Re: [PATCH v3 5/6] x86/alternative: Use a single access in text_poke() where possible

From: Jason Baron <jbaron@akamai.com>
To: Josh Poimboeuf <jpoimboe@redhat.com>,
	Alexandre Chartre <alexandre.chartre@oracle.com>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Nadav Amit <namit@vmware.com>, X86 ML <x86@kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Jiri Kosina <jkosina@suse.cz>,
	David Laight <David.Laight@ACULAB.COM>,
	Borislav Petkov <bp@alien8.de>, Julia Cartwright <julia@ni.com>,
	Jessica Yu <jeyu@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
	Rasmus Villemoes <linux@rasmusvillemoes.dk>,
	Edward Cree <ecree@solarflare.com>,
	Daniel Bristot de Oliveira <bristot@redhat.com>
Subject: Re: [PATCH v3 5/6] x86/alternative: Use a single access in text_poke() where possible
Date: Fri, 11 Jan 2019 12:41:08 -0500	[thread overview]
Message-ID: <d9b1c9b7-ae7b-80df-7b2f-19721f3460cf@akamai.com> (raw)
In-Reply-To: <20190111165752.z6e2dfktj2caqi4n@treble>

On 1/11/19 11:57 AM, Josh Poimboeuf wrote:
> On Fri, Jan 11, 2019 at 05:46:36PM +0100, Alexandre Chartre wrote:
>>
>>
>> On 01/11/2019 04:28 PM, Josh Poimboeuf wrote:
>>> On Fri, Jan 11, 2019 at 01:10:52PM +0100, Alexandre Chartre wrote:
>>>> To avoid any issue with live patching the call instruction, what about
>>>> toggling between two call instructions: one would be the currently active
>>>> call, while the other would currently be inactive but to be used after a
>>>> change is made. You can safely patch the inactive call and then toggle
>>>> the call flow (using a jump label) between the active and inactive calls.
>>>>
>>>> So instead of having a single call instruction:
>>>>
>>>> 	call function
>>>>
>>>> You would have:
>>>>
>>>> 	STATIC_JUMP_IF_TRUE label, key
>>>> 	call function1
>>>> 	jmp done
>>>> label:
>>>> 	call function2
>>>> done:
>>>>
>>>> If the key is set so that function1 is currently called then you can
>>>> safely update the call instruction for function2. Once this is done,
>>>> just flip the key to make the function2 call active. On a next update,
>>>> you would, of course, have to switch and update the call for function1.
>>>
>>> What about the following race?
>>>
>>> CPU1						CPU2
>>> static key is false, doesn't jump
>>> task gets preempted before calling function1
>>> 						change static key to true
>>> 						start patching "call function1"
>>> task resumes, sees inconsistent call instruction
>>>
>>
>> If the function1 call is active then it won't be changed, you will change
>> function2. However, I presume you can still have a race but if the function
>> is changed twice before calling function1:
>>
>> CPU1						CPU2
>> static key is false, doesn't jump
>> task gets preempted before calling function1
>>                                                 -- first function change --
>>                                                 patch "call function2"
>>                                                 change static key to true
>>                                                 -- second function change --
>>                                                 start patching "call function1"
>> task resumes, sees inconsistent call instruction
>>
>> So right, that's a problem.
> 
> Right, that's what I meant to say :-)
> 

could you use something like synchronize_rcu_tasks() between successive
updates to guarantee nobody's stuck in the middle of the call
instruction update? Yes its really slow but the update path is slow anyways.

Thanks,

-Jason