intelligence to realize that it can/should use a single
> register for encoding the memory operand and consumes both ESI and EDI, leaving
> no register for the __err "+r" param in __try_cmpxchg64_user_asm(). That can be
> avoided by open coding CC_SET and using a single output register for both the
> result and the -EFAULT error path.
--
Thanks,
~Nick Desaulniers
WARNING: multiple messages have this Message-ID (diff)
From: Nick Desaulniers <ndesaulniers@google.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH 3/5] KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
Date: Tue, 01 Feb 2022 11:53:28 -0800 [thread overview]
Message-ID: <CAKwvOdkieUPcXgu4_GNmD_wpH5z2mzuDL+FTxRAQ4EqeF-WbvA@mail.gmail.com> (raw)
In-Reply-To: <YfmNr8OjOWvsQBKx@google.com>
[-- Attachment #1: Type: text/plain, Size: 4453 bytes --]
On Tue, Feb 1, 2022 at 11:44 AM Sean Christopherson <seanjc@google.com> wrote:
>
> On Tue, Feb 01, 2022, kernel test robot wrote:
> > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > All errors (new ones prefixed by >>):
> >
> > In file included from arch/x86/kvm/mmu/mmu.c:4246:
> > >> arch/x86/kvm/mmu/paging_tmpl.h:244:9: error: invalid output size for constraint '+a'
> > ret = __try_cmpxchg_user(ptep_user, &orig_pte, pte, fault);
> > ^
> > arch/x86/include/asm/uaccess.h:629:11: note: expanded from macro '__try_cmpxchg_user'
> > __ret = !unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label); \
> > ^
> > arch/x86/include/asm/uaccess.h:606:18: note: expanded from macro 'unsafe_try_cmpxchg_user'
> > case 1: __ret = __try_cmpxchg_user_asm("b", "q", \
> > ^
> > arch/x86/include/asm/uaccess.h:467:22: note: expanded from macro '__try_cmpxchg_user_asm'
> > [old] "+a" (__old) \
>
> #$*&(#$ clang.
>
> clang isn't smart enough to avoid compiling the impossible conditions it will
> throw away in the end, i.e. it compiles all cases given:
>
> switch (8) {
> case 1:
> case 2:
> case 4:
> case 8:
> }
This is because Clang generally handles diagnostics, while LLVM
handles optimizations, in a pipeline, in that order. In order to know
not to emit a diagnostic, optimizations need to be run. Do you prefer
that diagnostics only get emitted for code not optimized out? In this
case, yes, but in others folks could reasonably desire the others.
Sorry, but this is a BIG architectural difference between compilers.
(FWIW; I've personally implemented warnings in clang that don't work
that way. The tradeoff is excessive memory usage and work during
compile time to basically pessimistically emit the equivalent of debug
info, and do all the work that entails keeping it up to date as you
transform the code, even if it may never trigger a warning. Changing
all diagnostics to work that way would be tantamount to rewriting most
of the frontend and would be slower and use more memory at runtime).
>
> I can fudge around that by casting the pointer, which I don't think can go sideways
> if the pointer value is a signed type?
>
> @@ -604,15 +602,15 @@ extern void __try_cmpxchg_user_wrong_size(void);
> bool __ret; \
> switch (sizeof(*(_ptr))) { \
> case 1: __ret = __try_cmpxchg_user_asm("b", "q", \
> - (_ptr), (_oldp), \
> + (u8 *)(_ptr), (_oldp), \
> (_nval), _label); \
> break; \
> case 2: __ret = __try_cmpxchg_user_asm("w", "r", \
> - (_ptr), (_oldp), \
> + (u16 *)(_ptr), (_oldp), \
> (_nval), _label); \
> break; \
> case 4: __ret = __try_cmpxchg_user_asm("l", "r", \
> - (_ptr), (_oldp), \
> + (u32 *)(_ptr), (_oldp), \
> (_nval), _label); \
> break; \
> case 8: __ret = __try_cmpxchg64_user_asm((_ptr), (_oldp), \
>
>
> clang also lacks the intelligence to realize that it can/should use a single
> register for encoding the memory operand and consumes both ESI and EDI, leaving
> no register for the __err "+r" param in __try_cmpxchg64_user_asm(). That can be
> avoided by open coding CC_SET and using a single output register for both the
> result and the -EFAULT error path.
--
Thanks,
~Nick Desaulniers
next prev parent reply other threads:[~2022-02-01 19:53 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-01 1:08 [PATCH 0/5] x86: uaccess CMPXCHG + KVM bug fixes Sean Christopherson
2022-02-01 1:08 ` [PATCH 1/5] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug Sean Christopherson
2022-02-01 20:16 ` Nick Desaulniers
2022-02-01 20:56 ` Sean Christopherson
2022-02-01 21:15 ` Nick Desaulniers
2022-02-01 1:08 ` [PATCH 2/5] x86/uaccess: Implement macros for CMPXCHG on user addresses Sean Christopherson
2022-02-01 1:08 ` [PATCH 3/5] KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Sean Christopherson
2022-02-01 7:01 ` kernel test robot
2022-02-01 7:01 ` kernel test robot
2022-02-01 19:44 ` Sean Christopherson
2022-02-01 19:44 ` Sean Christopherson
2022-02-01 19:53 ` Nick Desaulniers [this message]
2022-02-01 19:53 ` Nick Desaulniers
2022-02-01 13:25 ` kernel test robot
2022-02-01 13:25 ` kernel test robot
2022-02-01 1:08 ` [PATCH 4/5] KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses Sean Christopherson
2022-02-01 9:25 ` kernel test robot
2022-02-01 9:25 ` kernel test robot
2022-02-01 1:08 ` [PATCH 5/5] KVM: x86: Bail to userspace if emulation of atomic user access faults Sean Christopherson
2022-02-01 17:09 ` [PATCH 0/5] x86: uaccess CMPXCHG + KVM bug fixes Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKwvOdkieUPcXgu4_GNmD_wpH5z2mzuDL+FTxRAQ4EqeF-WbvA@mail.gmail.com \
--to=ndesaulniers@google.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kbuild-all@lists.01.org \
--cc=kvm@vger.kernel.org \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=nathan@kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.