From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933360AbcAKXJt (ORCPT ); Mon, 11 Jan 2016 18:09:49 -0500 Received: from mail-ob0-f194.google.com ([209.85.214.194]:36531 "EHLO mail-ob0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756874AbcAKXJr (ORCPT ); Mon, 11 Jan 2016 18:09:47 -0500 MIME-Version: 1.0 In-Reply-To: References: <3a259f1cce4a3c309c2f81df715f8c2c9bb80015.1452297867.git.tony.luck@intel.com> Date: Mon, 11 Jan 2016 18:09:46 -0500 Message-ID: Subject: Re: [PATCH v8 1/3] x86: Expand exception table to allow new handling options From: Brian Gerst To: Andy Lutomirski Cc: Dan Williams , Borislav Petkov , X86 ML , "linux-mm@kvack.org" , Robert , Andrew Morton , Tony Luck , Ingo Molnar , "linux-kernel@vger.kernel.org" , linux-nvdimm Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 9, 2016 at 1:36 AM, Andy Lutomirski wrote: > On Jan 8, 2016 8:31 PM, "Brian Gerst" wrote: >> >> On Fri, Jan 8, 2016 at 10:39 PM, Brian Gerst wrote: >> > On Fri, Jan 8, 2016 at 8:52 PM, Andy Lutomirski wrote: >> >> On Fri, Jan 8, 2016 at 12:49 PM, Tony Luck wrote: >> >>> Huge amounts of help from Andy Lutomirski and Borislav Petkov to >> >>> produce this. Andy provided the inspiration to add classes to the >> >>> exception table with a clever bit-squeezing trick, Boris pointed >> >>> out how much cleaner it would all be if we just had a new field. >> >>> >> >>> Linus Torvalds blessed the expansion with: >> >>> I'd rather not be clever in order to save just a tiny amount of space >> >>> in the exception table, which isn't really criticial for anybody. >> >>> >> >>> The third field is a simple integer indexing into an array of handler >> >>> functions (I thought it couldn't be a relative pointer like the other >> >>> fields because a module may have its ex_table loaded more than 2GB away >> >>> from the handler function - but that may not be actually true. But the >> >>> integer is pretty flexible, we are only really using low two bits now). >> >>> >> >>> We start out with three handlers: >> >>> >> >>> 0: Legacy - just jumps the to fixup IP >> >>> 1: Fault - provide the trap number in %ax to the fixup code >> >>> 2: Cleaned up legacy for the uaccess error hack >> >> >> >> I think I preferred the relative function pointer approach. >> >> >> >> Also, I think it would be nicer if the machine check code would invoke >> >> the handler regardless of which handler (or class) is selected. Then >> >> the handlers that don't want to handle #MC can just reject them. >> >> >> >> Also, can you make the handlers return bool instead of int? >> > >> > I'm hashing up an idea that could eliminate alot of text in the .fixup >> > section, but it needs the integer handler method to work. We have >> > alot of fixup code that does "mov $-EFAULT, reg; jmp xxxx". If we >> > encode the register in the third word, the handler can be generic and >> > no fixup code for each user access would be needed. That would >> > recover alot of the memory used by expanding the exception table. >> >> On second thought, this could still be implemented with a relative >> function pointer. We'd just need a separate function for each >> register. >> > > If we could get gcc to play along (which, IIRC, it already can for > __put_user), we can do much better with jump labels -- the fixup > target would be a jump label. > > Even without that, how about using @cc? Do: > > clc > mov whatever, wherever > > The fixup sets the carry flag and skips the faulting instruction > (either by knowing the length or by decoding it), and the inline asm > causes gcc to emit jc to the error logic. > > --Andy I agree that for at least put_user() using asm goto would be an even better option. get_user() on the other hand, will be much messier to deal with, since asm goto statements can't have outputs, plus it zeroes the output register on fault. -- Brian Gerst From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-f49.google.com (mail-oi0-f49.google.com [209.85.218.49]) by kanga.kvack.org (Postfix) with ESMTP id EE3B8680F7F for ; Mon, 11 Jan 2016 18:09:47 -0500 (EST) Received: by mail-oi0-f49.google.com with SMTP id k206so61457117oia.1 for ; Mon, 11 Jan 2016 15:09:47 -0800 (PST) Received: from mail-ob0-x244.google.com (mail-ob0-x244.google.com. [2607:f8b0:4003:c01::244]) by mx.google.com with ESMTPS id x83si54921236oig.53.2016.01.11.15.09.47 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Jan 2016 15:09:47 -0800 (PST) Received: by mail-ob0-x244.google.com with SMTP id q2so34224795obl.1 for ; Mon, 11 Jan 2016 15:09:47 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: <3a259f1cce4a3c309c2f81df715f8c2c9bb80015.1452297867.git.tony.luck@intel.com> Date: Mon, 11 Jan 2016 18:09:46 -0500 Message-ID: Subject: Re: [PATCH v8 1/3] x86: Expand exception table to allow new handling options From: Brian Gerst Content-Type: text/plain; charset=UTF-8 Sender: owner-linux-mm@kvack.org List-ID: To: Andy Lutomirski Cc: Dan Williams , Borislav Petkov , X86 ML , "linux-mm@kvack.org" , Robert , Andrew Morton , Tony Luck , Ingo Molnar , "linux-kernel@vger.kernel.org" , linux-nvdimm On Sat, Jan 9, 2016 at 1:36 AM, Andy Lutomirski wrote: > On Jan 8, 2016 8:31 PM, "Brian Gerst" wrote: >> >> On Fri, Jan 8, 2016 at 10:39 PM, Brian Gerst wrote: >> > On Fri, Jan 8, 2016 at 8:52 PM, Andy Lutomirski wrote: >> >> On Fri, Jan 8, 2016 at 12:49 PM, Tony Luck wrote: >> >>> Huge amounts of help from Andy Lutomirski and Borislav Petkov to >> >>> produce this. Andy provided the inspiration to add classes to the >> >>> exception table with a clever bit-squeezing trick, Boris pointed >> >>> out how much cleaner it would all be if we just had a new field. >> >>> >> >>> Linus Torvalds blessed the expansion with: >> >>> I'd rather not be clever in order to save just a tiny amount of space >> >>> in the exception table, which isn't really criticial for anybody. >> >>> >> >>> The third field is a simple integer indexing into an array of handler >> >>> functions (I thought it couldn't be a relative pointer like the other >> >>> fields because a module may have its ex_table loaded more than 2GB away >> >>> from the handler function - but that may not be actually true. But the >> >>> integer is pretty flexible, we are only really using low two bits now). >> >>> >> >>> We start out with three handlers: >> >>> >> >>> 0: Legacy - just jumps the to fixup IP >> >>> 1: Fault - provide the trap number in %ax to the fixup code >> >>> 2: Cleaned up legacy for the uaccess error hack >> >> >> >> I think I preferred the relative function pointer approach. >> >> >> >> Also, I think it would be nicer if the machine check code would invoke >> >> the handler regardless of which handler (or class) is selected. Then >> >> the handlers that don't want to handle #MC can just reject them. >> >> >> >> Also, can you make the handlers return bool instead of int? >> > >> > I'm hashing up an idea that could eliminate alot of text in the .fixup >> > section, but it needs the integer handler method to work. We have >> > alot of fixup code that does "mov $-EFAULT, reg; jmp xxxx". If we >> > encode the register in the third word, the handler can be generic and >> > no fixup code for each user access would be needed. That would >> > recover alot of the memory used by expanding the exception table. >> >> On second thought, this could still be implemented with a relative >> function pointer. We'd just need a separate function for each >> register. >> > > If we could get gcc to play along (which, IIRC, it already can for > __put_user), we can do much better with jump labels -- the fixup > target would be a jump label. > > Even without that, how about using @cc? Do: > > clc > mov whatever, wherever > > The fixup sets the carry flag and skips the faulting instruction > (either by knowing the length or by decoding it), and the inline asm > causes gcc to emit jc to the error logic. > > --Andy I agree that for at least put_user() using asm goto would be an even better option. get_user() on the other hand, will be much messier to deal with, since asm goto statements can't have outputs, plus it zeroes the output register on fault. -- Brian Gerst -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org