From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79E1BC2BA19 for ; Tue, 21 Apr 2020 07:41:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 523862087E for ; Tue, 21 Apr 2020 07:41:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587454869; bh=Nbpcjvf4OfQ6/2rbNcF4XSAXJpyKzoe6+kQqdiYXyL8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=yvJC8SQpBcRnWqRsl4yqvdEm/nnqwXenmB09BK/aP+XESfxdGbVQlajAHwbbFROUp QTFxxi/MIkeivPOWsli4KdaqzJhPAhqh0k3T5lYXrZ3X1S7ziHpqfAEQxs1iufkehS Dk520R0+nMaExBmvI7/wffzIZpP25THn7Xo3kuoU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727118AbgDUHlI (ORCPT ); Tue, 21 Apr 2020 03:41:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:47812 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725992AbgDUHlI (ORCPT ); Tue, 21 Apr 2020 03:41:08 -0400 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 765932084D; Tue, 21 Apr 2020 07:41:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587454867; bh=Nbpcjvf4OfQ6/2rbNcF4XSAXJpyKzoe6+kQqdiYXyL8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ux6xM77N6e3zjcMhKqKkdPDzL8BNNWgNngXIeQat43yqC0nlQLUhfbDvC0IRskK4a lzXX4ZT/0h9u4DpM21iqQivITIIy8PZvfZnm9XI2slLBPWpJY6DkcnyZ0ZnL+Yq49u drScS8rGC++743FnPenRISkU6YuS2/Gft9+GbSfU= Date: Tue, 21 Apr 2020 08:41:02 +0100 From: Will Deacon To: Mark Rutland Cc: Alex Belits , "mingo@kernel.org" , "davem@davemloft.net" , "linux-api@vger.kernel.org" , "rostedt@goodmis.org" , "peterz@infradead.org" , "linux-arch@vger.kernel.org" , Prasun Kapoor , "catalin.marinas@arm.com" , "frederic@kernel.org" , "tglx@linutronix.de" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" Subject: Re: [EXT] Re: [PATCH v3 03/13] task_isolation: add instruction synchronization memory barrier Message-ID: <20200421074101.GA15021@willie-the-truck> References: <4473787e1b6bc3cc226067e8d122092a678b63de.camel@marvell.com> <07c25c246c55012981ec0296eee23e68c719333a.camel@marvell.com> <20200415124427.GB28304@C02TD0UTHF1T.local> <20200420122350.GB12889@willie-the-truck> <20200420123628.GB69441@C02TD0UTHF1T.local> <20200420135523.GA18711@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200420135523.GA18711@willie-the-truck> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-api-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-api@vger.kernel.org On Mon, Apr 20, 2020 at 02:55:23PM +0100, Will Deacon wrote: > On Mon, Apr 20, 2020 at 01:36:28PM +0100, Mark Rutland wrote: > > On Mon, Apr 20, 2020 at 01:23:51PM +0100, Will Deacon wrote: > > > IIUC, we don't need to do anything on arm64 because taking an exception acts > > > as a context synchronization event, so I don't think you should try to > > > expose this as a new barrier macro. Instead, just make it a pre-requisite > > > that architectures need to ensure this behaviour when entering the kernel > > > from userspace if they are to select HAVE_ARCH_TASK_ISOLATION. > > > > The CSE from the exception isn't sufficient here, because it needs to > > occur after the CPU has re-registered to receive IPIs for > > kick_all_cpus_sync(). Otherwise there's a window between taking the > > exception and re-registering where a necessary context synchronization > > event can be missed. e.g. > > > > CPU A CPU B > > [ Modifies some code ] > > [ enters exception ] > > [ D cache maintenance ] > > [ I cache maintenance ] > > [ IPI ] // IPI not taken > > ... [ register for IPI ] > > [ IPI completes ] > > [ execute stale code here ] > > Thanks. > > > However, I think 'IMB' is far too generic, and we should have an arch > > hook specific to task isolation, as it's far less likely to be abused as > > IMB will. > > What guarantees we don't run any unsynchronised module code between > exception entry and registering for the IPI? It seems like we'd want that > code to run as early as possible, e.g. as part of > task_isolation_user_exit() but that doesn't seem to be what's happening. Sorry, I guess that's more a question for Alex. Alex -- do you think we could move the "register for IPI" step earlier so that it's easier to reason about the code that runs in the dead zone during exception entry? Will