From: Dan Williams <dan.j.williams@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Fenghua Yu <fenghua.yu@intel.com>, X86 ML <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
linux-nvdimm <linux-nvdimm@lists.01.org>,
Linux MM <linux-mm@kvack.org>,
linux-kselftest@vger.kernel.org,
Greg KH <gregkh@linuxfoundation.org>
Subject: Re: [PATCH V3 04/10] x86/pks: Preserve the PKRS MSR on context switch
Date: Fri, 18 Dec 2020 13:58:09 -0800 [thread overview]
Message-ID: <CAPcyv4gqm5p+pVmX4JL0fT2LY0dfoT+UXAfsGLA9LMr42vp33A@mail.gmail.com> (raw)
In-Reply-To: <875z4yrfhr.fsf@nanos.tec.linutronix.de>
On Fri, Dec 18, 2020 at 1:06 PM Thomas Gleixner <tglx@linutronix.de> wrote:
>
> On Fri, Dec 18 2020 at 11:20, Dan Williams wrote:
> > On Fri, Dec 18, 2020 at 5:58 AM Thomas Gleixner <tglx@linutronix.de> wrote:
> > [..]
> >> 5) The DAX case which you made "work" with dev_access_enable() and
> >> dev_access_disable(), i.e. with yet another lazy approach of
> >> avoiding to change a handful of usage sites.
> >>
> >> The use cases are strictly context local which means the global
> >> magic is not used at all. Why does it exist in the first place?
> >>
> >> Aside of that this global thing would never work at all because the
> >> refcounting is per thread and not global.
> >>
> >> So that DAX use case is just a matter of:
> >>
> >> grant/revoke_access(DEV_PKS_KEY, READ/WRITE)
> >>
> >> which is effective for the current execution context and really
> >> wants to be a distinct READ/WRITE protection and not the magic
> >> global thing which just has on/off. All usage sites know whether
> >> they want to read or write.
> >
> > I was tracking and nodding until this point. Yes, kill the global /
> > kmap() support, but if grant/revoke_access is not integrated behind
> > kmap_{local,atomic}() then it's not a "handful" of sites that need to
> > be instrumented it's 100s. Are you suggesting that "relaxed" mode
> > enforcement is a way to distribute the work of teaching driver writers
> > that they need to incorporate explicit grant/revoke-read/write in
> > addition to kmap? The entire reason PTE_DEVMAP exists was to allow
> > get_user_pages() for PMEM and not require every downstream-GUP code
> > path to specifically consider whether it was talking to PMEM or RAM
> > pages, and certainly not whether they were reading or writing to it.
>
> kmap_local() is fine. That can work automatically because it's strict
> local to the context which does the mapping.
>
> kmap() is dubious because it's a 'global' mapping as dictated per
> HIGHMEM. So doing the RELAXED mode for kmap() is sensible I think to
> identify cases where the mapped address is really handed to a different
> execution context. We want to see those cases and analyse whether this
> can't be solved in a different way. That's why I suggested to do a
> warning in that case.
>
> Also vs. the DAX use case I really meant the code in fs/dax and
> drivers/dax/ itself which is handling this via dax_read_[un]lock.
>
> Does that make more sense?
Yup, got it. The dax code can be precise wrt to PKS in a way that
kmap_local() cannot.
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: Dan Williams <dan.j.williams@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: "Weiny, Ira" <ira.weiny@intel.com>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Fenghua Yu <fenghua.yu@intel.com>, X86 ML <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
linux-nvdimm <linux-nvdimm@lists.01.org>,
Linux MM <linux-mm@kvack.org>,
linux-kselftest@vger.kernel.org,
Greg KH <gregkh@linuxfoundation.org>
Subject: Re: [PATCH V3 04/10] x86/pks: Preserve the PKRS MSR on context switch
Date: Fri, 18 Dec 2020 13:58:09 -0800 [thread overview]
Message-ID: <CAPcyv4gqm5p+pVmX4JL0fT2LY0dfoT+UXAfsGLA9LMr42vp33A@mail.gmail.com> (raw)
In-Reply-To: <875z4yrfhr.fsf@nanos.tec.linutronix.de>
On Fri, Dec 18, 2020 at 1:06 PM Thomas Gleixner <tglx@linutronix.de> wrote:
>
> On Fri, Dec 18 2020 at 11:20, Dan Williams wrote:
> > On Fri, Dec 18, 2020 at 5:58 AM Thomas Gleixner <tglx@linutronix.de> wrote:
> > [..]
> >> 5) The DAX case which you made "work" with dev_access_enable() and
> >> dev_access_disable(), i.e. with yet another lazy approach of
> >> avoiding to change a handful of usage sites.
> >>
> >> The use cases are strictly context local which means the global
> >> magic is not used at all. Why does it exist in the first place?
> >>
> >> Aside of that this global thing would never work at all because the
> >> refcounting is per thread and not global.
> >>
> >> So that DAX use case is just a matter of:
> >>
> >> grant/revoke_access(DEV_PKS_KEY, READ/WRITE)
> >>
> >> which is effective for the current execution context and really
> >> wants to be a distinct READ/WRITE protection and not the magic
> >> global thing which just has on/off. All usage sites know whether
> >> they want to read or write.
> >
> > I was tracking and nodding until this point. Yes, kill the global /
> > kmap() support, but if grant/revoke_access is not integrated behind
> > kmap_{local,atomic}() then it's not a "handful" of sites that need to
> > be instrumented it's 100s. Are you suggesting that "relaxed" mode
> > enforcement is a way to distribute the work of teaching driver writers
> > that they need to incorporate explicit grant/revoke-read/write in
> > addition to kmap? The entire reason PTE_DEVMAP exists was to allow
> > get_user_pages() for PMEM and not require every downstream-GUP code
> > path to specifically consider whether it was talking to PMEM or RAM
> > pages, and certainly not whether they were reading or writing to it.
>
> kmap_local() is fine. That can work automatically because it's strict
> local to the context which does the mapping.
>
> kmap() is dubious because it's a 'global' mapping as dictated per
> HIGHMEM. So doing the RELAXED mode for kmap() is sensible I think to
> identify cases where the mapped address is really handed to a different
> execution context. We want to see those cases and analyse whether this
> can't be solved in a different way. That's why I suggested to do a
> warning in that case.
>
> Also vs. the DAX use case I really meant the code in fs/dax and
> drivers/dax/ itself which is handling this via dax_read_[un]lock.
>
> Does that make more sense?
Yup, got it. The dax code can be precise wrt to PKS in a way that
kmap_local() cannot.
WARNING: multiple messages have this Message-ID (diff)
From: Dan Williams <dan.j.williams@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: "Weiny, Ira" <ira.weiny@intel.com>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Fenghua Yu <fenghua.yu@intel.com>, X86 ML <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
linux-nvdimm <linux-nvdimm@lists.01.org>,
Linux MM <linux-mm@kvack.org>,
linux-kselftest@vger.kernel.org,
Greg KH <gregkh@linuxfoundation.org>
Subject: Re: [PATCH V3 04/10] x86/pks: Preserve the PKRS MSR on context switch
Date: Fri, 18 Dec 2020 13:58:09 -0800 [thread overview]
Message-ID: <CAPcyv4gqm5p+pVmX4JL0fT2LY0dfoT+UXAfsGLA9LMr42vp33A@mail.gmail.com> (raw)
In-Reply-To: <875z4yrfhr.fsf@nanos.tec.linutronix.de>
On Fri, Dec 18, 2020 at 1:06 PM Thomas Gleixner <tglx@linutronix.de> wrote:
>
> On Fri, Dec 18 2020 at 11:20, Dan Williams wrote:
> > On Fri, Dec 18, 2020 at 5:58 AM Thomas Gleixner <tglx@linutronix.de> wrote:
> > [..]
> >> 5) The DAX case which you made "work" with dev_access_enable() and
> >> dev_access_disable(), i.e. with yet another lazy approach of
> >> avoiding to change a handful of usage sites.
> >>
> >> The use cases are strictly context local which means the global
> >> magic is not used at all. Why does it exist in the first place?
> >>
> >> Aside of that this global thing would never work at all because the
> >> refcounting is per thread and not global.
> >>
> >> So that DAX use case is just a matter of:
> >>
> >> grant/revoke_access(DEV_PKS_KEY, READ/WRITE)
> >>
> >> which is effective for the current execution context and really
> >> wants to be a distinct READ/WRITE protection and not the magic
> >> global thing which just has on/off. All usage sites know whether
> >> they want to read or write.
> >
> > I was tracking and nodding until this point. Yes, kill the global /
> > kmap() support, but if grant/revoke_access is not integrated behind
> > kmap_{local,atomic}() then it's not a "handful" of sites that need to
> > be instrumented it's 100s. Are you suggesting that "relaxed" mode
> > enforcement is a way to distribute the work of teaching driver writers
> > that they need to incorporate explicit grant/revoke-read/write in
> > addition to kmap? The entire reason PTE_DEVMAP exists was to allow
> > get_user_pages() for PMEM and not require every downstream-GUP code
> > path to specifically consider whether it was talking to PMEM or RAM
> > pages, and certainly not whether they were reading or writing to it.
>
> kmap_local() is fine. That can work automatically because it's strict
> local to the context which does the mapping.
>
> kmap() is dubious because it's a 'global' mapping as dictated per
> HIGHMEM. So doing the RELAXED mode for kmap() is sensible I think to
> identify cases where the mapped address is really handed to a different
> execution context. We want to see those cases and analyse whether this
> can't be solved in a different way. That's why I suggested to do a
> warning in that case.
>
> Also vs. the DAX use case I really meant the code in fs/dax and
> drivers/dax/ itself which is handling this via dax_read_[un]lock.
>
> Does that make more sense?
Yup, got it. The dax code can be precise wrt to PKS in a way that
kmap_local() cannot.
next prev parent reply other threads:[~2020-12-18 21:58 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-06 23:28 [PATCH V3 00/10] PKS: Add Protection Keys Supervisor (PKS) support V3 ira.weiny
2020-11-06 23:28 ` ira.weiny
2020-11-06 23:28 ` [PATCH V3 01/10] x86/pkeys: Create pkeys_common.h ira.weiny
2020-11-06 23:28 ` ira.weiny
2020-11-06 23:29 ` [PATCH V3 02/10] x86/fpu: Refactor arch_set_user_pkey_access() for PKS support ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-11-06 23:29 ` [PATCH V3 03/10] x86/pks: Add PKS defines and Kconfig options ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-11-06 23:29 ` [PATCH V3 04/10] x86/pks: Preserve the PKRS MSR on context switch ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-12-17 14:50 ` Thomas Gleixner
2020-12-17 14:50 ` Thomas Gleixner
2020-12-17 22:43 ` Thomas Gleixner
2020-12-17 22:43 ` Thomas Gleixner
2020-12-18 13:57 ` Thomas Gleixner
2020-12-18 13:57 ` Thomas Gleixner
2020-12-18 19:20 ` Dan Williams
2020-12-18 19:20 ` Dan Williams
2020-12-18 19:20 ` Dan Williams
2020-12-18 21:06 ` Thomas Gleixner
2020-12-18 21:06 ` Thomas Gleixner
2020-12-18 21:58 ` Dan Williams [this message]
2020-12-18 21:58 ` Dan Williams
2020-12-18 21:58 ` Dan Williams
2020-12-18 22:44 ` Thomas Gleixner
2020-12-18 22:44 ` Thomas Gleixner
2020-12-18 19:42 ` Ira Weiny
2020-12-18 19:42 ` Ira Weiny
2020-12-18 20:10 ` Dave Hansen
2020-12-18 20:10 ` Dave Hansen
2020-12-18 21:30 ` Thomas Gleixner
2020-12-18 21:30 ` Thomas Gleixner
2020-12-18 4:05 ` Ira Weiny
2020-12-18 4:05 ` Ira Weiny
2020-12-17 20:41 ` [NEEDS-REVIEW] " Dave Hansen
2020-12-17 20:41 ` Dave Hansen
2020-12-18 4:10 ` Ira Weiny
2020-12-18 4:10 ` Ira Weiny
2020-12-18 15:33 ` Dave Hansen
2020-12-18 15:33 ` Dave Hansen
2020-11-06 23:29 ` [PATCH V3 05/10] x86/entry: Pass irqentry_state_t by reference ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-11-15 18:58 ` Thomas Gleixner
2020-11-15 18:58 ` Thomas Gleixner
2020-11-16 18:49 ` Ira Weiny
2020-11-16 18:49 ` Ira Weiny
2020-11-16 20:36 ` Thomas Gleixner
2020-11-16 20:36 ` Thomas Gleixner
2020-11-24 6:09 ` [PATCH V3.1] entry: " ira.weiny
2020-11-24 6:09 ` ira.weiny
2020-12-11 22:14 ` Andy Lutomirski
2020-12-11 22:14 ` Andy Lutomirski
2020-12-11 22:14 ` Andy Lutomirski
2020-12-16 1:32 ` Ira Weiny
2020-12-16 1:32 ` Ira Weiny
2020-12-16 1:32 ` Ira Weiny
2020-12-16 2:09 ` Andy Lutomirski
2020-12-16 2:09 ` Andy Lutomirski
2020-12-16 2:09 ` Andy Lutomirski
2020-12-17 0:38 ` Ira Weiny
2020-12-17 0:38 ` Ira Weiny
2020-12-17 0:38 ` Ira Weiny
2020-12-17 13:07 ` Thomas Gleixner
2020-12-17 13:07 ` Thomas Gleixner
2020-12-17 13:07 ` Thomas Gleixner
2020-12-17 13:19 ` Peter Zijlstra
2020-12-17 13:19 ` Peter Zijlstra
2020-12-17 13:19 ` Peter Zijlstra
2020-12-17 15:35 ` Andy Lutomirski
2020-12-17 15:35 ` Andy Lutomirski
2020-12-17 15:35 ` Andy Lutomirski
2020-12-17 16:58 ` Thomas Gleixner
2020-12-17 16:58 ` Thomas Gleixner
2020-11-06 23:29 ` [PATCH V3 06/10] x86/entry: Preserve PKRS MSR across exceptions ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-12-17 15:28 ` Thomas Gleixner
2020-12-17 15:28 ` Thomas Gleixner
2020-11-06 23:29 ` [PATCH V3 07/10] x86/fault: Report the PKRS state on fault ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-11-06 23:29 ` [PATCH V3 08/10] x86/pks: Add PKS kernel API ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-12-23 20:39 ` Randy Dunlap
2020-12-23 20:39 ` Randy Dunlap
2020-11-06 23:29 ` [PATCH V3 09/10] x86/pks: Enable Protection Keys Supervisor (PKS) ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-11-06 23:29 ` [PATCH V3 10/10] x86/pks: Add PKS test code ira.weiny
2020-11-06 23:29 ` ira.weiny
2020-12-17 20:55 ` Dave Hansen
2020-12-17 20:55 ` Dave Hansen
2020-12-18 4:05 ` Ira Weiny
2020-12-18 4:05 ` Ira Weiny
2020-12-18 16:59 ` Dan Williams
2020-12-18 16:59 ` Dan Williams
2020-12-18 16:59 ` Dan Williams
2020-12-07 22:14 ` [PATCH V3 00/10] PKS: Add Protection Keys Supervisor (PKS) support V3 Ira Weiny
2020-12-07 22:14 ` Ira Weiny
2020-12-08 15:55 ` Thomas Gleixner
2020-12-08 15:55 ` Thomas Gleixner
2020-12-08 17:22 ` Ira Weiny
2020-12-08 17:22 ` Ira Weiny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPcyv4gqm5p+pVmX4JL0fT2LY0dfoT+UXAfsGLA9LMr42vp33A@mail.gmail.com \
--to=dan.j.williams@intel.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=fenghua.yu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nvdimm@lists.01.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.