User Interrupts Introduction
============================
User Interrupts (Uintr) is a hardware technology that enables delivering
interrupts directly to user space.
Today, virtually all communication across privilege boundaries happens by going
through the kernel. These include signals, pipes, remote procedure calls and
hardware interrupt based notifications. User interrupts provide the foundation
for more efficient (low latency and low CPU utilization) versions of these
common operations by avoiding transitions through the kernel.
In the User Interrupts hardware architecture, a receiver is always expected to
be a user space task. However, a user interrupt can be sent by another user
space task, kernel or an external source (like a device).
In addition to the general infrastructure to receive user interrupts, this
series introduces a single source: interrupts from another user task. These
are referred to as User IPIs.
The first implementation of User IPIs will be in the Intel processor code-named
Sapphire Rapids. Refer Chapter 11 of the Intel Architecture instruction set
extensions for details of the hardware architecture [1].
Series-reviewed-by: Tony Luck <[email protected]>
Main goals of this RFC
======================
- Introduce this upcoming technology to the community.
This cover letter includes a hardware architecture summary along with the
software architecture and kernel design choices. This post is a bit long as a
result. Hopefully, it helps answer more questions than it creates :) I am also
planning to talk about User Interrupts next week at the LPC Kernel summit.
- Discuss potential use cases.
We are starting to look at actual usages and libraries (like libevent[2] and
liburing[3]) that can take advantage of this technology. Unfortunately, we
don't have much to share on this right now. We need some help from the
community to identify usages that can benefit from this. We would like to make
sure the proposed APIs work for the eventual consumers.
- Get early feedback on the software architecture.
We are hoping to get some feedback on the direction of overall software
architecture - starting with User IPI, extending it for kernel-to-user
interrupt notifications and external interrupts in the future.
- Discuss some of the main architecture opens.
There is lot of work that still needs to happen to enable this technology. We
are looking for some input on future patches that would be of interest. Here
are some of the big opens that we are looking to resolve.
* Should Uintr interrupt all blocking system calls like sleep(), read(),
poll(), etc? If so, should we implement an SA_RESTART type of mechanism
similar to signals? - Refer Blocking for interrupts section below.
* Should the User Interrupt Target table (UITT) be shared between threads of a
multi-threaded application or maybe even across processes? - Refer Sharing
the UITT section below.
Why care about this? - Micro benchmark performance
==================================================
There is a ~9x or higher performance improvement using User IPI over other IPC
mechanisms for event signaling.
Below is the average normalized latency for a 1M ping-pong IPC notifications
with message size=1.
+------------+-------------------------+
| IPC type | Relative Latency |
| |(normalized to User IPI) |
+------------+-------------------------+
| User IPI | 1.0 |
| Signal | 14.8 |
| Eventfd | 9.7 |
| Pipe | 16.3 |
| Domain | 17.3 |
+------------+-------------------------+
Results have been estimated based on tests on internal hardware with Linux
v5.14 + User IPI patches.
Original benchmark: https://github.com/goldsborough/ipc-bench
Updated benchmark: https://github.com/intel/uintr-ipc-bench/tree/linux-rfc-v1
*Performance varies by use, configuration and other factors.
How it works underneath? - Hardware Summary
===========================================
User Interrupts is a posted interrupt delivery mechanism. The interrupts are
first posted to a memory location and then delivered to the receiver when they
are running with CPL=3.
Kernel managed architectural data structures
--------------------------------------------
UPID: User Posted Interrupt Descriptor - Holds receiver interrupt vector
information and notification state (like an ongoing notification, suppressed
notifications).
UITT: User Interrupt Target Table - Stores UPID pointer and vector information
for interrupt routing on the sender side. Referred by the senduipi instruction.
The interrupt state of each task is referenced via MSRs which are saved and
restored by the kernel during context switch.
Instructions
------------
senduipi <index> - send a user IPI to a target task based on the UITT index.
clui - Mask user interrupts by clearing UIF (User Interrupt Flag).
stui - Unmask user interrupts by setting UIF.
testui - Test current value of UIF.
uiret - return from a user interrupt handler.
User IPI
--------
When a User IPI sender executes 'senduipi <index>', the hardware refers the
UITT table entry pointed by the index and posts the interrupt vector (63-0)
into the receiver's UPID.
If the receiver is running (CPL=3), the sender cpu would send a physical IPI to
the receiver's cpu. On the receiver side this IPI is detected as a User
Interrupt. The User Interrupt handler for the receiver is invoked and the
vector number (63-0) is pushed onto the stack.
Upon execution of 'uiret' in the interrupt handler, the control is transferred
back to instruction that was interrupted.
Refer Chapter 11 of the Intel Architecture instruction set extensions [1] for
more details.
Application interface - Software Architecture
=============================================
User Interrupts (Uintr) is an opt-in feature (unlike signals). Applications
wanting to use Uintr are expected to register themselves with the kernel using
the Uintr related system calls. A Uintr receiver is always a userspace task. A
Uintr sender can be another userspace task, kernel or a device.
1) A receiver can register/unregister an interrupt handler using the Uintr
receiver related syscalls.
uintr_register_handler(handler, flags)
uintr_unregister_handler(flags)
2) A syscall also allows a receiver to register a vector and create a user
interrupt file descriptor - uintr_fd.
uintr_fd = uintr_create_fd(vector, flags)
Uintr can be useful in some of the usages where eventfd or signals are used for
frequent userspace event notifications. The semantics of uintr_fd are somewhat
similar to an eventfd() or the write end of a pipe.
3) Any sender with access to uintr_fd can use it to deliver events (in this
case - interrupts) to a receiver. A sender task can manage its connection with
the receiver using the sender related syscalls based on uintr_fd.
uipi_index = uintr_register_sender(uintr_fd, flags)
Using an FD abstraction provides a secure mechanism to connect with a receiver.
The FD sharing and isolation mechanisms put in place by the kernel would extend
to Uintr as well.
4a) After the initial setup, a sender task can use the SENDUIPI instruction
along with the uipi_index to generate user IPIs without any kernel
intervention.
SENDUIPI <uipi_index>
If the receiver is running (CPL=3), then the user interrupt is delivered
directly without a kernel transition. If the receiver isn't running the
interrupt is delivered when the receiver gets context switched back. If the
receiver is blocked in the kernel, the user interrupt is delivered to the
kernel which then unblocks the intended receiver to deliver the interrupt.
4b) If the sender is the kernel or a device, the uintr_fd can be passed onto
the related kernel entity to allow them to setup a connection and then generate
a user interrupt for event delivery. <The exact details of this API are still
being worked upon.>
For details of the user interface and associated system calls refer the Uintr
man-pages draft:
https://github.com/intel/uintr-linux-kernel/tree/rfc-v1/tools/uintr/manpages.
We have also included the same content as patch 1 of this series to make it
easier to review.
Refer the Uintr compiler programming guide [4] for details on Uintr integration
with GCC and Binutils.
Kernel design choices
=====================
Here are some of the reasons and trade-offs for the current design of the APIs.
System call interface
---------------------
Why a system call interface?: The 2 options we considered are using a char
device at /dev or use system calls (current approach). A syscall approach
avoids exposing a core cpu feature through a driver model. Also, we want to
have a user interrupt FD per vector and share a single common interrupt handler
among all vectors. This seems easier for the kernel and userspace to accomplish
using a syscall based approach.
Data sharing using user interrupts: Uintr doesn't include a mechanism to
share/transmit data. The expectation is applications use existing data sharing
mechanisms to share data and use Uintr only for signaling.
An FD for each vector: A uintr_fd is assigned to each vector to allow fine
grained priority and event management by the receiver. The alternative we
considered was to allocate an FD to the interrupt handler and having that
shared with the sender. However, that approach relies on the sender selecting
the vector and moves the vector priority management to the sender. Also, if
multiple senders want to send unique user interrupts they would need to
coordinate the vector selection amongst them.
Extending the APIs: Currently, the system calls are only extendable using the
flags argument. We can add a variable size struct to some of the syscalls if
needed.
Extending existing mechanisms
-----------------------------
Uintr can be beneficial in some of the usages where eventfd() or signals are
used. Since Uintr is hardware-dependent, thread-specific and bypasses the
kernel in the fast path, it makes extending existing mechanisms harder.
Main issues with extending signals:
Signal handlers are defined significantly differently than a User interrupt
handler. An application needs to save/restore registers in a user interrupt
handler and call uiret to return from it. Also, signals can be process directed
(or thread directed) but user interrupts are always thread directed.
Comparison of signals with User Interrupts:
+=====================+===========================+===========================+
| | Signals | User Interrupts |
+=====================+===========================+===========================+
| Stacks | Has alt stacks | Uses application stack |
| | | (alternate stack option |
| | | not yet enabled) |
+---------------------+---------------------------+---------------------------+
| Registers state | Kernel manages incl. | App responsible (Use GCC |
| | FPU/XSTATE area | 'interrupt' attribute for |
| | | general purpose registers)|
+---------------------+---------------------------+---------------------------+
| Blocking/Masking | sigprocmask(2)/sa_mask | CLUI instruction (No per |
| | | vector masking) |
+---------------------+---------------------------+---------------------------+
| Direction | Uni-directional | Uni-directional |
+---------------------+---------------------------+---------------------------+
| Post event | kill(), signal(), | SENDUIPI <index> - index |
| | sigqueue(), etc. | derived from uintr_fd |
+---------------------+---------------------------+---------------------------+
| Target | Process-directed or | Thread-directed |
| | thread-directed | |
+---------------------+---------------------------+---------------------------+
| Fork/inheritance | Empty signal set | Nothing is inherited |
+---------------------+---------------------------+---------------------------+
| Execv | Pending signals preserved | Nothing is inherited |
+---------------------+---------------------------+---------------------------+
| Order of delivery | Undetermined | High to low vector numbers|
| for multiple signals| | |
+---------------------+---------------------------+---------------------------+
| Handler re-entry | All signals except the | No interrupts can cause |
| | one being handled | handler re-entry. |
+---------------------+---------------------------+---------------------------+
| Delivery feedback | 0 or -1 based on whether | No feedback on whether the|
| | the signal was sent | interrupt was sent or |
| | | received. |
+---------------------+---------------------------+---------------------------+
Main issues with extending eventfd():
eventfd() has a counter value that is core to the API. User interrupts can't
have an associated counter since the signaling happens at the user level and
the hardware doesn't have a memory counter mechanism. Also, eventfd can be used
for bi-directional signaling where as uintr_fd is uni-directional.
Comparison of eventfd with uintr_fd:
+====================+======================+==============================+
| | Eventfd | uintr_fd (User Interrupt FD) |
+====================+======================+==============================+
| Object | Counter - uint64 | Receiver vector information |
+--------------------+----------------------+------------------------------+
| Post event | write() to eventfd | SENDUIPI <index> - index |
| | | derived from uintr_fd |
+--------------------+----------------------+------------------------------+
| Receive event | read() on eventfd | Implicit - Handler is |
| | | invoked with associated |
| | | vector. |
+--------------------+----------------------+------------------------------+
| Direction | Bi-directional | Uni-directional |
+--------------------+----------------------+------------------------------+
| Data transmitted | Counter - uint64 | None |
+--------------------+----------------------+------------------------------+
| Waiting for events | Poll() family of | No per vector wait. |
| | syscalls | uintr_wait() allows waiting |
| | | for all user interrupts |
+--------------------+----------------------+------------------------------+
Security Model
==============
User Interrupts is designed as an opt-in feature (unlike signals). The security
model for user interrupts is intended to be similar to eventfd(). The general
idea is that any sender with access to uintr_fd would be able to generate the
associated interrupt vector for the receiver task that created the fd.
Untrusted processes
-------------------
The current implementation expects only trusted and cooperating processes to
communicate using user interrupts. Coordination is expected between processes
for a connection teardown. In situations where coordination doesn't happen
(say, due to abrupt process exit), the kernel would end up keeping shared
resources (like UPID) allocated to avoid faults.
Currently, a sender can easily cause a denial of service for the receiver by
generating a storm of user interrupts. A user interrupt handler is invoked with
interrupts disabled, but upon execution of uiret, interrupts get enabled again
by the hardware. This can lead to the handler being invoked again before normal
execution can resume. There isn't a hardware mechanism to mask specific
interrupt vectors.
To enable untrusted processes to communicate, we need to add a per-vector
masking option through another syscall (or maybe IOCTL). However, this can add
some complexity to the kernel code. A vector can only be masked by modifying
the UITT entries at the source. We need to be careful about races while
removing and restoring the UPID from the UITT.
Resource limits
---------------
The maximum number of receiver-sender connections would be limited by the
maximum number of open file descriptors and the size of the UITT.
The UITT size is chosen as 4kB fixed size arbitrarily right now. We plan to
make it dynamic and configurable in size. RLIMIT_MEMLOCK or ENOMEM should be
triggered when the size limits have been hit.
Main Opens
==========
Blocking for interrupts
-----------------------
User interrupts are delivered to applications immediately if they are running
in userspace. If a receiver task has blocked in the kernel using the placeholder
uintr_wait() syscall, the task would be woken up to deliver the user interrupt.
However, if the task is blocked due to any other blocking calls like read(),
sleep(), etc; the interrupt will only get delivered when the application gets
scheduled again. We need to consider if applications need to receive User
Interrupts as soon as they are posted (similar to signals) when they are
blocked due to some other reason. Adding this capability would likely make the
kernel implementation more complex.
Interrupting system calls using User Interrupts would also mean we need to
consider an SA_RESTART type of mechanism. We also need to evaluate if some of
the signal handler related semantics in the kernel can be reused for User
Interrupts.
Sharing the User Interrupt Target Table (UITT)
----------------------------------------------
The current implementation assigns a unique UITT to each task. This assumes
that User interrupts are used for point-to-point communication between 2 tasks.
Also, this keeps the kernel implementation relatively simple.
However, there are of benefits to sharing the UITT between threads of a
multi-threaded application. One, they would see a consistent view of the UITT.
i.e. SENDUIPI <index> would mean the same on all threads of the application.
Also, each thread doesn't have to register itself using the common uintr_fd.
This would simplify the userspace setup and make efficient use of kernel
memory. The potential downside is that the kernel implementation to allocate,
modify, expand and free the UITT would be more complex.
A similar argument can be made for a set of processes that do a lot of IPC
amongst them. They would prefer to have a shared UITT that lets them target any
process from any process. With the current file descriptor based approach, the
connection setup can be time consuming and somewhat cumbersome. We need to
evaluate if this can be made simpler as well.
Kernel page table isolation (KPTI)
----------------------------------
SENDUIPI is a special ring-3 instruction that makes a supervisor mode memory
access to the UPID and UITT memory. The current patches need KPTI to be
disabled for User IPIs to work. To make User IPI work with KPTI, we need to
allocate these structures from a special memory region that has supervisor
access but it is mapped into userspace. The plan is to implement a mechanism
similar to LDT.
Processors that support user interrupts are not affected by Meltdown so the
auto mode of KPTI will default to off. Users who want to force enable KPTI will
need to wait for a later version of this patch series to use user interrupts.
Please let us know if you want the development of these patches to be
prioritized (or deprioritized).
FAQs
====
Q: What happens if a process is "surprised" by a user interrupt?
A: For tasks that haven't registered with the kernel and requested for user
interrupts aren't expected or able to receive to user interrupts.
Q: Do user interrupts affect kernel scheduling?
A: No. If a task is blocked waiting for user interrupts, when the kernel
receives a notification on behalf of that task we only put it back on the
runqueue. Delivery of a user interrupt in no way changes the scheduling
priorities of a task.
Q: Does the sender get to know if the interrupt was delivered?
A: No. User interrupts only provides a posted interrupt delivery mechanism. If
applications need to rely on whether the interrupt was delivered they should
consider a userspace mechanism for feedback (like a shared memory counter or a
user interrupt back to the sender).
Q: Why is there no feedback on interrupt delivery?
A: Being a posted interrupt delivery mechanism, the interrupt delivery
happens in 2 steps:
1) The interrupt information is stored in a memory location (UPID).
2) The physical interrupt is delivered to the interrupt receiver.
The 2nd step could happen immediately, after an extended period, or it might
never happen based on the state of the receiver after step 1. (The receiver
could have disabled interrupts, have been context switched out or it might have
crashed during that time.) This makes it very hard for the hardware to reliably
provide feedback upon execution of SENDUIPI.
Q: Can user interrupts be nested?
A: Yes. Using STUI instruction in the interrupt handler would allow new user
interrupts to be delivered. However, there no TPR(thread priority register)
like mechanism to allow only higher priority interrupts. Any user interrupt can
be taken when nesting is enabled.
Q: Can a task receive all pending user interrupts in one go?
A: No. The hardware allows only one vector to be processed at a time. If a task
is interested in knowing all the interrupts that are pending then we could add
a syscall that provides the pending interrupts information.
Q: Do the processes need to be pinned to a cpu?
A: No. User interrupts will be routed correctly to whichever cpu the receiver
is running on. The kernel updates the cpu information in the UPID during
context switch.
Q: Why are UPID and UITT allocated by the kernel?
A: If allocated by user space, applications could misuse the UPID and UITT to
write to unauthorized memory and generate interrupts on any cpu. The UPID and
UITT are allocated by the kernel and accessed by the hardware with supervisor
privilege.
Patch structure for this series
===============================
- Man-pages and Kernel documentation (patch 1,2)
- Hardware enumeration (patch 3, 4)
- User IPI kernel vector reservation (patch 5)
- Syscall interface for interrupt receiver, sender and vector
management(uintr_fd) (patch 6-12)
- Basic selftests (patch 13)
Along with the patches in this RFC, there are additional tests and samples that
are available at:
https://github.com/intel/uintr-linux-kernel/tree/rfc-v1
Links
=====
[1]: https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
[2]: https://libevent.org/
[3]: https://github.com/axboe/liburing
[4]: https://github.com/intel/uintr-compiler-guide/blob/uintr-gcc-11.1/UINTR-compiler-guide.pdf
Sohil Mehta (13):
x86/uintr/man-page: Include man pages draft for reference
Documentation/x86: Add documentation for User Interrupts
x86/cpu: Enumerate User Interrupts support
x86/fpu/xstate: Enumerate User Interrupts supervisor state
x86/irq: Reserve a user IPI notification vector
x86/uintr: Introduce uintr receiver syscalls
x86/process/64: Add uintr task context switch support
x86/process/64: Clean up uintr task fork and exit paths
x86/uintr: Introduce vector registration and uintr_fd syscall
x86/uintr: Introduce user IPI sender syscalls
x86/uintr: Introduce uintr_wait() syscall
x86/uintr: Wire up the user interrupt syscalls
selftests/x86: Add basic tests for User IPI
.../admin-guide/kernel-parameters.txt | 2 +
Documentation/x86/index.rst | 1 +
Documentation/x86/user-interrupts.rst | 107 +++
arch/x86/Kconfig | 12 +
arch/x86/entry/syscalls/syscall_32.tbl | 6 +
arch/x86/entry/syscalls/syscall_64.tbl | 6 +
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/disabled-features.h | 8 +-
arch/x86/include/asm/entry-common.h | 4 +
arch/x86/include/asm/fpu/types.h | 20 +-
arch/x86/include/asm/fpu/xstate.h | 3 +-
arch/x86/include/asm/hardirq.h | 4 +
arch/x86/include/asm/idtentry.h | 5 +
arch/x86/include/asm/irq_vectors.h | 6 +-
arch/x86/include/asm/msr-index.h | 8 +
arch/x86/include/asm/processor.h | 8 +
arch/x86/include/asm/uintr.h | 76 ++
arch/x86/include/uapi/asm/processor-flags.h | 2 +
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/cpu/common.c | 61 ++
arch/x86/kernel/cpu/cpuid-deps.c | 1 +
arch/x86/kernel/fpu/core.c | 17 +
arch/x86/kernel/fpu/xstate.c | 20 +-
arch/x86/kernel/idt.c | 4 +
arch/x86/kernel/irq.c | 51 +
arch/x86/kernel/process.c | 10 +
arch/x86/kernel/process_64.c | 4 +
arch/x86/kernel/uintr_core.c | 880 ++++++++++++++++++
arch/x86/kernel/uintr_fd.c | 300 ++++++
include/linux/syscalls.h | 8 +
include/uapi/asm-generic/unistd.h | 15 +-
kernel/sys_ni.c | 8 +
scripts/checksyscalls.sh | 6 +
tools/testing/selftests/x86/Makefile | 10 +
tools/testing/selftests/x86/uintr.c | 147 +++
tools/uintr/manpages/0_overview.txt | 265 ++++++
tools/uintr/manpages/1_register_receiver.txt | 122 +++
.../uintr/manpages/2_unregister_receiver.txt | 62 ++
tools/uintr/manpages/3_create_fd.txt | 104 +++
tools/uintr/manpages/4_register_sender.txt | 121 +++
tools/uintr/manpages/5_unregister_sender.txt | 79 ++
tools/uintr/manpages/6_wait.txt | 59 ++
42 files changed, 2626 insertions(+), 8 deletions(-)
create mode 100644 Documentation/x86/user-interrupts.rst
create mode 100644 arch/x86/include/asm/uintr.h
create mode 100644 arch/x86/kernel/uintr_core.c
create mode 100644 arch/x86/kernel/uintr_fd.c
create mode 100644 tools/testing/selftests/x86/uintr.c
create mode 100644 tools/uintr/manpages/0_overview.txt
create mode 100644 tools/uintr/manpages/1_register_receiver.txt
create mode 100644 tools/uintr/manpages/2_unregister_receiver.txt
create mode 100644 tools/uintr/manpages/3_create_fd.txt
create mode 100644 tools/uintr/manpages/4_register_sender.txt
create mode 100644 tools/uintr/manpages/5_unregister_sender.txt
create mode 100644 tools/uintr/manpages/6_wait.txt
base-commit: 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f
--
2.33.0
Include 2 basic tests for receiving a User IPI:
1. Receiver is spinning in userspace.
2. Receiver is blocked in the kernel.
The selftests need gcc with 'muintr' support to compile.
GCC 11 (recently released) has support for this.
Signed-off-by: Sohil Mehta <[email protected]>
---
tools/testing/selftests/x86/Makefile | 10 ++
tools/testing/selftests/x86/uintr.c | 147 +++++++++++++++++++++++++++
2 files changed, 157 insertions(+)
create mode 100644 tools/testing/selftests/x86/uintr.c
diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index b4142cd1c5c2..38588221b09e 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -9,6 +9,7 @@ UNAME_M := $(shell uname -m)
CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32)
CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c)
CAN_BUILD_WITH_NOPIE := $(shell ./check_cc.sh $(CC) trivial_program.c -no-pie)
+CAN_BUILD_UINTR := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c -muintr)
TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \
check_initial_reg_state sigreturn iopl ioperm \
@@ -19,6 +20,11 @@ TARGETS_C_32BIT_ONLY := entry_from_vm86 test_syscall_vdso unwind_vdso \
vdso_restorer
TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip syscall_numbering \
corrupt_xstate_header
+
+ifeq ($(CAN_BUILD_UINTR),1)
+TARGETS_C_64BIT_ONLY := $(TARGETS_C_64BIT_ONLY) uintr
+endif
+
# Some selftests require 32bit support enabled also on 64bit systems
TARGETS_C_32BIT_NEEDED := ldt_gdt ptrace_syscall
@@ -41,6 +47,10 @@ ifeq ($(CAN_BUILD_WITH_NOPIE),1)
CFLAGS += -no-pie
endif
+ifeq ($(CAN_BUILD_UINTR),1)
+CFLAGS += -muintr
+endif
+
define gen-target-rule-32
$(1) $(1)_32: $(OUTPUT)/$(1)_32
.PHONY: $(1) $(1)_32
diff --git a/tools/testing/selftests/x86/uintr.c b/tools/testing/selftests/x86/uintr.c
new file mode 100644
index 000000000000..61a53526f2fa
--- /dev/null
+++ b/tools/testing/selftests/x86/uintr.c
@@ -0,0 +1,147 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (c) 2020, Intel Corporation.
+ *
+ * Sohil Mehta <[email protected]>
+ */
+#define _GNU_SOURCE
+#include <syscall.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <x86gprintrin.h>
+#include <pthread.h>
+#include <stdlib.h>
+
+#ifndef __x86_64__
+# error This test is 64-bit only
+#endif
+
+#ifndef __NR_uintr_register_handler
+#define __NR_uintr_register_handler 449
+#define __NR_uintr_unregister_handler 450
+#define __NR_uintr_create_fd 451
+#define __NR_uintr_register_sender 452
+#define __NR_uintr_unregister_sender 453
+#define __NR_uintr_wait 454
+#endif
+
+#define uintr_register_handler(handler, flags) syscall(__NR_uintr_register_handler, handler, flags)
+#define uintr_unregister_handler(flags) syscall(__NR_uintr_unregister_handler, flags)
+#define uintr_create_fd(vector, flags) syscall(__NR_uintr_create_fd, vector, flags)
+#define uintr_register_sender(fd, flags) syscall(__NR_uintr_register_sender, fd, flags)
+#define uintr_unregister_sender(fd, flags) syscall(__NR_uintr_unregister_sender, fd, flags)
+#define uintr_wait(flags) syscall(__NR_uintr_wait, flags)
+
+unsigned long uintr_received;
+unsigned int uintr_fd;
+
+void __attribute__((interrupt))__attribute__((target("general-regs-only", "inline-all-stringops")))
+uintr_handler(struct __uintr_frame *ui_frame,
+ unsigned long long vector)
+{
+ uintr_received = 1;
+}
+
+void receiver_setup_interrupt(void)
+{
+ int vector = 0;
+ int ret;
+
+ /* Register interrupt handler */
+ if (uintr_register_handler(uintr_handler, 0)) {
+ printf("[FAIL]\tInterrupt handler register error\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Create uintr_fd */
+ ret = uintr_create_fd(vector, 0);
+ if (ret < 0) {
+ printf("[FAIL]\tInterrupt vector registration error\n");
+ exit(EXIT_FAILURE);
+ }
+
+ uintr_fd = ret;
+}
+
+void *sender_thread(void *arg)
+{
+ long sleep_usec = (long)arg;
+ int uipi_index;
+
+ uipi_index = uintr_register_sender(uintr_fd, 0);
+ if (uipi_index < 0) {
+ printf("[FAIL]\tSender register error\n");
+ return NULL;
+ }
+
+ /* Sleep before sending IPI to allow the receiver to block in the kernel */
+ if (sleep_usec)
+ usleep(sleep_usec);
+
+ printf("\tother thread: sending IPI\n");
+ _senduipi(uipi_index);
+
+ uintr_unregister_sender(uintr_fd, 0);
+
+ return NULL;
+}
+
+static inline void cpu_relax(void)
+{
+ asm volatile("rep; nop" ::: "memory");
+}
+
+void test_base_ipi(void)
+{
+ pthread_t pt;
+
+ uintr_received = 0;
+ if (pthread_create(&pt, NULL, &sender_thread, NULL)) {
+ printf("[FAIL]\tError creating sender thread\n");
+ return;
+ }
+
+ printf("[RUN]\tSpin in userspace (waiting for interrupts)\n");
+ // Keep spinning until interrupt received
+ while (!uintr_received)
+ cpu_relax();
+
+ printf("[OK]\tUser interrupt received\n");
+}
+
+void test_blocking_ipi(void)
+{
+ pthread_t pt;
+ long sleep_usec;
+
+ uintr_received = 0;
+ sleep_usec = 1000;
+ if (pthread_create(&pt, NULL, &sender_thread, (void *)sleep_usec)) {
+ printf("[FAIL]\tError creating sender thread\n");
+ return;
+ }
+
+ printf("[RUN]\tBlock in the kernel (waiting for interrupts)\n");
+ uintr_wait(0);
+ if (uintr_received)
+ printf("[OK]\tUser interrupt received\n");
+ else
+ printf("[FAIL]\tUser interrupt not received\n");
+}
+
+int main(int argc, char *argv[])
+{
+ receiver_setup_interrupt();
+
+ /* Enable interrupts */
+ _stui();
+
+ test_base_ipi();
+
+ test_blocking_ipi();
+
+ close(uintr_fd);
+ uintr_unregister_handler(0);
+
+ exit(EXIT_SUCCESS);
+}
--
2.33.0
For now, include just the hardware and software architecture summary.
<This is the same content as the cover letter.
Some of the kernel design details and other information from the cover
letter can eventually be moved here.>
Signed-off-by: Sohil Mehta <[email protected]>
---
Documentation/x86/index.rst | 1 +
Documentation/x86/user-interrupts.rst | 107 ++++++++++++++++++++++++++
2 files changed, 108 insertions(+)
create mode 100644 Documentation/x86/user-interrupts.rst
diff --git a/Documentation/x86/index.rst b/Documentation/x86/index.rst
index 383048396336..0d416b02131b 100644
--- a/Documentation/x86/index.rst
+++ b/Documentation/x86/index.rst
@@ -31,6 +31,7 @@ x86-specific Documentation
tsx_async_abort
buslock
usb-legacy-support
+ user-interrupts
i386/index
x86_64/index
sva
diff --git a/Documentation/x86/user-interrupts.rst b/Documentation/x86/user-interrupts.rst
new file mode 100644
index 000000000000..bc90251d6c2e
--- /dev/null
+++ b/Documentation/x86/user-interrupts.rst
@@ -0,0 +1,107 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+=======================
+User Interrupts (UINTR)
+=======================
+
+Overview
+========
+User Interrupts provides a low latency event delivery and inter process
+communication mechanism. These events can be delivered directly to userspace
+without a transition through the kernel.
+
+In the User Interrupts architecture, a receiver is always expected to be a user
+space task. However, a user interrupt can be sent by another user space task,
+kernel or an external source (like a device). The feature that allows another
+task to send an interrupt is referred to as User IPI.
+
+Hardware Summary
+================
+User Interrupts is a posted interrupt delivery mechanism. The interrupts are
+first posted to a memory location and then delivered to the receiver when they
+are running with CPL=3.
+
+Kernel managed architectural data structures
+--------------------------------------------
+UPID: User Posted Interrupt Descriptor - Holds receiver interrupt vector
+information and notification state (like an ongoing notification, suppressed
+notifications).
+
+UITT: User Interrupt Target Table - Stores UPID pointer and vector information
+for interrupt routing on the sender side. Referred by the senduipi instruction.
+
+The interrupt state of each task is referenced via MSRs which are saved and
+restored by the kernel during context switch.
+
+Instructions
+------------
+senduipi <index> - send a user IPI to a target task based on the UITT index.
+
+clui - Mask user interrupts by clearing UIF (User Interrupt Flag).
+
+stui - Unmask user interrupts by setting UIF.
+
+testui - Test current value of UIF.
+
+uiret - return from a user interrupt handler.
+
+User IPI
+--------
+When a User IPI sender executes 'senduipi <index>' the hardware refers the UITT
+table entry pointed by the index and posts the interrupt vector into the
+receiver's UPID.
+
+If the receiver is running the sender cpu would send a physical IPI to the
+receiver's cpu. On the receiver side this IPI is detected as a User Interrupt.
+The User Interrupt handler for the receiver is invoked and the vector number is
+pushed onto the stack.
+
+Upon execution of 'uiret' in the interrupt handler, the control is transferred
+back to instruction that was interrupted.
+
+Refer the Intel Software Developer's Manual for more details.
+
+Software Architecture
+=====================
+User Interrupts (Uintr) is an opt-in feature (unlike signals). Applications
+wanting to use Uintr are expected to register themselves with the kernel using
+the Uintr related system calls. A Uintr receiver is always a userspace task. A
+Uintr sender can be another userspace task, kernel or a device.
+
+1) A receiver can register/unregister an interrupt handler using the Uintr
+receiver related syscalls.
+ uintr_register_handler(handler, flags)
+
+2) A syscall also allows a receiver to register a vector and create a user
+interrupt file descriptor - uintr_fd.
+ uintr_fd = uintr_create_fd(vector, flags)
+
+Uintr can be useful in some of the usages where eventfd or signals are used for
+frequent userspace event notifications. The semantics of uintr_fd are somewhat
+similar to an eventfd() or the write end of a pipe.
+
+3) Any sender with access to uintr_fd can use it to deliver events (in this
+case - interrupts) to a receiver. A sender task can manage its connection with
+the receiver using the sender related syscalls based on uintr_fd.
+ uipi_index = uintr_register_sender(uintr_fd, flags)
+
+Using an FD abstraction provides a secure mechanism to connect with a receiver.
+The FD sharing and isolation mechanisms put in place by the kernel would extend
+to Uintr as well.
+
+4a) After the initial setup, a sender task can use the SENDUIPI instruction to
+generate user IPIs without any kernel intervention.
+ SENDUIPI <uipi_index>
+
+If the receiver is running (CPL=3), then the user interrupt is delivered
+directly without a kernel transition. If the receiver isn't running the
+interrupt is delivered when the receiver gets context switched back. If the
+receiver is blocked in the kernel, the user interrupt is delivered to the
+kernel which then unblocks the intended receiver to deliver the interrupt.
+
+4b) If the sender is the kernel or a device, the uintr_fd can be passed onto
+the related kernel entity to allow them to setup a connection and then generate
+a user interrupt for event delivery. <The exact details of this API are still
+being worked upon.>
+
+Refer the Uintr man-pages for details on the syscall interface.
--
2.33.0
Add a registration syscall for a task to register itself as a user
interrupt sender using the uintr_fd generated by the receiver. A task
can register multiple uintr_fds. Each unique successful connection
creates a new entry in the User Interrupt Target Table (UITT).
Each entry in the UITT table is referred by the UITT index (uipi_index).
The uipi_index returned during the registration syscall lets a sender
generate a user IPI using the 'SENDUIPI <uipi_index>' instruction.
Also, add a sender unregister syscall to unregister a particular task
from the uintr_fd. Calling close on the uintr_fd will disconnect all
threads in a sender process from that FD.
Currently, the UITT size is arbitrarily chosen as 256 entries
corresponding to a 4KB page. Based on feedback and usage data this can
either be increased/decreased or made dynamic later.
Architecturally, the UITT table can be unique for each thread or shared
across threads of the same thread group. The current implementation
keeps the UITT as unique for the each thread. This makes the kernel
implementation relatively simple and only threads that use uintr get
setup with the related structures. However, this means that the
uipi_index for each thread would be inconsistent wrt to other threads.
(Executing 'SENDUIPI 2' on threads of the same process could generate
different user interrupts.)
Alternatively, the benefit of sharing the UITT table is that all threads
would see the same view of the UITT table. Also the kernel UITT memory
allocation would be more efficient if multiple threads connect to the
same uintr_fd. However, this would mean the kernel needs to keep the
UITT table size MISC_MSR[] in sync across these threads. Also the
UPID/UITT teardown flows might need additional consideration.
Signed-off-by: Sohil Mehta <[email protected]>
---
arch/x86/include/asm/processor.h | 2 +
arch/x86/include/asm/uintr.h | 15 ++
arch/x86/kernel/process.c | 1 +
arch/x86/kernel/uintr_core.c | 355 ++++++++++++++++++++++++++++++-
arch/x86/kernel/uintr_fd.c | 133 ++++++++++++
5 files changed, 495 insertions(+), 11 deletions(-)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index d229bfac8b4f..3482c3182e39 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -10,6 +10,7 @@ struct mm_struct;
struct io_bitmap;
struct vm86;
struct uintr_receiver;
+struct uintr_sender;
#include <asm/math_emu.h>
#include <asm/segment.h>
@@ -533,6 +534,7 @@ struct thread_struct {
#ifdef CONFIG_X86_USER_INTERRUPTS
/* User Interrupt state*/
struct uintr_receiver *ui_recv;
+ struct uintr_sender *ui_send;
#endif
/* Floating point and extended processor state */
diff --git a/arch/x86/include/asm/uintr.h b/arch/x86/include/asm/uintr.h
index 1f00e2a63da4..ef3521dd7fb9 100644
--- a/arch/x86/include/asm/uintr.h
+++ b/arch/x86/include/asm/uintr.h
@@ -8,6 +8,7 @@ struct uintr_upid_ctx {
struct task_struct *task; /* Receiver task */
struct uintr_upid *upid;
refcount_t refs;
+ bool receiver_active; /* Flag for UPID being mapped to a receiver */
};
struct uintr_receiver_info {
@@ -16,12 +17,26 @@ struct uintr_receiver_info {
u64 uvec; /* Vector number */
};
+struct uintr_sender_info {
+ struct list_head node;
+ struct uintr_uitt_ctx *uitt_ctx;
+ struct task_struct *task;
+ struct uintr_upid_ctx *r_upid_ctx; /* Receiver's UPID context */
+ struct callback_head twork; /* Task work head */
+ unsigned int uitt_index;
+};
+
bool uintr_arch_enabled(void);
int do_uintr_register_handler(u64 handler);
int do_uintr_unregister_handler(void);
int do_uintr_register_vector(struct uintr_receiver_info *r_info);
void do_uintr_unregister_vector(struct uintr_receiver_info *r_info);
+int do_uintr_register_sender(struct uintr_receiver_info *r_info,
+ struct uintr_sender_info *s_info);
+void do_uintr_unregister_sender(struct uintr_receiver_info *r_info,
+ struct uintr_sender_info *s_info);
+
void uintr_free(struct task_struct *task);
/* TODO: Inline the context switch related functions */
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 83677f76bd7b..9db33e467b30 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -92,6 +92,7 @@ int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
#ifdef CONFIG_X86_USER_INTERRUPTS
/* User Interrupt state is unique for each task */
dst->thread.ui_recv = NULL;
+ dst->thread.ui_send = NULL;
#endif
return fpu_clone(dst);
diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
index 9dcb9f60e5bc..8f331c5fe0cf 100644
--- a/arch/x86/kernel/uintr_core.c
+++ b/arch/x86/kernel/uintr_core.c
@@ -21,6 +21,11 @@
#include <asm/msr-index.h>
#include <asm/uintr.h>
+/*
+ * Each UITT entry is 16 bytes in size.
+ * Current UITT table size is set as 4KB (256 * 16 bytes)
+ */
+#define UINTR_MAX_UITT_NR 256
#define UINTR_MAX_UVEC_NR 64
/* User Posted Interrupt Descriptor (UPID) */
@@ -44,6 +49,27 @@ struct uintr_receiver {
u64 uvec_mask; /* track active vector per bit */
};
+/* User Interrupt Target Table Entry (UITTE) */
+struct uintr_uitt_entry {
+ u8 valid; /* bit 0: valid, bit 1-7: reserved */
+ u8 user_vec;
+ u8 reserved[6];
+ u64 target_upid_addr;
+} __packed __aligned(16);
+
+struct uintr_uitt_ctx {
+ struct uintr_uitt_entry *uitt;
+ /* Protect UITT */
+ spinlock_t uitt_lock;
+ refcount_t refs;
+};
+
+struct uintr_sender {
+ struct uintr_uitt_ctx *uitt_ctx;
+ /* track active uitt entries per bit */
+ u64 uitt_mask[BITS_TO_U64(UINTR_MAX_UITT_NR)];
+};
+
inline bool uintr_arch_enabled(void)
{
return static_cpu_has(X86_FEATURE_UINTR);
@@ -54,6 +80,36 @@ static inline bool is_uintr_receiver(struct task_struct *t)
return !!t->thread.ui_recv;
}
+static inline bool is_uintr_sender(struct task_struct *t)
+{
+ return !!t->thread.ui_send;
+}
+
+static inline bool is_uintr_task(struct task_struct *t)
+{
+ return(is_uintr_receiver(t) || is_uintr_sender(t));
+}
+
+static inline bool is_uitt_empty(struct task_struct *t)
+{
+ return !!bitmap_empty((unsigned long *)t->thread.ui_send->uitt_mask,
+ UINTR_MAX_UITT_NR);
+}
+
+/*
+ * No lock is needed to read the active flag. Writes only happen from
+ * r_info->task that owns the UPID. Everyone else would just read this flag.
+ *
+ * This only provides a static check. The receiver may become inactive right
+ * after this check. The primary reason to have this check is to prevent future
+ * senders from connecting with this UPID, since the receiver task has already
+ * made this UPID inactive.
+ */
+static bool uintr_is_receiver_active(struct uintr_receiver_info *r_info)
+{
+ return r_info->upid_ctx->receiver_active;
+}
+
static inline u32 cpu_to_ndst(int cpu)
{
u32 apicid = (u32)apic->cpu_present_to_apicid(cpu);
@@ -94,6 +150,7 @@ static struct uintr_upid_ctx *alloc_upid(void)
upid_ctx->upid = upid;
refcount_set(&upid_ctx->refs, 1);
upid_ctx->task = get_task_struct(current);
+ upid_ctx->receiver_active = true;
return upid_ctx;
}
@@ -110,6 +167,64 @@ static struct uintr_upid_ctx *get_upid_ref(struct uintr_upid_ctx *upid_ctx)
return upid_ctx;
}
+static void free_uitt(struct uintr_uitt_ctx *uitt_ctx)
+{
+ unsigned long flags;
+
+ spin_lock_irqsave(&uitt_ctx->uitt_lock, flags);
+ kfree(uitt_ctx->uitt);
+ uitt_ctx->uitt = NULL;
+ spin_unlock_irqrestore(&uitt_ctx->uitt_lock, flags);
+
+ kfree(uitt_ctx);
+}
+
+/* TODO: Replace UITT allocation with KPTI compatible memory allocator */
+static struct uintr_uitt_ctx *alloc_uitt(void)
+{
+ struct uintr_uitt_ctx *uitt_ctx;
+ struct uintr_uitt_entry *uitt;
+
+ uitt_ctx = kzalloc(sizeof(*uitt_ctx), GFP_KERNEL);
+ if (!uitt_ctx)
+ return NULL;
+
+ uitt = kzalloc(sizeof(*uitt) * UINTR_MAX_UITT_NR, GFP_KERNEL);
+ if (!uitt) {
+ kfree(uitt_ctx);
+ return NULL;
+ }
+
+ uitt_ctx->uitt = uitt;
+ spin_lock_init(&uitt_ctx->uitt_lock);
+ refcount_set(&uitt_ctx->refs, 1);
+
+ return uitt_ctx;
+}
+
+static void put_uitt_ref(struct uintr_uitt_ctx *uitt_ctx)
+{
+ if (refcount_dec_and_test(&uitt_ctx->refs))
+ free_uitt(uitt_ctx);
+}
+
+static struct uintr_uitt_ctx *get_uitt_ref(struct uintr_uitt_ctx *uitt_ctx)
+{
+ refcount_inc(&uitt_ctx->refs);
+ return uitt_ctx;
+}
+
+static inline void mark_uitte_invalid(struct uintr_sender_info *s_info)
+{
+ struct uintr_uitt_entry *uitte;
+ unsigned long flags;
+
+ spin_lock_irqsave(&s_info->uitt_ctx->uitt_lock, flags);
+ uitte = &s_info->uitt_ctx->uitt[s_info->uitt_index];
+ uitte->valid = 0;
+ spin_unlock_irqrestore(&s_info->uitt_ctx->uitt_lock, flags);
+}
+
static void __clear_vector_from_upid(u64 uvec, struct uintr_upid *upid)
{
clear_bit(uvec, (unsigned long *)&upid->puir);
@@ -175,6 +290,210 @@ static void receiver_clear_uvec(struct callback_head *head)
kfree(r_info);
}
+static void teardown_uitt(void)
+{
+ struct task_struct *t = current;
+ struct fpu *fpu = &t->thread.fpu;
+ u64 msr64;
+
+ put_uitt_ref(t->thread.ui_send->uitt_ctx);
+ kfree(t->thread.ui_send);
+ t->thread.ui_send = NULL;
+
+ fpregs_lock();
+
+ if (fpregs_state_valid(fpu, smp_processor_id())) {
+ /* Modify only the relevant bits of the MISC MSR */
+ rdmsrl(MSR_IA32_UINTR_MISC, msr64);
+ msr64 &= GENMASK_ULL(63, 32);
+ wrmsrl(MSR_IA32_UINTR_MISC, msr64);
+ wrmsrl(MSR_IA32_UINTR_TT, 0ULL);
+ } else {
+ struct uintr_state *p;
+
+ p = get_xsave_addr(&fpu->state.xsave, XFEATURE_UINTR);
+ if (p) {
+ p->uitt_size = 0;
+ p->uitt_addr = 0;
+ }
+ }
+
+ fpregs_unlock();
+}
+
+static int init_uitt(void)
+{
+ struct task_struct *t = current;
+ struct fpu *fpu = &t->thread.fpu;
+ struct uintr_sender *ui_send;
+ u64 msr64;
+
+ ui_send = kzalloc(sizeof(*t->thread.ui_send), GFP_KERNEL);
+ if (!ui_send)
+ return -ENOMEM;
+
+ ui_send->uitt_ctx = alloc_uitt();
+ if (!ui_send->uitt_ctx) {
+ pr_debug("send: Alloc UITT failed for task=%d\n", t->pid);
+ kfree(ui_send);
+ return -ENOMEM;
+ }
+
+ fpregs_lock();
+
+ if (fpregs_state_valid(fpu, smp_processor_id())) {
+ wrmsrl(MSR_IA32_UINTR_TT, (u64)ui_send->uitt_ctx->uitt | 1);
+ /* Modify only the relevant bits of the MISC MSR */
+ rdmsrl(MSR_IA32_UINTR_MISC, msr64);
+ msr64 &= GENMASK_ULL(63, 32);
+ msr64 |= UINTR_MAX_UITT_NR;
+ wrmsrl(MSR_IA32_UINTR_MISC, msr64);
+ } else {
+ struct xregs_state *xsave;
+ struct uintr_state *p;
+
+ xsave = &fpu->state.xsave;
+ xsave->header.xfeatures |= XFEATURE_MASK_UINTR;
+ p = get_xsave_addr(&fpu->state.xsave, XFEATURE_UINTR);
+ if (p) {
+ p->uitt_size = UINTR_MAX_UITT_NR;
+ p->uitt_addr = (u64)ui_send->uitt_ctx->uitt | 1;
+ }
+ }
+
+ fpregs_unlock();
+
+ pr_debug("send: Setup a new UITT=%px for task=%d with size %d\n",
+ ui_send->uitt_ctx->uitt, t->pid, UINTR_MAX_UITT_NR * 16);
+
+ t->thread.ui_send = ui_send;
+
+ return 0;
+}
+
+static void __free_uitt_entry(unsigned int entry)
+{
+ struct task_struct *t = current;
+ unsigned long flags;
+
+ if (entry >= UINTR_MAX_UITT_NR)
+ return;
+
+ if (!is_uintr_sender(t))
+ return;
+
+ pr_debug("send: Freeing UITTE entry %d for task=%d\n", entry, t->pid);
+
+ spin_lock_irqsave(&t->thread.ui_send->uitt_ctx->uitt_lock, flags);
+ memset(&t->thread.ui_send->uitt_ctx->uitt[entry], 0,
+ sizeof(struct uintr_uitt_entry));
+ spin_unlock_irqrestore(&t->thread.ui_send->uitt_ctx->uitt_lock, flags);
+
+ clear_bit(entry, (unsigned long *)t->thread.ui_send->uitt_mask);
+
+ if (is_uitt_empty(t)) {
+ pr_debug("send: UITT mask is empty. Dereference and teardown UITT\n");
+ teardown_uitt();
+ }
+}
+
+static void sender_free_uitte(struct callback_head *head)
+{
+ struct uintr_sender_info *s_info;
+
+ s_info = container_of(head, struct uintr_sender_info, twork);
+
+ __free_uitt_entry(s_info->uitt_index);
+ put_uitt_ref(s_info->uitt_ctx);
+ put_upid_ref(s_info->r_upid_ctx);
+ put_task_struct(s_info->task);
+ kfree(s_info);
+}
+
+void do_uintr_unregister_sender(struct uintr_receiver_info *r_info,
+ struct uintr_sender_info *s_info)
+{
+ int ret;
+
+ /*
+ * To make sure any new senduipi result in a #GP fault.
+ * The task work might take non-zero time to kick the process out.
+ */
+ mark_uitte_invalid(s_info);
+
+ pr_debug("send: Adding Free UITTE %d task work for task=%d\n",
+ s_info->uitt_index, s_info->task->pid);
+
+ init_task_work(&s_info->twork, sender_free_uitte);
+ ret = task_work_add(s_info->task, &s_info->twork, true);
+ if (ret) {
+ /*
+ * Dereferencing the UITT and UPID here since the task has
+ * exited.
+ */
+ pr_debug("send: Free UITTE %d task=%d has already exited\n",
+ s_info->uitt_index, s_info->task->pid);
+ put_upid_ref(s_info->r_upid_ctx);
+ put_uitt_ref(s_info->uitt_ctx);
+ put_task_struct(s_info->task);
+ kfree(s_info);
+ return;
+ }
+}
+
+int do_uintr_register_sender(struct uintr_receiver_info *r_info,
+ struct uintr_sender_info *s_info)
+{
+ struct uintr_uitt_entry *uitte = NULL;
+ struct uintr_sender *ui_send;
+ struct task_struct *t = current;
+ unsigned long flags;
+ int entry;
+ int ret;
+
+ /*
+ * Only a static check. Receiver could exit anytime after this check.
+ * This check only prevents connections using uintr_fd after the
+ * receiver has already exited/unregistered.
+ */
+ if (!uintr_is_receiver_active(r_info))
+ return -ESHUTDOWN;
+
+ if (is_uintr_sender(t)) {
+ entry = find_first_zero_bit((unsigned long *)t->thread.ui_send->uitt_mask,
+ UINTR_MAX_UITT_NR);
+ if (entry >= UINTR_MAX_UITT_NR)
+ return -ENOSPC;
+ } else {
+ BUILD_BUG_ON(UINTR_MAX_UITT_NR < 1);
+ entry = 0;
+ ret = init_uitt();
+ if (ret)
+ return ret;
+ }
+
+ ui_send = t->thread.ui_send;
+
+ set_bit(entry, (unsigned long *)ui_send->uitt_mask);
+
+ spin_lock_irqsave(&ui_send->uitt_ctx->uitt_lock, flags);
+ uitte = &ui_send->uitt_ctx->uitt[entry];
+ pr_debug("send: sender=%d receiver=%d UITTE entry %d address %px\n",
+ current->pid, r_info->upid_ctx->task->pid, entry, uitte);
+
+ uitte->user_vec = r_info->uvec;
+ uitte->target_upid_addr = (u64)r_info->upid_ctx->upid;
+ uitte->valid = 1;
+ spin_unlock_irqrestore(&ui_send->uitt_ctx->uitt_lock, flags);
+
+ s_info->r_upid_ctx = get_upid_ref(r_info->upid_ctx);
+ s_info->uitt_ctx = get_uitt_ref(ui_send->uitt_ctx);
+ s_info->task = get_task_struct(current);
+ s_info->uitt_index = entry;
+
+ return 0;
+}
+
int do_uintr_unregister_handler(void)
{
struct task_struct *t = current;
@@ -222,6 +541,8 @@ int do_uintr_unregister_handler(void)
}
ui_recv = t->thread.ui_recv;
+ ui_recv->upid_ctx->receiver_active = false;
+
/*
* Suppress notifications so that no further interrupts are generated
* based on this UPID.
@@ -437,14 +758,14 @@ void switch_uintr_return(void)
* This should only be called from exit_thread().
* exit_thread() can happen in current context when the current thread is
* exiting or it can happen for a new thread that is being created.
- * For new threads is_uintr_receiver() should fail.
+ * For new threads is_uintr_task() should fail.
*/
void uintr_free(struct task_struct *t)
{
struct uintr_receiver *ui_recv;
struct fpu *fpu;
- if (!static_cpu_has(X86_FEATURE_UINTR) || !is_uintr_receiver(t))
+ if (!static_cpu_has(X86_FEATURE_UINTR) || !is_uintr_task(t))
return;
if (WARN_ON_ONCE(t != current))
@@ -456,6 +777,7 @@ void uintr_free(struct task_struct *t)
if (fpregs_state_valid(fpu, smp_processor_id())) {
wrmsrl(MSR_IA32_UINTR_MISC, 0ULL);
+ wrmsrl(MSR_IA32_UINTR_TT, 0ULL);
wrmsrl(MSR_IA32_UINTR_PD, 0ULL);
wrmsrl(MSR_IA32_UINTR_RR, 0ULL);
wrmsrl(MSR_IA32_UINTR_STACKADJUST, 0ULL);
@@ -470,20 +792,31 @@ void uintr_free(struct task_struct *t)
p->upid_addr = 0;
p->stack_adjust = 0;
p->uinv = 0;
+ p->uitt_addr = 0;
+ p->uitt_size = 0;
}
}
/* Check: Can a thread be context switched while it is exiting? */
- ui_recv = t->thread.ui_recv;
+ if (is_uintr_receiver(t)) {
+ ui_recv = t->thread.ui_recv;
- /*
- * Suppress notifications so that no further interrupts are
- * generated based on this UPID.
- */
- set_bit(UPID_SN, (unsigned long *)&ui_recv->upid_ctx->upid->nc.status);
- put_upid_ref(ui_recv->upid_ctx);
- kfree(ui_recv);
- t->thread.ui_recv = NULL;
+ /*
+ * Suppress notifications so that no further interrupts are
+ * generated based on this UPID.
+ */
+ set_bit(UPID_SN, (unsigned long *)&ui_recv->upid_ctx->upid->nc.status);
+ ui_recv->upid_ctx->receiver_active = false;
+ put_upid_ref(ui_recv->upid_ctx);
+ kfree(ui_recv);
+ t->thread.ui_recv = NULL;
+ }
fpregs_unlock();
+
+ if (is_uintr_sender(t)) {
+ put_uitt_ref(t->thread.ui_send->uitt_ctx);
+ kfree(t->thread.ui_send);
+ t->thread.ui_send = NULL;
+ }
}
diff --git a/arch/x86/kernel/uintr_fd.c b/arch/x86/kernel/uintr_fd.c
index f0548bbac776..3c82c032c0b9 100644
--- a/arch/x86/kernel/uintr_fd.c
+++ b/arch/x86/kernel/uintr_fd.c
@@ -15,6 +15,9 @@
struct uintrfd_ctx {
struct uintr_receiver_info *r_info;
+ /* Protect sender_list */
+ spinlock_t sender_lock;
+ struct list_head sender_list;
};
#ifdef CONFIG_PROC_FS
@@ -30,11 +33,20 @@ static void uintrfd_show_fdinfo(struct seq_file *m, struct file *file)
static int uintrfd_release(struct inode *inode, struct file *file)
{
struct uintrfd_ctx *uintrfd_ctx = file->private_data;
+ struct uintr_sender_info *s_info, *tmp;
+ unsigned long flags;
pr_debug("recv: Release uintrfd for r_task %d uvec %llu\n",
uintrfd_ctx->r_info->upid_ctx->task->pid,
uintrfd_ctx->r_info->uvec);
+ spin_lock_irqsave(&uintrfd_ctx->sender_lock, flags);
+ list_for_each_entry_safe(s_info, tmp, &uintrfd_ctx->sender_list, node) {
+ list_del(&s_info->node);
+ do_uintr_unregister_sender(uintrfd_ctx->r_info, s_info);
+ }
+ spin_unlock_irqrestore(&uintrfd_ctx->sender_lock, flags);
+
do_uintr_unregister_vector(uintrfd_ctx->r_info);
kfree(uintrfd_ctx);
@@ -81,6 +93,9 @@ SYSCALL_DEFINE2(uintr_create_fd, u64, vector, unsigned int, flags)
goto out_free_ctx;
}
+ INIT_LIST_HEAD(&uintrfd_ctx->sender_list);
+ spin_lock_init(&uintrfd_ctx->sender_lock);
+
/* TODO: Get user input for flags - UFD_CLOEXEC */
/* Check: Do we need O_NONBLOCK? */
uintrfd = anon_inode_getfd("[uintrfd]", &uintrfd_fops, uintrfd_ctx,
@@ -150,3 +165,121 @@ SYSCALL_DEFINE1(uintr_unregister_handler, unsigned int, flags)
return ret;
}
+
+/*
+ * sys_uintr_register_sender - setup user inter-processor interrupt sender.
+ */
+SYSCALL_DEFINE2(uintr_register_sender, int, uintrfd, unsigned int, flags)
+{
+ struct uintr_sender_info *s_info;
+ struct uintrfd_ctx *uintrfd_ctx;
+ unsigned long lock_flags;
+ struct file *uintr_f;
+ struct fd f;
+ int ret = 0;
+
+ if (!uintr_arch_enabled())
+ return -EOPNOTSUPP;
+
+ if (flags)
+ return -EINVAL;
+
+ f = fdget(uintrfd);
+ uintr_f = f.file;
+ if (!uintr_f)
+ return -EBADF;
+
+ if (uintr_f->f_op != &uintrfd_fops) {
+ ret = -EOPNOTSUPP;
+ goto out_fdput;
+ }
+
+ uintrfd_ctx = (struct uintrfd_ctx *)uintr_f->private_data;
+
+ spin_lock_irqsave(&uintrfd_ctx->sender_lock, lock_flags);
+ list_for_each_entry(s_info, &uintrfd_ctx->sender_list, node) {
+ if (s_info->task == current) {
+ ret = -EISCONN;
+ break;
+ }
+ }
+ spin_unlock_irqrestore(&uintrfd_ctx->sender_lock, lock_flags);
+
+ if (ret)
+ goto out_fdput;
+
+ s_info = kzalloc(sizeof(*s_info), GFP_KERNEL);
+ if (!s_info) {
+ ret = -ENOMEM;
+ goto out_fdput;
+ }
+
+ ret = do_uintr_register_sender(uintrfd_ctx->r_info, s_info);
+ if (ret) {
+ kfree(s_info);
+ goto out_fdput;
+ }
+
+ spin_lock_irqsave(&uintrfd_ctx->sender_lock, lock_flags);
+ list_add(&s_info->node, &uintrfd_ctx->sender_list);
+ spin_unlock_irqrestore(&uintrfd_ctx->sender_lock, lock_flags);
+
+ ret = s_info->uitt_index;
+
+out_fdput:
+ pr_debug("send: register sender task=%d flags %d ret(uipi_id)=%d\n",
+ current->pid, flags, ret);
+
+ fdput(f);
+ return ret;
+}
+
+/*
+ * sys_uintr_unregister_sender - Unregister user inter-processor interrupt sender.
+ */
+SYSCALL_DEFINE2(uintr_unregister_sender, int, uintrfd, unsigned int, flags)
+{
+ struct uintr_sender_info *s_info;
+ struct uintrfd_ctx *uintrfd_ctx;
+ struct file *uintr_f;
+ unsigned long lock_flags;
+ struct fd f;
+ int ret;
+
+ if (!uintr_arch_enabled())
+ return -EOPNOTSUPP;
+
+ if (flags)
+ return -EINVAL;
+
+ f = fdget(uintrfd);
+ uintr_f = f.file;
+ if (!uintr_f)
+ return -EBADF;
+
+ if (uintr_f->f_op != &uintrfd_fops) {
+ ret = -EOPNOTSUPP;
+ goto out_fdput;
+ }
+
+ uintrfd_ctx = (struct uintrfd_ctx *)uintr_f->private_data;
+
+ ret = -EINVAL;
+ spin_lock_irqsave(&uintrfd_ctx->sender_lock, lock_flags);
+ list_for_each_entry(s_info, &uintrfd_ctx->sender_list, node) {
+ if (s_info->task == current) {
+ ret = 0;
+ list_del(&s_info->node);
+ do_uintr_unregister_sender(uintrfd_ctx->r_info, s_info);
+ break;
+ }
+ }
+ spin_unlock_irqrestore(&uintrfd_ctx->sender_lock, lock_flags);
+
+ pr_debug("send: unregister sender uintrfd %d for task=%d ret %d\n",
+ uintrfd, current->pid, ret);
+
+out_fdput:
+ fdput(f);
+ return ret;
+}
--
2.33.0
Each receiving task has its own interrupt vector space of 64 vectors.
For each vector registered by a task create a uintr_fd. Only tasks that
have previously registered a user interrupt handler can register a
vector.
The sender for the user interrupt could be another userspace
application, kernel or an external source (like a device). Any sender
that wants to generate a user interrupt needs access to receiver's
vector number and UPID. uintr_fd abstracts that information and allows
a sender with access to uintr_fd to connect and generate a user
interrupt. Upon interrupt delivery, the interrupt handler would be
invoked with the associated vector number pushed onto the stack.
Using an FD abstraction automatically provides a secure mechanism to
connect with a receiver. It also makes the tracking and management of
the interrupt vector resource easier for userspace.
uintr_fd can be useful in some of the usages where eventfd is used for
userspace event notifications. Though uintr_fd is nowhere close to a
drop-in replacement, the semantics are meant to be somewhat similar to
an eventfd or the write end of a pipe.
Access to uintr_fd can be achieved in the following ways:
- direct access if the task is part of the same thread group (process)
- inherited by a child process.
- explicitly shared using any of the FD sharing mechanisms.
If the sender is another userspace task, it can use the uintr_fd to send
user IPIs to the receiver. This works in conjunction with the SENDUIPI
instruction. The details related to this are covered later.
The exact APIs for the sender being a kernel or another external source
are still being worked upon. The general idea is that the receiver would
pass the uintr_fd to the kernel by extending some existing API (like
io_uring).
The vector associated with uintr_fd can be unregistered by closing all
references to the uintr_fd.
Signed-off-by: Sohil Mehta <[email protected]>
---
arch/x86/include/asm/uintr.h | 14 ++++
arch/x86/kernel/uintr_core.c | 129 +++++++++++++++++++++++++++++++++--
arch/x86/kernel/uintr_fd.c | 94 +++++++++++++++++++++++++
3 files changed, 232 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/uintr.h b/arch/x86/include/asm/uintr.h
index cef4dd81d40e..1f00e2a63da4 100644
--- a/arch/x86/include/asm/uintr.h
+++ b/arch/x86/include/asm/uintr.h
@@ -4,9 +4,23 @@
#ifdef CONFIG_X86_USER_INTERRUPTS
+struct uintr_upid_ctx {
+ struct task_struct *task; /* Receiver task */
+ struct uintr_upid *upid;
+ refcount_t refs;
+};
+
+struct uintr_receiver_info {
+ struct uintr_upid_ctx *upid_ctx; /* UPID context */
+ struct callback_head twork; /* Task work head */
+ u64 uvec; /* Vector number */
+};
+
bool uintr_arch_enabled(void);
int do_uintr_register_handler(u64 handler);
int do_uintr_unregister_handler(void);
+int do_uintr_register_vector(struct uintr_receiver_info *r_info);
+void do_uintr_unregister_vector(struct uintr_receiver_info *r_info);
void uintr_free(struct task_struct *task);
diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
index a2a13f890139..9dcb9f60e5bc 100644
--- a/arch/x86/kernel/uintr_core.c
+++ b/arch/x86/kernel/uintr_core.c
@@ -11,6 +11,7 @@
#include <linux/sched.h>
#include <linux/sched/task.h>
#include <linux/slab.h>
+#include <linux/task_work.h>
#include <linux/uaccess.h>
#include <asm/apic.h>
@@ -20,6 +21,8 @@
#include <asm/msr-index.h>
#include <asm/uintr.h>
+#define UINTR_MAX_UVEC_NR 64
+
/* User Posted Interrupt Descriptor (UPID) */
struct uintr_upid {
struct {
@@ -36,13 +39,9 @@ struct uintr_upid {
#define UPID_ON 0x0 /* Outstanding notification */
#define UPID_SN 0x1 /* Suppressed notification */
-struct uintr_upid_ctx {
- struct uintr_upid *upid;
- refcount_t refs;
-};
-
struct uintr_receiver {
struct uintr_upid_ctx *upid_ctx;
+ u64 uvec_mask; /* track active vector per bit */
};
inline bool uintr_arch_enabled(void)
@@ -69,6 +68,7 @@ static inline u32 cpu_to_ndst(int cpu)
static void free_upid(struct uintr_upid_ctx *upid_ctx)
{
+ put_task_struct(upid_ctx->task);
kfree(upid_ctx->upid);
upid_ctx->upid = NULL;
kfree(upid_ctx);
@@ -93,6 +93,7 @@ static struct uintr_upid_ctx *alloc_upid(void)
upid_ctx->upid = upid;
refcount_set(&upid_ctx->refs, 1);
+ upid_ctx->task = get_task_struct(current);
return upid_ctx;
}
@@ -103,6 +104,77 @@ static void put_upid_ref(struct uintr_upid_ctx *upid_ctx)
free_upid(upid_ctx);
}
+static struct uintr_upid_ctx *get_upid_ref(struct uintr_upid_ctx *upid_ctx)
+{
+ refcount_inc(&upid_ctx->refs);
+ return upid_ctx;
+}
+
+static void __clear_vector_from_upid(u64 uvec, struct uintr_upid *upid)
+{
+ clear_bit(uvec, (unsigned long *)&upid->puir);
+}
+
+static void __clear_vector_from_task(u64 uvec)
+{
+ struct task_struct *t = current;
+
+ pr_debug("recv: task=%d free vector %llu\n", t->pid, uvec);
+
+ if (!(BIT_ULL(uvec) & t->thread.ui_recv->uvec_mask))
+ return;
+
+ clear_bit(uvec, (unsigned long *)&t->thread.ui_recv->uvec_mask);
+
+ if (!t->thread.ui_recv->uvec_mask)
+ pr_debug("recv: task=%d unregistered all user vectors\n", t->pid);
+}
+
+/* Callback to clear the vector structures when a vector is unregistered. */
+static void receiver_clear_uvec(struct callback_head *head)
+{
+ struct uintr_receiver_info *r_info;
+ struct uintr_upid_ctx *upid_ctx;
+ struct task_struct *t = current;
+ u64 uvec;
+
+ r_info = container_of(head, struct uintr_receiver_info, twork);
+ uvec = r_info->uvec;
+ upid_ctx = r_info->upid_ctx;
+
+ /*
+ * If a task has unregistered the interrupt handler the vector
+ * structures would have already been cleared.
+ */
+ if (is_uintr_receiver(t)) {
+ /*
+ * The UPID context in the callback might differ from the one
+ * on the task if the task unregistered its interrupt handler
+ * and then registered itself again. The vector structures
+ * related to the previous UPID would have already been cleared
+ * in that case.
+ */
+ if (t->thread.ui_recv->upid_ctx != upid_ctx) {
+ pr_debug("recv: task %d is now using a different UPID\n",
+ t->pid);
+ goto out_free;
+ }
+
+ /*
+ * If the vector has been recognized in the UIRR don't modify
+ * it. We need to disable User Interrupts before modifying the
+ * UIRR. It might be better to just let that interrupt get
+ * delivered.
+ */
+ __clear_vector_from_upid(uvec, upid_ctx->upid);
+ __clear_vector_from_task(uvec);
+ }
+
+out_free:
+ put_upid_ref(upid_ctx);
+ kfree(r_info);
+}
+
int do_uintr_unregister_handler(void)
{
struct task_struct *t = current;
@@ -239,6 +311,53 @@ int do_uintr_register_handler(u64 handler)
return 0;
}
+void do_uintr_unregister_vector(struct uintr_receiver_info *r_info)
+{
+ int ret;
+
+ pr_debug("recv: Adding task work to clear vector %llu added for task=%d\n",
+ r_info->uvec, r_info->upid_ctx->task->pid);
+
+ init_task_work(&r_info->twork, receiver_clear_uvec);
+ ret = task_work_add(r_info->upid_ctx->task, &r_info->twork, true);
+ if (ret) {
+ pr_debug("recv: Clear vector task=%d has already exited\n",
+ r_info->upid_ctx->task->pid);
+ put_upid_ref(r_info->upid_ctx);
+ kfree(r_info);
+ return;
+ }
+}
+
+int do_uintr_register_vector(struct uintr_receiver_info *r_info)
+{
+ struct uintr_receiver *ui_recv;
+ struct task_struct *t = current;
+
+ /*
+ * A vector should only be registered by a task that
+ * has an interrupt handler registered.
+ */
+ if (!is_uintr_receiver(t))
+ return -EINVAL;
+
+ if (r_info->uvec >= UINTR_MAX_UVEC_NR)
+ return -ENOSPC;
+
+ ui_recv = t->thread.ui_recv;
+
+ if (ui_recv->uvec_mask & BIT_ULL(r_info->uvec))
+ return -EBUSY;
+
+ ui_recv->uvec_mask |= BIT_ULL(r_info->uvec);
+ pr_debug("recv: task %d new uvec=%llu, new mask %llx\n",
+ t->pid, r_info->uvec, ui_recv->uvec_mask);
+
+ r_info->upid_ctx = get_upid_ref(ui_recv->upid_ctx);
+
+ return 0;
+}
+
/* Suppress notifications since this task is being context switched out */
void switch_uintr_prepare(struct task_struct *prev)
{
diff --git a/arch/x86/kernel/uintr_fd.c b/arch/x86/kernel/uintr_fd.c
index a1a9c105fdab..f0548bbac776 100644
--- a/arch/x86/kernel/uintr_fd.c
+++ b/arch/x86/kernel/uintr_fd.c
@@ -6,11 +6,105 @@
*/
#define pr_fmt(fmt) "uintr: " fmt
+#include <linux/anon_inodes.h>
+#include <linux/fdtable.h>
#include <linux/sched.h>
#include <linux/syscalls.h>
#include <asm/uintr.h>
+struct uintrfd_ctx {
+ struct uintr_receiver_info *r_info;
+};
+
+#ifdef CONFIG_PROC_FS
+static void uintrfd_show_fdinfo(struct seq_file *m, struct file *file)
+{
+ struct uintrfd_ctx *uintrfd_ctx = file->private_data;
+
+ /* Check: Should we print the receiver and sender info here? */
+ seq_printf(m, "user_vector:%llu\n", uintrfd_ctx->r_info->uvec);
+}
+#endif
+
+static int uintrfd_release(struct inode *inode, struct file *file)
+{
+ struct uintrfd_ctx *uintrfd_ctx = file->private_data;
+
+ pr_debug("recv: Release uintrfd for r_task %d uvec %llu\n",
+ uintrfd_ctx->r_info->upid_ctx->task->pid,
+ uintrfd_ctx->r_info->uvec);
+
+ do_uintr_unregister_vector(uintrfd_ctx->r_info);
+ kfree(uintrfd_ctx);
+
+ return 0;
+}
+
+static const struct file_operations uintrfd_fops = {
+#ifdef CONFIG_PROC_FS
+ .show_fdinfo = uintrfd_show_fdinfo,
+#endif
+ .release = uintrfd_release,
+ .llseek = noop_llseek,
+};
+
+/*
+ * sys_uintr_create_fd - Create a uintr_fd for the registered interrupt vector.
+ */
+SYSCALL_DEFINE2(uintr_create_fd, u64, vector, unsigned int, flags)
+{
+ struct uintrfd_ctx *uintrfd_ctx;
+ int uintrfd;
+ int ret;
+
+ if (!uintr_arch_enabled())
+ return -EOPNOTSUPP;
+
+ if (flags)
+ return -EINVAL;
+
+ uintrfd_ctx = kzalloc(sizeof(*uintrfd_ctx), GFP_KERNEL);
+ if (!uintrfd_ctx)
+ return -ENOMEM;
+
+ uintrfd_ctx->r_info = kzalloc(sizeof(*uintrfd_ctx->r_info), GFP_KERNEL);
+ if (!uintrfd_ctx->r_info) {
+ ret = -ENOMEM;
+ goto out_free_ctx;
+ }
+
+ uintrfd_ctx->r_info->uvec = vector;
+ ret = do_uintr_register_vector(uintrfd_ctx->r_info);
+ if (ret) {
+ kfree(uintrfd_ctx->r_info);
+ goto out_free_ctx;
+ }
+
+ /* TODO: Get user input for flags - UFD_CLOEXEC */
+ /* Check: Do we need O_NONBLOCK? */
+ uintrfd = anon_inode_getfd("[uintrfd]", &uintrfd_fops, uintrfd_ctx,
+ O_RDONLY | O_CLOEXEC | O_NONBLOCK);
+
+ if (uintrfd < 0) {
+ ret = uintrfd;
+ goto out_free_uvec;
+ }
+
+ pr_debug("recv: Alloc vector success uintrfd %d uvec %llu for task=%d\n",
+ uintrfd, uintrfd_ctx->r_info->uvec, current->pid);
+
+ return uintrfd;
+
+out_free_uvec:
+ do_uintr_unregister_vector(uintrfd_ctx->r_info);
+out_free_ctx:
+ kfree(uintrfd_ctx);
+ pr_debug("recv: Alloc vector failed for task=%d ret %d\n",
+ current->pid, ret);
+ return ret;
+}
+
/*
* sys_uintr_register_handler - setup user interrupt handler for receiver.
*/
--
2.33.0
Wire up the user interrupt receiver and sender related syscalls for
x86_64.
For rest of the architectures the syscalls are not implemented.
<TODO: Reserve the syscall numbers for other architectures>
Signed-off-by: Sohil Mehta <[email protected]>
---
arch/x86/entry/syscalls/syscall_32.tbl | 6 ++++++
arch/x86/entry/syscalls/syscall_64.tbl | 6 ++++++
include/linux/syscalls.h | 8 ++++++++
include/uapi/asm-generic/unistd.h | 15 ++++++++++++++-
kernel/sys_ni.c | 8 ++++++++
scripts/checksyscalls.sh | 6 ++++++
6 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
index 960a021d543e..d0e97f1f1173 100644
--- a/arch/x86/entry/syscalls/syscall_32.tbl
+++ b/arch/x86/entry/syscalls/syscall_32.tbl
@@ -453,3 +453,9 @@
446 i386 landlock_restrict_self sys_landlock_restrict_self
447 i386 memfd_secret sys_memfd_secret
448 i386 process_mrelease sys_process_mrelease
+449 i386 uintr_register_handler sys_uintr_register_handler
+450 i386 uintr_unregister_handler sys_uintr_unregister_handler
+451 i386 uintr_create_fd sys_uintr_create_fd
+452 i386 uintr_register_sender sys_uintr_register_sender
+453 i386 uintr_unregister_sender sys_uintr_unregister_sender
+454 i386 uintr_wait sys_uintr_wait
diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
index 18b5500ea8bf..444af44e5947 100644
--- a/arch/x86/entry/syscalls/syscall_64.tbl
+++ b/arch/x86/entry/syscalls/syscall_64.tbl
@@ -370,6 +370,12 @@
446 common landlock_restrict_self sys_landlock_restrict_self
447 common memfd_secret sys_memfd_secret
448 common process_mrelease sys_process_mrelease
+449 common uintr_register_handler sys_uintr_register_handler
+450 common uintr_unregister_handler sys_uintr_unregister_handler
+451 common uintr_create_fd sys_uintr_create_fd
+452 common uintr_register_sender sys_uintr_register_sender
+453 common uintr_unregister_sender sys_uintr_unregister_sender
+454 common uintr_wait sys_uintr_wait
#
# Due to a historical design error, certain syscalls are numbered differently
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 252243c7783d..f47f64c36d87 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -1060,6 +1060,14 @@ asmlinkage long sys_memfd_secret(unsigned int flags);
/* arch/x86/kernel/ioport.c */
asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int on);
+/* arch/x86/kernel/uintr_fd.c */
+asmlinkage long sys_uintr_register_handler(u64 __user *handler, unsigned int flags);
+asmlinkage long sys_uintr_unregister_handler(unsigned int flags);
+asmlinkage long sys_uintr_create_fd(u64 vector, unsigned int flags);
+asmlinkage long sys_uintr_register_sender(int uintr_fd, unsigned int flags);
+asmlinkage long sys_uintr_unregister_sender(int uintr_fd, unsigned int flags);
+asmlinkage long sys_uintr_wait(unsigned int flags);
+
/* pciconfig: alpha, arm, arm64, ia64, sparc */
asmlinkage long sys_pciconfig_read(unsigned long bus, unsigned long dfn,
unsigned long off, unsigned long len,
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
index 1c5fb86d455a..b9a8b344270a 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
@@ -880,8 +880,21 @@ __SYSCALL(__NR_memfd_secret, sys_memfd_secret)
#define __NR_process_mrelease 448
__SYSCALL(__NR_process_mrelease, sys_process_mrelease)
+#define __NR_uintr_register_handler 449
+__SYSCALL(__NR_uintr_register_handler, sys_uintr_register_handler)
+#define __NR_uintr_unregister_handler 450
+__SYSCALL(__NR_uintr_unregister_handler, sys_uintr_unregister_handler)
+#define __NR_uintr_create_fd 451
+__SYSCALL(__NR_uintr_create_fd, sys_uintr_create_fd)
+#define __NR_uintr_register_sender 452
+__SYSCALL(__NR_uintr_register_sender, sys_uintr_register_sender)
+#define __NR_uintr_unregister_sender 453
+__SYSCALL(__NR_uintr_unregister_sender, sys_uintr_unregister_sender)
+#define __NR_uintr_wait 454
+__SYSCALL(__NR_uintr_wait, sys_uintr_wait)
+
#undef __NR_syscalls
-#define __NR_syscalls 449
+#define __NR_syscalls 455
/*
* 32 bit systems traditionally used different
diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
index f43d89d92860..5d8b92ac197b 100644
--- a/kernel/sys_ni.c
+++ b/kernel/sys_ni.c
@@ -357,6 +357,14 @@ COND_SYSCALL(pkey_free);
/* memfd_secret */
COND_SYSCALL(memfd_secret);
+/* user interrupts */
+COND_SYSCALL(uintr_register_handler);
+COND_SYSCALL(uintr_unregister_handler);
+COND_SYSCALL(uintr_create_fd);
+COND_SYSCALL(uintr_register_sender);
+COND_SYSCALL(uintr_unregister_sender);
+COND_SYSCALL(uintr_wait);
+
/*
* Architecture specific weak syscall entries.
*/
diff --git a/scripts/checksyscalls.sh b/scripts/checksyscalls.sh
index fd9777f63f14..0969580d829c 100755
--- a/scripts/checksyscalls.sh
+++ b/scripts/checksyscalls.sh
@@ -204,6 +204,12 @@ cat << EOF
#define __IGNORE__sysctl
#define __IGNORE_arch_prctl
#define __IGNORE_nfsservctl
+#define __IGNORE_uintr_register_handler
+#define __IGNORE_uintr_unregister_handler
+#define __IGNORE_uintr_create_fd
+#define __IGNORE_uintr_register_sender
+#define __IGNORE_uintr_unregister_sender
+#define __IGNORE_uintr_wait
/* ... including the "new" 32-bit uid syscalls */
#define __IGNORE_lchown32
--
2.33.0
Enable xstate supervisor support for User Interrupts by default.
The user interrupt state for a task consists of the MSR state and the
User Interrupt Flag (UIF) value. XSAVES and XRSTORS handle saving and
restoring both of these states.
<The supervisor XSTATE code might be reworked based on issues reported
in the past. The Uintr context switching code would also need rework and
additional testing in that regard.>
Signed-off-by: Sohil Mehta <[email protected]>
---
arch/x86/include/asm/fpu/types.h | 20 +++++++++++++++++++-
arch/x86/include/asm/fpu/xstate.h | 3 ++-
arch/x86/kernel/cpu/common.c | 6 ++++++
arch/x86/kernel/fpu/xstate.c | 20 +++++++++++++++++---
4 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h
index f5a38a5f3ae1..b614f1416bea 100644
--- a/arch/x86/include/asm/fpu/types.h
+++ b/arch/x86/include/asm/fpu/types.h
@@ -118,7 +118,7 @@ enum xfeature {
XFEATURE_RSRVD_COMP_11,
XFEATURE_RSRVD_COMP_12,
XFEATURE_RSRVD_COMP_13,
- XFEATURE_RSRVD_COMP_14,
+ XFEATURE_UINTR,
XFEATURE_LBR,
XFEATURE_MAX,
@@ -135,6 +135,7 @@ enum xfeature {
#define XFEATURE_MASK_PT (1 << XFEATURE_PT_UNIMPLEMENTED_SO_FAR)
#define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU)
#define XFEATURE_MASK_PASID (1 << XFEATURE_PASID)
+#define XFEATURE_MASK_UINTR (1 << XFEATURE_UINTR)
#define XFEATURE_MASK_LBR (1 << XFEATURE_LBR)
#define XFEATURE_MASK_FPSSE (XFEATURE_MASK_FP | XFEATURE_MASK_SSE)
@@ -237,6 +238,23 @@ struct pkru_state {
u32 pad;
} __packed;
+/*
+ * State component 14 is supervisor state used for User Interrupts state.
+ * The size of this state is 48 bytes
+ */
+struct uintr_state {
+ u64 handler;
+ u64 stack_adjust;
+ u32 uitt_size;
+ u8 uinv;
+ u8 pad1;
+ u8 pad2;
+ u8 uif_pad3; /* bit 7 - UIF, bits 6:0 - reserved */
+ u64 upid_addr;
+ u64 uirr;
+ u64 uitt_addr;
+} __packed;
+
/*
* State component 15: Architectural LBR configuration state.
* The size of Arch LBR state depends on the number of LBRs (lbr_depth).
diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h
index 109dfcc75299..4dd4e83c0c9d 100644
--- a/arch/x86/include/asm/fpu/xstate.h
+++ b/arch/x86/include/asm/fpu/xstate.h
@@ -44,7 +44,8 @@
(XFEATURE_MASK_USER_SUPPORTED & ~XFEATURE_MASK_PKRU)
/* All currently supported supervisor features */
-#define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID)
+#define XFEATURE_MASK_SUPERVISOR_SUPPORTED (XFEATURE_MASK_PASID | \
+ XFEATURE_MASK_UINTR)
/*
* A supervisor state component may not always contain valuable information,
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 55fee930b6d1..3a0a3f5cfe0f 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -334,6 +334,12 @@ static __always_inline void setup_uintr(struct cpuinfo_x86 *c)
if (!cpu_has(c, X86_FEATURE_UINTR))
goto disable_uintr;
+ /* Confirm XSAVE support for UINTR is present. */
+ if (!cpu_has_xfeatures(XFEATURE_MASK_UINTR, NULL)) {
+ pr_info_once("x86: User Interrupts (UINTR) not enabled. XSAVE support for UINTR is missing.\n");
+ goto clear_uintr_cap;
+ }
+
/*
* User Interrupts currently doesn't support PTI. For processors that
* support User interrupts PTI in auto mode will default to off. Need
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index c8def1b7f8fb..ab19403effb0 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -38,6 +38,10 @@ static const char *xfeature_names[] =
"Processor Trace (unused)" ,
"Protection Keys User registers",
"PASID state",
+ "unknown xstate feature 11",
+ "unknown xstate feature 12",
+ "unknown xstate feature 13",
+ "User Interrupts registers",
"unknown xstate feature" ,
};
@@ -53,6 +57,10 @@ static short xsave_cpuid_features[] __initdata = {
X86_FEATURE_INTEL_PT,
X86_FEATURE_PKU,
X86_FEATURE_ENQCMD,
+ -1, /* Unknown 11 */
+ -1, /* Unknown 12 */
+ -1, /* Unknown 13 */
+ X86_FEATURE_UINTR,
};
/*
@@ -236,6 +244,7 @@ static void __init print_xstate_features(void)
print_xstate_feature(XFEATURE_MASK_Hi16_ZMM);
print_xstate_feature(XFEATURE_MASK_PKRU);
print_xstate_feature(XFEATURE_MASK_PASID);
+ print_xstate_feature(XFEATURE_MASK_UINTR);
}
/*
@@ -372,7 +381,8 @@ static void __init print_xstate_offset_size(void)
XFEATURE_MASK_PKRU | \
XFEATURE_MASK_BNDREGS | \
XFEATURE_MASK_BNDCSR | \
- XFEATURE_MASK_PASID)
+ XFEATURE_MASK_PASID | \
+ XFEATURE_MASK_UINTR)
/*
* setup the xstate image representing the init state
@@ -532,6 +542,7 @@ static void check_xstate_against_struct(int nr)
XCHECK_SZ(sz, nr, XFEATURE_Hi16_ZMM, struct avx_512_hi16_state);
XCHECK_SZ(sz, nr, XFEATURE_PKRU, struct pkru_state);
XCHECK_SZ(sz, nr, XFEATURE_PASID, struct ia32_pasid_state);
+ XCHECK_SZ(sz, nr, XFEATURE_UINTR, struct uintr_state);
/*
* Make *SURE* to add any feature numbers in below if
@@ -539,9 +550,12 @@ static void check_xstate_against_struct(int nr)
* numbers.
*/
if ((nr < XFEATURE_YMM) ||
- (nr >= XFEATURE_MAX) ||
(nr == XFEATURE_PT_UNIMPLEMENTED_SO_FAR) ||
- ((nr >= XFEATURE_RSRVD_COMP_11) && (nr <= XFEATURE_LBR))) {
+ (nr == XFEATURE_RSRVD_COMP_11) ||
+ (nr == XFEATURE_RSRVD_COMP_12) ||
+ (nr == XFEATURE_RSRVD_COMP_13) ||
+ (nr == XFEATURE_LBR) ||
+ (nr >= XFEATURE_MAX)) {
WARN_ONCE(1, "no structure for xstate: %d\n", nr);
XSTATE_WARN_ON(1);
}
--
2.33.0
User interrupt state is saved and restored using xstate supervisor
feature support. This includes the MSR state and the User Interrupt Flag
(UIF) value.
During context switch update the UPID for a uintr task to reflect the
current state of the task; namely whether the task should receive
interrupt notifications and which cpu the task is currently running on.
XSAVES clears the notification vector (UINV) in the MISC MSR to prevent
interrupts from being recognized in the UIRR MSR while the task is being
context switched. The UINV is restored back when the kernel does an
XRSTORS.
However, this conflicts with the kernel's lazy restore optimization
which skips an XRSTORS if the kernel is scheduling the same user task
back and the underlying MSR state hasn't been modified. Special handling
is needed for a uintr task in the context switch path to keep using this
optimization.
Signed-off-by: Jacob Pan <[email protected]>
Signed-off-by: Sohil Mehta <[email protected]>
---
arch/x86/include/asm/entry-common.h | 4 ++
arch/x86/include/asm/uintr.h | 9 ++++
arch/x86/kernel/fpu/core.c | 8 +++
arch/x86/kernel/process_64.c | 4 ++
arch/x86/kernel/uintr_core.c | 75 +++++++++++++++++++++++++++++
5 files changed, 100 insertions(+)
diff --git a/arch/x86/include/asm/entry-common.h b/arch/x86/include/asm/entry-common.h
index 14ebd2196569..4e6c4d0912a5 100644
--- a/arch/x86/include/asm/entry-common.h
+++ b/arch/x86/include/asm/entry-common.h
@@ -8,6 +8,7 @@
#include <asm/nospec-branch.h>
#include <asm/io_bitmap.h>
#include <asm/fpu/api.h>
+#include <asm/uintr.h>
/* Check that the stack and regs on entry from user mode are sane. */
static __always_inline void arch_check_user_regs(struct pt_regs *regs)
@@ -57,6 +58,9 @@ static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs,
if (unlikely(ti_work & _TIF_NEED_FPU_LOAD))
switch_fpu_return();
+ if (static_cpu_has(X86_FEATURE_UINTR))
+ switch_uintr_return();
+
#ifdef CONFIG_COMPAT
/*
* Compat syscalls set TS_COMPAT. Make sure we clear it before
diff --git a/arch/x86/include/asm/uintr.h b/arch/x86/include/asm/uintr.h
index 4f35bd8bd4e0..f7ccb67014b8 100644
--- a/arch/x86/include/asm/uintr.h
+++ b/arch/x86/include/asm/uintr.h
@@ -8,6 +8,15 @@ bool uintr_arch_enabled(void);
int do_uintr_register_handler(u64 handler);
int do_uintr_unregister_handler(void);
+/* TODO: Inline the context switch related functions */
+void switch_uintr_prepare(struct task_struct *prev);
+void switch_uintr_return(void);
+
+#else /* !CONFIG_X86_USER_INTERRUPTS */
+
+static inline void switch_uintr_prepare(struct task_struct *prev) {}
+static inline void switch_uintr_return(void) {}
+
#endif /* CONFIG_X86_USER_INTERRUPTS */
#endif /* _ASM_X86_UINTR_H */
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 7ada7bd03a32..e30588bf7ce9 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -95,6 +95,14 @@ EXPORT_SYMBOL(irq_fpu_usable);
* over the place.
*
* FXSAVE and all XSAVE variants preserve the FPU register state.
+ *
+ * When XSAVES is called with XFEATURE_UINTR enabled it
+ * saves the FPU state and clears the interrupt notification
+ * vector byte of the MISC_MSR [bits 39:32]. This is required
+ * to stop detecting additional User Interrupts after we
+ * have saved the FPU state. Before going back to userspace
+ * we would correct this and only program the byte that was
+ * cleared.
*/
void save_fpregs_to_fpstate(struct fpu *fpu)
{
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index ec0d836a13b1..62b82137db9c 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -53,6 +53,7 @@
#include <asm/xen/hypervisor.h>
#include <asm/vdso.h>
#include <asm/resctrl.h>
+#include <asm/uintr.h>
#include <asm/unistd.h>
#include <asm/fsgsbase.h>
#ifdef CONFIG_IA32_EMULATION
@@ -565,6 +566,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
WARN_ON_ONCE(IS_ENABLED(CONFIG_DEBUG_ENTRY) &&
this_cpu_read(hardirq_stack_inuse));
+ if (static_cpu_has(X86_FEATURE_UINTR))
+ switch_uintr_prepare(prev_p);
+
if (!test_thread_flag(TIF_NEED_FPU_LOAD))
switch_fpu_prepare(prev_fpu, cpu);
diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
index 2c6042a6840a..7a29888050ad 100644
--- a/arch/x86/kernel/uintr_core.c
+++ b/arch/x86/kernel/uintr_core.c
@@ -238,3 +238,78 @@ int do_uintr_register_handler(u64 handler)
return 0;
}
+
+/* Suppress notifications since this task is being context switched out */
+void switch_uintr_prepare(struct task_struct *prev)
+{
+ struct uintr_upid *upid;
+
+ if (is_uintr_receiver(prev)) {
+ upid = prev->thread.ui_recv->upid_ctx->upid;
+ set_bit(UPID_SN, (unsigned long *)&upid->nc.status);
+ }
+}
+
+/*
+ * Do this right before we are going back to userspace after the FPU has been
+ * reloaded i.e. TIF_NEED_FPU_LOAD is clear.
+ * Called from arch_exit_to_user_mode_prepare() with interrupts disabled.
+ */
+void switch_uintr_return(void)
+{
+ struct uintr_upid *upid;
+ u64 misc_msr;
+
+ if (is_uintr_receiver(current)) {
+ /*
+ * The XSAVES instruction clears the UINTR notification
+ * vector(UINV) in the UINT_MISC MSR when user context gets
+ * saved. Before going back to userspace we need to restore the
+ * notification vector. XRSTORS would automatically restore the
+ * notification but we can't be sure that XRSTORS will always
+ * be called when going back to userspace. Also if XSAVES gets
+ * called twice the UINV stored in the Xstate buffer will be
+ * overwritten. Threfore, before going back to userspace we
+ * always check if the UINV is set and reprogram if needed.
+ *
+ * Alternatively, we could combine this with
+ * switch_fpu_return() and program the MSR whenever we are
+ * skipping the XRSTORS. We need special precaution to make
+ * sure the UINV value in the XSTATE buffer doesn't get
+ * overwritten by calling XSAVES twice.
+ */
+ WARN_ON_ONCE(test_thread_flag(TIF_NEED_FPU_LOAD));
+
+ /* Modify only the relevant bits of the MISC MSR */
+ rdmsrl(MSR_IA32_UINTR_MISC, misc_msr);
+ if (!(misc_msr & GENMASK_ULL(39, 32))) {
+ misc_msr |= (u64)UINTR_NOTIFICATION_VECTOR << 32;
+ wrmsrl(MSR_IA32_UINTR_MISC, misc_msr);
+ }
+
+ /*
+ * It is necessary to clear the SN bit after we set UINV and
+ * NDST to avoid incorrect interrupt routing.
+ */
+ upid = current->thread.ui_recv->upid_ctx->upid;
+ upid->nc.ndst = cpu_to_ndst(smp_processor_id());
+ clear_bit(UPID_SN, (unsigned long *)&upid->nc.status);
+
+ /*
+ * Interrupts might have accumulated in the UPID while the
+ * thread was preempted. In this case invoke the hardware
+ * detection sequence manually by sending a self IPI with UINV.
+ * Since UINV is set and SN is cleared, any new UINTR
+ * notifications due to the self IPI or otherwise would result
+ * in the hardware updating the UIRR directly.
+ * No real interrupt would be generated as a result of this.
+ *
+ * The alternative is to atomically read and clear the UPID and
+ * program the UIRR. In that case the kernel would need to
+ * carefully manage the race with the hardware if the UPID gets
+ * updated after the read.
+ */
+ if (READ_ONCE(upid->puir))
+ apic->send_IPI_self(UINTR_NOTIFICATION_VECTOR);
+ }
+}
--
2.33.0
The user interrupt MSRs and the user interrupt state is task specific.
During task fork and exit clear the task state, clear the MSRs and
dereference the shared resources.
Some of the memory resources like the UPID are referenced in the file
descriptor and could be in use while the uintr_fd is still valid.
Instead of freeing up the UPID just dereference it. Eventually when
every user releases the reference the memory resource will be freed up.
Signed-off-by: Jacob Pan <[email protected]>
Signed-off-by: Sohil Mehta <[email protected]>
---
arch/x86/include/asm/uintr.h | 3 ++
arch/x86/kernel/fpu/core.c | 9 ++++++
arch/x86/kernel/process.c | 9 ++++++
arch/x86/kernel/uintr_core.c | 55 ++++++++++++++++++++++++++++++++++++
4 files changed, 76 insertions(+)
diff --git a/arch/x86/include/asm/uintr.h b/arch/x86/include/asm/uintr.h
index f7ccb67014b8..cef4dd81d40e 100644
--- a/arch/x86/include/asm/uintr.h
+++ b/arch/x86/include/asm/uintr.h
@@ -8,12 +8,15 @@ bool uintr_arch_enabled(void);
int do_uintr_register_handler(u64 handler);
int do_uintr_unregister_handler(void);
+void uintr_free(struct task_struct *task);
+
/* TODO: Inline the context switch related functions */
void switch_uintr_prepare(struct task_struct *prev);
void switch_uintr_return(void);
#else /* !CONFIG_X86_USER_INTERRUPTS */
+static inline void uintr_free(struct task_struct *task) {}
static inline void switch_uintr_prepare(struct task_struct *prev) {}
static inline void switch_uintr_return(void) {}
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index e30588bf7ce9..c0a54f7aaa2a 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -260,6 +260,7 @@ int fpu_clone(struct task_struct *dst)
{
struct fpu *src_fpu = ¤t->thread.fpu;
struct fpu *dst_fpu = &dst->thread.fpu;
+ struct uintr_state *uintr_state;
/* The new task's FPU state cannot be valid in the hardware. */
dst_fpu->last_cpu = -1;
@@ -284,6 +285,14 @@ int fpu_clone(struct task_struct *dst)
else
save_fpregs_to_fpstate(dst_fpu);
+
+ /* UINTR state is not expected to be inherited (in the current design). */
+ if (static_cpu_has(X86_FEATURE_UINTR)) {
+ uintr_state = get_xsave_addr(&dst_fpu->state.xsave, XFEATURE_UINTR);
+ if (uintr_state)
+ memset(uintr_state, 0, sizeof(*uintr_state));
+ }
+
fpregs_unlock();
set_tsk_thread_flag(dst, TIF_NEED_FPU_LOAD);
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 1d9463e3096b..83677f76bd7b 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -26,6 +26,7 @@
#include <linux/elf-randomize.h>
#include <trace/events/power.h>
#include <linux/hw_breakpoint.h>
+#include <asm/uintr.h>
#include <asm/cpu.h>
#include <asm/apic.h>
#include <linux/uaccess.h>
@@ -87,6 +88,12 @@ int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
#ifdef CONFIG_VM86
dst->thread.vm86 = NULL;
#endif
+
+#ifdef CONFIG_X86_USER_INTERRUPTS
+ /* User Interrupt state is unique for each task */
+ dst->thread.ui_recv = NULL;
+#endif
+
return fpu_clone(dst);
}
@@ -103,6 +110,8 @@ void exit_thread(struct task_struct *tsk)
free_vm86(t);
+ uintr_free(tsk);
+
fpu__drop(fpu);
}
diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
index 7a29888050ad..a2a13f890139 100644
--- a/arch/x86/kernel/uintr_core.c
+++ b/arch/x86/kernel/uintr_core.c
@@ -313,3 +313,58 @@ void switch_uintr_return(void)
apic->send_IPI_self(UINTR_NOTIFICATION_VECTOR);
}
}
+
+/*
+ * This should only be called from exit_thread().
+ * exit_thread() can happen in current context when the current thread is
+ * exiting or it can happen for a new thread that is being created.
+ * For new threads is_uintr_receiver() should fail.
+ */
+void uintr_free(struct task_struct *t)
+{
+ struct uintr_receiver *ui_recv;
+ struct fpu *fpu;
+
+ if (!static_cpu_has(X86_FEATURE_UINTR) || !is_uintr_receiver(t))
+ return;
+
+ if (WARN_ON_ONCE(t != current))
+ return;
+
+ fpu = &t->thread.fpu;
+
+ fpregs_lock();
+
+ if (fpregs_state_valid(fpu, smp_processor_id())) {
+ wrmsrl(MSR_IA32_UINTR_MISC, 0ULL);
+ wrmsrl(MSR_IA32_UINTR_PD, 0ULL);
+ wrmsrl(MSR_IA32_UINTR_RR, 0ULL);
+ wrmsrl(MSR_IA32_UINTR_STACKADJUST, 0ULL);
+ wrmsrl(MSR_IA32_UINTR_HANDLER, 0ULL);
+ } else {
+ struct uintr_state *p;
+
+ p = get_xsave_addr(&fpu->state.xsave, XFEATURE_UINTR);
+ if (p) {
+ p->handler = 0;
+ p->uirr = 0;
+ p->upid_addr = 0;
+ p->stack_adjust = 0;
+ p->uinv = 0;
+ }
+ }
+
+ /* Check: Can a thread be context switched while it is exiting? */
+ ui_recv = t->thread.ui_recv;
+
+ /*
+ * Suppress notifications so that no further interrupts are
+ * generated based on this UPID.
+ */
+ set_bit(UPID_SN, (unsigned long *)&ui_recv->upid_ctx->upid->nc.status);
+ put_upid_ref(ui_recv->upid_ctx);
+ kfree(ui_recv);
+ t->thread.ui_recv = NULL;
+
+ fpregs_unlock();
+}
--
2.33.0
On 9/13/21 1:01 PM, Sohil Mehta wrote:
> User Interrupts (Uintr) is a hardware technology that enables delivering
> interrupts directly to user space.
Your problem in all of this is going to be convincing folks that this is
a problem worth solving. I'd start this off with something
attention-grabbing.
Two things. Good, snazzy writing doesn't repeat words. You repeated
"interrupt" twice in that first sentence. It also doesn't get my
attention. Here's a more concise way of saying it, and also adding
something to get the reader's attention:
User Interrupts directly deliver events to user space and are
10x faster than the closest alternative.
Add a new system call to allow applications to block in the kernel and
wait for user interrupts.
<The current implementation doesn't support waking up from other
blocking system calls like sleep(), read(), epoll(), etc.
uintr_wait() is a placeholder syscall while we decide on that
behaviour.>
When the application makes this syscall the notification vector is
switched to a new kernel vector. Any new SENDUIPI will invoke the kernel
interrupt which is then used to wake up the process.
Currently, the task wait list is global one. To make the implementation
scalable there is a need to move to a distributed per-cpu wait list.
Signed-off-by: Sohil Mehta <[email protected]>
---
arch/x86/include/asm/hardirq.h | 1 +
arch/x86/include/asm/idtentry.h | 1 +
arch/x86/include/asm/irq_vectors.h | 3 +-
arch/x86/include/asm/uintr.h | 22 +++++++
arch/x86/kernel/idt.c | 1 +
arch/x86/kernel/irq.c | 18 ++++++
arch/x86/kernel/uintr_core.c | 94 ++++++++++++++++++++++++------
arch/x86/kernel/uintr_fd.c | 15 +++++
8 files changed, 136 insertions(+), 19 deletions(-)
diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h
index 279afc01f1ac..a4623fdb65a1 100644
--- a/arch/x86/include/asm/hardirq.h
+++ b/arch/x86/include/asm/hardirq.h
@@ -22,6 +22,7 @@ typedef struct {
#endif
#ifdef CONFIG_X86_USER_INTERRUPTS
unsigned int uintr_spurious_count;
+ unsigned int uintr_kernel_notifications;
#endif
unsigned int x86_platform_ipis; /* arch dependent */
unsigned int apic_perf_irqs;
diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
index 5929a6f9eeee..0ac7ef592283 100644
--- a/arch/x86/include/asm/idtentry.h
+++ b/arch/x86/include/asm/idtentry.h
@@ -673,6 +673,7 @@ DECLARE_IDTENTRY_SYSVEC(POSTED_INTR_NESTED_VECTOR, sysvec_kvm_posted_intr_nested
#ifdef CONFIG_X86_USER_INTERRUPTS
DECLARE_IDTENTRY_SYSVEC(UINTR_NOTIFICATION_VECTOR, sysvec_uintr_spurious_interrupt);
+DECLARE_IDTENTRY_SYSVEC(UINTR_KERNEL_VECTOR, sysvec_uintr_kernel_notification);
#endif
#if IS_ENABLED(CONFIG_HYPERV)
diff --git a/arch/x86/include/asm/irq_vectors.h b/arch/x86/include/asm/irq_vectors.h
index d26faa504931..1d289b3ee0da 100644
--- a/arch/x86/include/asm/irq_vectors.h
+++ b/arch/x86/include/asm/irq_vectors.h
@@ -106,8 +106,9 @@
/* Vector for User interrupt notifications */
#define UINTR_NOTIFICATION_VECTOR 0xec
+#define UINTR_KERNEL_VECTOR 0xeb
-#define LOCAL_TIMER_VECTOR 0xeb
+#define LOCAL_TIMER_VECTOR 0xea
#define NR_VECTORS 256
diff --git a/arch/x86/include/asm/uintr.h b/arch/x86/include/asm/uintr.h
index ef3521dd7fb9..64113ef523ca 100644
--- a/arch/x86/include/asm/uintr.h
+++ b/arch/x86/include/asm/uintr.h
@@ -4,11 +4,29 @@
#ifdef CONFIG_X86_USER_INTERRUPTS
+/* User Posted Interrupt Descriptor (UPID) */
+struct uintr_upid {
+ struct {
+ u8 status; /* bit 0: ON, bit 1: SN, bit 2-7: reserved */
+ u8 reserved1; /* Reserved */
+ u8 nv; /* Notification vector */
+ u8 reserved2; /* Reserved */
+ u32 ndst; /* Notification destination */
+ } nc __packed; /* Notification control */
+ u64 puir; /* Posted user interrupt requests */
+} __aligned(64);
+
+/* UPID Notification control status */
+#define UPID_ON 0x0 /* Outstanding notification */
+#define UPID_SN 0x1 /* Suppressed notification */
+
struct uintr_upid_ctx {
+ struct list_head node;
struct task_struct *task; /* Receiver task */
struct uintr_upid *upid;
refcount_t refs;
bool receiver_active; /* Flag for UPID being mapped to a receiver */
+ bool waiting;
};
struct uintr_receiver_info {
@@ -43,11 +61,15 @@ void uintr_free(struct task_struct *task);
void switch_uintr_prepare(struct task_struct *prev);
void switch_uintr_return(void);
+int uintr_receiver_wait(void);
+void uintr_wake_up_process(void);
+
#else /* !CONFIG_X86_USER_INTERRUPTS */
static inline void uintr_free(struct task_struct *task) {}
static inline void switch_uintr_prepare(struct task_struct *prev) {}
static inline void switch_uintr_return(void) {}
+static inline void uintr_wake_up_process(void) {}
#endif /* CONFIG_X86_USER_INTERRUPTS */
diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c
index d8c45e0728f0..8d4fd7509523 100644
--- a/arch/x86/kernel/idt.c
+++ b/arch/x86/kernel/idt.c
@@ -149,6 +149,7 @@ static const __initconst struct idt_data apic_idts[] = {
# endif
#ifdef CONFIG_X86_USER_INTERRUPTS
INTG(UINTR_NOTIFICATION_VECTOR, asm_sysvec_uintr_spurious_interrupt),
+ INTG(UINTR_KERNEL_VECTOR, asm_sysvec_uintr_kernel_notification),
#endif
# ifdef CONFIG_IRQ_WORK
INTG(IRQ_WORK_VECTOR, asm_sysvec_irq_work),
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index e3c35668c7c5..22349f5c301b 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -22,6 +22,7 @@
#include <asm/desc.h>
#include <asm/traps.h>
#include <asm/thermal.h>
+#include <asm/uintr.h>
#define CREATE_TRACE_POINTS
#include <asm/trace/irq_vectors.h>
@@ -187,6 +188,11 @@ int arch_show_interrupts(struct seq_file *p, int prec)
for_each_online_cpu(j)
seq_printf(p, "%10u ", irq_stats(j)->uintr_spurious_count);
seq_puts(p, " User-interrupt spurious event\n");
+
+ seq_printf(p, "%*s: ", prec, "UKN");
+ for_each_online_cpu(j)
+ seq_printf(p, "%10u ", irq_stats(j)->uintr_kernel_notifications);
+ seq_puts(p, " User-interrupt kernel notification event\n");
#endif
return 0;
}
@@ -356,6 +362,18 @@ DEFINE_IDTENTRY_SYSVEC_SIMPLE(sysvec_uintr_spurious_interrupt)
ack_APIC_irq();
inc_irq_stat(uintr_spurious_count);
}
+
+/*
+ * Handler for UINTR_KERNEL_VECTOR.
+ */
+DEFINE_IDTENTRY_SYSVEC(sysvec_uintr_kernel_notification)
+{
+ /* TODO: Add entry-exit tracepoints */
+ ack_APIC_irq();
+ inc_irq_stat(uintr_kernel_notifications);
+
+ uintr_wake_up_process();
+}
#endif
diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
index 8f331c5fe0cf..4e5545e6d903 100644
--- a/arch/x86/kernel/uintr_core.c
+++ b/arch/x86/kernel/uintr_core.c
@@ -28,22 +28,6 @@
#define UINTR_MAX_UITT_NR 256
#define UINTR_MAX_UVEC_NR 64
-/* User Posted Interrupt Descriptor (UPID) */
-struct uintr_upid {
- struct {
- u8 status; /* bit 0: ON, bit 1: SN, bit 2-7: reserved */
- u8 reserved1; /* Reserved */
- u8 nv; /* Notification vector */
- u8 reserved2; /* Reserved */
- u32 ndst; /* Notification destination */
- } nc __packed; /* Notification control */
- u64 puir; /* Posted user interrupt requests */
-} __aligned(64);
-
-/* UPID Notification control status */
-#define UPID_ON 0x0 /* Outstanding notification */
-#define UPID_SN 0x1 /* Suppressed notification */
-
struct uintr_receiver {
struct uintr_upid_ctx *upid_ctx;
u64 uvec_mask; /* track active vector per bit */
@@ -70,6 +54,10 @@ struct uintr_sender {
u64 uitt_mask[BITS_TO_U64(UINTR_MAX_UITT_NR)];
};
+/* TODO: To remove the global lock, move to a per-cpu wait list. */
+static DEFINE_SPINLOCK(uintr_wait_lock);
+static struct list_head uintr_wait_list = LIST_HEAD_INIT(uintr_wait_list);
+
inline bool uintr_arch_enabled(void)
{
return static_cpu_has(X86_FEATURE_UINTR);
@@ -80,6 +68,12 @@ static inline bool is_uintr_receiver(struct task_struct *t)
return !!t->thread.ui_recv;
}
+/* Always make sure task is_uintr_receiver() before calling */
+static inline bool is_uintr_waiting(struct task_struct *t)
+{
+ return t->thread.ui_recv->upid_ctx->waiting;
+}
+
static inline bool is_uintr_sender(struct task_struct *t)
{
return !!t->thread.ui_send;
@@ -151,6 +145,7 @@ static struct uintr_upid_ctx *alloc_upid(void)
refcount_set(&upid_ctx->refs, 1);
upid_ctx->task = get_task_struct(current);
upid_ctx->receiver_active = true;
+ upid_ctx->waiting = false;
return upid_ctx;
}
@@ -494,6 +489,68 @@ int do_uintr_register_sender(struct uintr_receiver_info *r_info,
return 0;
}
+int uintr_receiver_wait(void)
+{
+ struct uintr_upid_ctx *upid_ctx;
+ unsigned long flags;
+
+ if (!is_uintr_receiver(current))
+ return -EOPNOTSUPP;
+
+ upid_ctx = current->thread.ui_recv->upid_ctx;
+ upid_ctx->upid->nc.nv = UINTR_KERNEL_VECTOR;
+ upid_ctx->waiting = true;
+ spin_lock_irqsave(&uintr_wait_lock, flags);
+ list_add(&upid_ctx->node, &uintr_wait_list);
+ spin_unlock_irqrestore(&uintr_wait_lock, flags);
+
+ set_current_state(TASK_INTERRUPTIBLE);
+ schedule();
+
+ return -EINTR;
+}
+
+/*
+ * Runs in interrupt context.
+ * Scan through all UPIDs to check if any interrupt is on going.
+ */
+void uintr_wake_up_process(void)
+{
+ struct uintr_upid_ctx *upid_ctx, *tmp;
+ unsigned long flags;
+
+ spin_lock_irqsave(&uintr_wait_lock, flags);
+ list_for_each_entry_safe(upid_ctx, tmp, &uintr_wait_list, node) {
+ if (test_bit(UPID_ON, (unsigned long *)&upid_ctx->upid->nc.status)) {
+ set_bit(UPID_SN, (unsigned long *)&upid_ctx->upid->nc.status);
+ upid_ctx->upid->nc.nv = UINTR_NOTIFICATION_VECTOR;
+ upid_ctx->waiting = false;
+ wake_up_process(upid_ctx->task);
+ list_del(&upid_ctx->node);
+ }
+ }
+ spin_unlock_irqrestore(&uintr_wait_lock, flags);
+}
+
+/* Called when task is unregistering/exiting */
+static void uintr_remove_task_wait(struct task_struct *task)
+{
+ struct uintr_upid_ctx *upid_ctx, *tmp;
+ unsigned long flags;
+
+ spin_lock_irqsave(&uintr_wait_lock, flags);
+ list_for_each_entry_safe(upid_ctx, tmp, &uintr_wait_list, node) {
+ if (upid_ctx->task == task) {
+ pr_debug("wait: Removing task %d from wait\n",
+ upid_ctx->task->pid);
+ upid_ctx->upid->nc.nv = UINTR_NOTIFICATION_VECTOR;
+ upid_ctx->waiting = false;
+ list_del(&upid_ctx->node);
+ }
+ }
+ spin_unlock_irqrestore(&uintr_wait_lock, flags);
+}
+
int do_uintr_unregister_handler(void)
{
struct task_struct *t = current;
@@ -548,7 +605,7 @@ int do_uintr_unregister_handler(void)
* based on this UPID.
*/
set_bit(UPID_SN, (unsigned long *)&ui_recv->upid_ctx->upid->nc.status);
-
+ uintr_remove_task_wait(t);
put_upid_ref(ui_recv->upid_ctx);
kfree(ui_recv);
t->thread.ui_recv = NULL;
@@ -684,7 +741,7 @@ void switch_uintr_prepare(struct task_struct *prev)
{
struct uintr_upid *upid;
- if (is_uintr_receiver(prev)) {
+ if (is_uintr_receiver(prev) && !is_uintr_waiting(prev)) {
upid = prev->thread.ui_recv->upid_ctx->upid;
set_bit(UPID_SN, (unsigned long *)&upid->nc.status);
}
@@ -806,6 +863,7 @@ void uintr_free(struct task_struct *t)
* generated based on this UPID.
*/
set_bit(UPID_SN, (unsigned long *)&ui_recv->upid_ctx->upid->nc.status);
+ uintr_remove_task_wait(t);
ui_recv->upid_ctx->receiver_active = false;
put_upid_ref(ui_recv->upid_ctx);
kfree(ui_recv);
diff --git a/arch/x86/kernel/uintr_fd.c b/arch/x86/kernel/uintr_fd.c
index 3c82c032c0b9..a7e55d98c0c7 100644
--- a/arch/x86/kernel/uintr_fd.c
+++ b/arch/x86/kernel/uintr_fd.c
@@ -283,3 +283,18 @@ SYSCALL_DEFINE2(uintr_unregister_sender, int, uintrfd, unsigned int, flags)
fdput(f);
return ret;
}
+
+/*
+ * sys_uintr_wait - Wait for a user interrupt
+ */
+SYSCALL_DEFINE1(uintr_wait, unsigned int, flags)
+{
+ if (!uintr_arch_enabled())
+ return -EOPNOTSUPP;
+
+ if (flags)
+ return -EINVAL;
+
+ /* TODO: Add a timeout option */
+ return uintr_receiver_wait();
+}
--
2.33.0
Resending.. There were some email delivery issues.
On 9/13/2021 1:27 PM, Dave Hansen wrote:
> User Interrupts directly deliver events to user space and are
> 10x faster than the closest alternative.
Thanks Dave. This is definitely more attention-grabbing than the
previous intro. I'll include this next time.
One thing to note, the 10x gain is only applicable for User IPIs.
For other source of User Interrupts (like kernel-to-user
notifications and other external sources), we don't have the data
yet.
I realized the User IPI data in the cover also needs some
clarification. The 10x gain is only seen when the receiver is
spinning in User space - waiting for interrupts.
If the receiver were to block (wait) in the kernel, the performance
would drop as expected. However, User IPI (blocked) would still be
10% faster than Eventfd and 40% faster than signals.
Here is the updated table:
+---------------------+-------------------------+
| IPC type | Relative Latency |
| |(normalized to User IPI) |
+---------------------+-------------------------+
| User IPI | 1.0 |
| User IPI (blocked) | 8.9 |
| Signal | 14.8 |
| Eventfd | 9.7 |
| Pipe | 16.3 |
| Domain | 17.3 |
+---------------------+-------------------------+
--Sohil
On Tue, Sep 14, 2021 at 07:03:36PM +0000, Mehta, Sohil wrote:
> Resending.. There were some email delivery issues.
>
> On 9/13/2021 1:27 PM, Dave Hansen wrote:
> > User Interrupts directly deliver events to user space and are
> > 10x faster than the closest alternative.
>
> Thanks Dave. This is definitely more attention-grabbing than the
> previous intro. I'll include this next time.
>
> One thing to note, the 10x gain is only applicable for User IPIs.
> For other source of User Interrupts (like kernel-to-user
> notifications and other external sources), we don't have the data
> yet.
>
> I realized the User IPI data in the cover also needs some
> clarification. The 10x gain is only seen when the receiver is
> spinning in User space - waiting for interrupts.
>
> If the receiver were to block (wait) in the kernel, the performance
> would drop as expected. However, User IPI (blocked) would still be
> 10% faster than Eventfd and 40% faster than signals.
>
> Here is the updated table:
> +---------------------+-------------------------+
> | IPC type | Relative Latency |
> | |(normalized to User IPI) |
> +---------------------+-------------------------+
> | User IPI | 1.0 |
> | User IPI (blocked) | 8.9 |
> | Signal | 14.8 |
> | Eventfd | 9.7 |
> | Pipe | 16.3 |
> | Domain | 17.3 |
> +---------------------+-------------------------+
Relative is just that, "relative". If the real values are extremely
tiny, then relative is just "this goes a tiny tiny bit faster than what
you have today in eventfd", right?
So how about "absolute"? What are we talking here?
And this is really only for the "one userspace task waking up another
userspace task" policies. What real workload can actually use this?
thanks,
greg k-h
On Mon, Sep 13, 2021 at 01:01:29PM -0700, Sohil Mehta wrote:
> Add a registration syscall for a task to register itself as a user
> interrupt sender using the uintr_fd generated by the receiver. A task
> can register multiple uintr_fds. Each unique successful connection
> creates a new entry in the User Interrupt Target Table (UITT).
>
> Each entry in the UITT table is referred by the UITT index (uipi_index).
> The uipi_index returned during the registration syscall lets a sender
> generate a user IPI using the 'SENDUIPI <uipi_index>' instruction.
>
> Also, add a sender unregister syscall to unregister a particular task
> from the uintr_fd. Calling close on the uintr_fd will disconnect all
> threads in a sender process from that FD.
>
> Currently, the UITT size is arbitrarily chosen as 256 entries
> corresponding to a 4KB page. Based on feedback and usage data this can
> either be increased/decreased or made dynamic later.
>
> Architecturally, the UITT table can be unique for each thread or shared
> across threads of the same thread group. The current implementation
> keeps the UITT as unique for the each thread. This makes the kernel
> implementation relatively simple and only threads that use uintr get
> setup with the related structures. However, this means that the
> uipi_index for each thread would be inconsistent wrt to other threads.
> (Executing 'SENDUIPI 2' on threads of the same process could generate
> different user interrupts.)
>
> Alternatively, the benefit of sharing the UITT table is that all threads
> would see the same view of the UITT table. Also the kernel UITT memory
> allocation would be more efficient if multiple threads connect to the
> same uintr_fd. However, this would mean the kernel needs to keep the
> UITT table size MISC_MSR[] in sync across these threads. Also the
> UPID/UITT teardown flows might need additional consideration.
>
> Signed-off-by: Sohil Mehta <[email protected]>
> ---
> arch/x86/include/asm/processor.h | 2 +
> arch/x86/include/asm/uintr.h | 15 ++
> arch/x86/kernel/process.c | 1 +
> arch/x86/kernel/uintr_core.c | 355 ++++++++++++++++++++++++++++++-
> arch/x86/kernel/uintr_fd.c | 133 ++++++++++++
> 5 files changed, 495 insertions(+), 11 deletions(-)
>
> diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
> index d229bfac8b4f..3482c3182e39 100644
> --- a/arch/x86/include/asm/processor.h
> +++ b/arch/x86/include/asm/processor.h
> @@ -10,6 +10,7 @@ struct mm_struct;
> struct io_bitmap;
> struct vm86;
> struct uintr_receiver;
> +struct uintr_sender;
>
> #include <asm/math_emu.h>
> #include <asm/segment.h>
> @@ -533,6 +534,7 @@ struct thread_struct {
> #ifdef CONFIG_X86_USER_INTERRUPTS
> /* User Interrupt state*/
> struct uintr_receiver *ui_recv;
> + struct uintr_sender *ui_send;
> #endif
>
> /* Floating point and extended processor state */
> diff --git a/arch/x86/include/asm/uintr.h b/arch/x86/include/asm/uintr.h
> index 1f00e2a63da4..ef3521dd7fb9 100644
> --- a/arch/x86/include/asm/uintr.h
> +++ b/arch/x86/include/asm/uintr.h
> @@ -8,6 +8,7 @@ struct uintr_upid_ctx {
> struct task_struct *task; /* Receiver task */
> struct uintr_upid *upid;
> refcount_t refs;
> + bool receiver_active; /* Flag for UPID being mapped to a receiver */
> };
>
> struct uintr_receiver_info {
> @@ -16,12 +17,26 @@ struct uintr_receiver_info {
> u64 uvec; /* Vector number */
> };
>
> +struct uintr_sender_info {
> + struct list_head node;
> + struct uintr_uitt_ctx *uitt_ctx;
> + struct task_struct *task;
> + struct uintr_upid_ctx *r_upid_ctx; /* Receiver's UPID context */
> + struct callback_head twork; /* Task work head */
> + unsigned int uitt_index;
> +};
> +
> bool uintr_arch_enabled(void);
> int do_uintr_register_handler(u64 handler);
> int do_uintr_unregister_handler(void);
> int do_uintr_register_vector(struct uintr_receiver_info *r_info);
> void do_uintr_unregister_vector(struct uintr_receiver_info *r_info);
>
> +int do_uintr_register_sender(struct uintr_receiver_info *r_info,
> + struct uintr_sender_info *s_info);
> +void do_uintr_unregister_sender(struct uintr_receiver_info *r_info,
> + struct uintr_sender_info *s_info);
> +
> void uintr_free(struct task_struct *task);
>
> /* TODO: Inline the context switch related functions */
> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
> index 83677f76bd7b..9db33e467b30 100644
> --- a/arch/x86/kernel/process.c
> +++ b/arch/x86/kernel/process.c
> @@ -92,6 +92,7 @@ int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
> #ifdef CONFIG_X86_USER_INTERRUPTS
> /* User Interrupt state is unique for each task */
> dst->thread.ui_recv = NULL;
> + dst->thread.ui_send = NULL;
> #endif
>
> return fpu_clone(dst);
> diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
> index 9dcb9f60e5bc..8f331c5fe0cf 100644
> --- a/arch/x86/kernel/uintr_core.c
> +++ b/arch/x86/kernel/uintr_core.c
> @@ -21,6 +21,11 @@
> #include <asm/msr-index.h>
> #include <asm/uintr.h>
>
> +/*
> + * Each UITT entry is 16 bytes in size.
> + * Current UITT table size is set as 4KB (256 * 16 bytes)
> + */
> +#define UINTR_MAX_UITT_NR 256
> #define UINTR_MAX_UVEC_NR 64
>
> /* User Posted Interrupt Descriptor (UPID) */
> @@ -44,6 +49,27 @@ struct uintr_receiver {
> u64 uvec_mask; /* track active vector per bit */
> };
>
> +/* User Interrupt Target Table Entry (UITTE) */
> +struct uintr_uitt_entry {
> + u8 valid; /* bit 0: valid, bit 1-7: reserved */
Do you check that the other bits are set to 0?
> + u8 user_vec;
> + u8 reserved[6];
What is this reserved for?
> + u64 target_upid_addr;
If this is a pointer, why not say it is a pointer?
> +} __packed __aligned(16);
> +
> +struct uintr_uitt_ctx {
> + struct uintr_uitt_entry *uitt;
> + /* Protect UITT */
> + spinlock_t uitt_lock;
> + refcount_t refs;
Again, a kref please.
thanks,
greg k-h
On Thu, Sep 23, 2021 at 02:19:05PM +0200, Greg KH wrote:
> On Tue, Sep 14, 2021 at 07:03:36PM +0000, Mehta, Sohil wrote:
> > Resending.. There were some email delivery issues.
> >
> > On 9/13/2021 1:27 PM, Dave Hansen wrote:
> > > User Interrupts directly deliver events to user space and are
> > > 10x faster than the closest alternative.
> >
> > Thanks Dave. This is definitely more attention-grabbing than the
> > previous intro. I'll include this next time.
> >
> > One thing to note, the 10x gain is only applicable for User IPIs.
> > For other source of User Interrupts (like kernel-to-user
> > notifications and other external sources), we don't have the data
> > yet.
> >
> > I realized the User IPI data in the cover also needs some
> > clarification. The 10x gain is only seen when the receiver is
> > spinning in User space - waiting for interrupts.
> >
> > If the receiver were to block (wait) in the kernel, the performance
> > would drop as expected. However, User IPI (blocked) would still be
> > 10% faster than Eventfd and 40% faster than signals.
> >
> > Here is the updated table:
> > +---------------------+-------------------------+
> > | IPC type | Relative Latency |
> > | |(normalized to User IPI) |
> > +---------------------+-------------------------+
> > | User IPI | 1.0 |
> > | User IPI (blocked) | 8.9 |
> > | Signal | 14.8 |
> > | Eventfd | 9.7 |
> > | Pipe | 16.3 |
> > | Domain | 17.3 |
> > +---------------------+-------------------------+
>
> Relative is just that, "relative". If the real values are extremely
> tiny, then relative is just "this goes a tiny tiny bit faster than what
> you have today in eventfd", right?
>
> So how about "absolute"? What are we talking here?
>
> And this is really only for the "one userspace task waking up another
> userspace task" policies. What real workload can actually use this?
Also, you forgot to list Binder in the above IPC type.
And you forgot to mention that this is tied to one specific CPU type
only. Are syscalls allowed to be created that would only work on
obscure cpus like this one?
thanks,
greg k-h
On 9/13/21 2:01 PM, Sohil Mehta wrote:
> - Discuss potential use cases.
> We are starting to look at actual usages and libraries (like libevent[2] and
> liburing[3]) that can take advantage of this technology. Unfortunately, we
> don't have much to share on this right now. We need some help from the
> community to identify usages that can benefit from this. We would like to make
> sure the proposed APIs work for the eventual consumers.
One use case for liburing/io_uring would be to use it instead of eventfd
for notifications. I know some folks do use eventfd right now, though
it's not that common. But if we had support for something like this,
then you could use it to know when to reap events rather than sleep in
the kernel. Or at least to be notified when new events have been posted
to the cq ring.
--
Jens Axboe
On 9/23/21 7:09 AM, Greg KH wrote:
> And you forgot to mention that this is tied to one specific CPU type
> only. Are syscalls allowed to be created that would only work on
> obscure cpus like this one?
Well, you have to start somewhere. For example, when memory protection
keys went in, we added three syscalls:
> 329 common pkey_mprotect sys_pkey_mprotect
> 330 common pkey_alloc sys_pkey_alloc
> 331 common pkey_free sys_pkey_free
At the point that I started posting these, you couldn't even buy a
system with this feature. For a while, there was only one Intel Xeon
generation that had support.
But, if you build it, they will come. Today, there is powerpc support
and our friends at AMD added support to their processors. In addition,
protection keys are found across Intel's entire CPU line: from big
Xeons, down to the little Atoms you find in Chromebooks.
I encourage everyone submitting new hardware features to include
information about where their feature will show up to end users *and* to
say how widely it will be available. I'd actually prefer if maintainers
rejected patches that didn't have this information.
On Thu, Sep 23, 2021 at 07:46:43AM -0700, Dave Hansen wrote:
> I encourage everyone submitting new hardware features to include
> information about where their feature will show up to end users *and* to
> say how widely it will be available. I'd actually prefer if maintainers
> rejected patches that didn't have this information.
Make sense. So, what are the answers to these questions for this new
CPU feature?
thanks,
greg k-h
On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
> Enable xstate supervisor support for User Interrupts by default.
What means enabled by default? It's enabled when available and not
disabled on the command line.
> The user interrupt state for a task consists of the MSR state and the
> User Interrupt Flag (UIF) value. XSAVES and XRSTORS handle saving and
> restoring both of these states.
>
> <The supervisor XSTATE code might be reworked based on issues reported
> in the past. The Uintr context switching code would also need rework and
> additional testing in that regard.>
What? Which issues were reported and if they have been reported then how
is the provided code correct?
> +/*
> + * State component 14 is supervisor state used for User Interrupts state.
> + * The size of this state is 48 bytes
> + */
> +struct uintr_state {
> + u64 handler;
> + u64 stack_adjust;
> + u32 uitt_size;
> + u8 uinv;
> + u8 pad1;
> + u8 pad2;
> + u8 uif_pad3; /* bit 7 - UIF, bits 6:0 - reserved */
Please do not use tail comments. Also what kind of name is uif_pad3?
Bitfields exist for a reason.
Aside of that please use tabs to seperate type and name.
> + u64 upid_addr;
> + u64 uirr;
> + u64 uitt_addr;
> +} __packed;
> +
Thanks,
tglx
On 9/23/2021 5:19 AM, Greg KH wrote:
> On Tue, Sep 14, 2021 at 07:03:36PM +0000, Mehta, Sohil wrote:
>
> Here is the updated table:
> +---------------------+-------------------------+
> | IPC type | Relative Latency |
> | |(normalized to User IPI) |
> +---------------------+-------------------------+
> | User IPI | 1.0 |
> | User IPI (blocked) | 8.9 |
> | Signal | 14.8 |
> | Eventfd | 9.7 |
> | Pipe | 16.3 |
> | Domain | 17.3 |
> +---------------------+-------------------------+
> Relative is just that, "relative". If the real values are extremely
> tiny, then relative is just "this goes a tiny tiny bit faster than what
> you have today in eventfd", right?
>
> So how about "absolute"? What are we talking here?
Thanks Greg for reviewing the patches.
The reason I have not included absolute numbers is that on a
pre-production platform it could be misleading. The data here is more of
an approximation with the final performance expected to trend in this
direction.
I have used the term "relative" only to signify that this is comparing
User IPI with others.
Let's say, if eventfd took 9.7 usec on a system then User IPI (running)
would take 1 usec. So it would still be a 9x improvement.
But, I agree with your point. This is only a micro-benchmark performance
comparison. The overall gain in a real workload would depend on how it
uses IPC.
+---------------------+------------------------------+
| IPC type | Example Latency |
| | (micro seconds) |
+---------------------+------------------------------+
| User IPI (running) | 1.0 usec |
| User IPI (blocked) | 8.9 usec |
| Signal | 14.8 usec |
| Eventfd | 9.7 usec |
| Pipe | 16.3 usec |
| Domain | 17.3 usec |
+---------------------+------------------------------+
> And this is really only for the "one userspace task waking up another
> userspace task" policies. What real workload can actually use this?
A User IPI sender could be registered to send IPIs to multiple targets.
But, there is no broadcast mechanism, so it can only target one receiver
everytime it executes the SENDUIPI instruction.
Thanks,
Sohil
> thanks,
>
> greg k-h
On 9/23/2021 7:09 AM, Greg KH wrote:
> Also, you forgot to list Binder in the above IPC type.
>
Thanks for pointing that out. In the LPC discussion today there was also
a suggestion to compare this with Futex wake.
I'll include a comparison with Binder and Futex next time.
I used this IPC benchmark this time but it doesn't include Binder and Futex.
https://github.com/goldsborough/ipc-bench
Would you know if there is anything out there that is more comprehensive
for benchmarking IPC?
Thanks,
Sohil
On 9/23/2021 5:19 AM, Greg KH wrote:
> What real workload can actually use this?
>
I missed replying to this.
User mode runtimes is one the usages that we think would benefit from
User IPIs.
Also as Jens mentioned in another thread, this could help kernel to user
notifications in io_uring (using User Interrupts instead of eventfd for
signaling).
Libevent is another abstraction that we are evaluating.
Thanks,
Sohil
On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
> User interrupt state is saved and restored using xstate supervisor
> feature support. This includes the MSR state and the User Interrupt Flag
> (UIF) value.
>
> During context switch update the UPID for a uintr task to reflect the
> current state of the task; namely whether the task should receive
> interrupt notifications and which cpu the task is currently running on.
>
> XSAVES clears the notification vector (UINV) in the MISC MSR to prevent
> interrupts from being recognized in the UIRR MSR while the task is being
> context switched. The UINV is restored back when the kernel does an
> XRSTORS.
>
> However, this conflicts with the kernel's lazy restore optimization
> which skips an XRSTORS if the kernel is scheduling the same user task
> back and the underlying MSR state hasn't been modified. Special handling
> is needed for a uintr task in the context switch path to keep using this
> optimization.
And this special handling is?
Distinct void of content here.
> /* Check that the stack and regs on entry from user mode are sane. */
> static __always_inline void arch_check_user_regs(struct pt_regs *regs)
> @@ -57,6 +58,9 @@ static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs,
> if (unlikely(ti_work & _TIF_NEED_FPU_LOAD))
> switch_fpu_return();
>
> + if (static_cpu_has(X86_FEATURE_UINTR))
> + switch_uintr_return();
> +
...
> --- a/arch/x86/kernel/fpu/core.c
> +++ b/arch/x86/kernel/fpu/core.c
> @@ -95,6 +95,14 @@ EXPORT_SYMBOL(irq_fpu_usable);
> * over the place.
> *
> * FXSAVE and all XSAVE variants preserve the FPU register state.
> + *
> + * When XSAVES is called with XFEATURE_UINTR enabled it
> + * saves the FPU state and clears the interrupt notification
> + * vector byte of the MISC_MSR [bits 39:32]. This is required
> + * to stop detecting additional User Interrupts after we
> + * have saved the FPU state. Before going back to userspace
> + * we would correct this and only program the byte that was
we would?
This simply has to be done before returning to user space no matter
what. And _we_ can't do that. Please do not impersonate code.
> + * cleared.
> */
> void save_fpregs_to_fpstate(struct fpu *fpu)
> {
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index ec0d836a13b1..62b82137db9c 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -53,6 +53,7 @@
> #include <asm/xen/hypervisor.h>
> #include <asm/vdso.h>
> #include <asm/resctrl.h>
> +#include <asm/uintr.h>
> #include <asm/unistd.h>
> #include <asm/fsgsbase.h>
> #ifdef CONFIG_IA32_EMULATION
> @@ -565,6 +566,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
> WARN_ON_ONCE(IS_ENABLED(CONFIG_DEBUG_ENTRY) &&
> this_cpu_read(hardirq_stack_inuse));
>
> + if (static_cpu_has(X86_FEATURE_UINTR))
cpu_feature_enabled() please.
> + switch_uintr_prepare(prev_p);
> +
> if (!test_thread_flag(TIF_NEED_FPU_LOAD))
> switch_fpu_prepare(prev_fpu, cpu);
>
> diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
> index 2c6042a6840a..7a29888050ad 100644
> --- a/arch/x86/kernel/uintr_core.c
> +++ b/arch/x86/kernel/uintr_core.c
> @@ -238,3 +238,78 @@ int do_uintr_register_handler(u64 handler)
>
> return 0;
> }
> +
> +/* Suppress notifications since this task is being context switched out */
> +void switch_uintr_prepare(struct task_struct *prev)
> +{
> + struct uintr_upid *upid;
> +
> + if (is_uintr_receiver(prev)) {
> + upid = prev->thread.ui_recv->upid_ctx->upid;
> + set_bit(UPID_SN, (unsigned long *)&upid->nc.status);
Please add a comment why this needs to be a locked instruction.
> + }
> +}
> +
> +/*
> + * Do this right before we are going back to userspace after the FPU has been
> + * reloaded i.e. TIF_NEED_FPU_LOAD is clear.
> + * Called from arch_exit_to_user_mode_prepare() with interrupts disabled.
> + */
> +void switch_uintr_return(void)
> +{
> + struct uintr_upid *upid;
> + u64 misc_msr;
> +
> + if (is_uintr_receiver(current)) {
> + /*
> + * The XSAVES instruction clears the UINTR notification
> + * vector(UINV) in the UINT_MISC MSR when user context gets
> + * saved. Before going back to userspace we need to restore the
> + * notification vector. XRSTORS would automatically restore the
> + * notification but we can't be sure that XRSTORS will always
> + * be called when going back to userspace. Also if XSAVES gets
> + * called twice the UINV stored in the Xstate buffer will be
> + * overwritten. Threfore, before going back to userspace we
> + * always check if the UINV is set and reprogram if needed.
> + *
> + * Alternatively, we could combine this with
> + * switch_fpu_return() and program the MSR whenever we are
> + * skipping the XRSTORS. We need special precaution to make
> + * sure the UINV value in the XSTATE buffer doesn't get
> + * overwritten by calling XSAVES twice.
> + */
> + WARN_ON_ONCE(test_thread_flag(TIF_NEED_FPU_LOAD));
> +
> + /* Modify only the relevant bits of the MISC MSR */
I surely appreciate the well thought out hardware design which requires
yet another rdmsrl/wrmsrl pair here.
Of course this is invoked unconditionally when the CPU has
X86_FEATURE_UINTR:
> + if (static_cpu_has(X86_FEATURE_UINTR))
> + switch_uintr_return();
Why?
If the sequence is:
syscall()
do_stuff()
return_to_user()
then what on earth has modified that MSR state? Nothing at all, but you
still run this code. What for?
> + rdmsrl(MSR_IA32_UINTR_MISC, misc_msr);
> + if (!(misc_msr & GENMASK_ULL(39, 32))) {
Hardcoded random numbers ...
> + misc_msr |= (u64)UINTR_NOTIFICATION_VECTOR << 32;
Hardcoded numerical shift value...
> + wrmsrl(MSR_IA32_UINTR_MISC, misc_msr);
> + }
> +
> + /*
> + * It is necessary to clear the SN bit after we set UINV and
> + * NDST to avoid incorrect interrupt routing.
Right, because if the task did not go through schedule() this state has not
been changed at all and therefore you need to clear SN just in case to
make sure that it hasn't been set by accident, right?
> + */
> + upid = current->thread.ui_recv->upid_ctx->upid;
> + upid->nc.ndst = cpu_to_ndst(smp_processor_id());
> + clear_bit(UPID_SN, (unsigned long *)&upid->nc.status);
> +
> + /*
> + * Interrupts might have accumulated in the UPID while the
> + * thread was preempted. In this case invoke the hardware
> + * detection sequence manually by sending a self IPI with UINV.
> + * Since UINV is set and SN is cleared, any new UINTR
> + * notifications due to the self IPI or otherwise would result
> + * in the hardware updating the UIRR directly.
> + * No real interrupt would be generated as a result of this.
> + *
> + * The alternative is to atomically read and clear the UPID and
> + * program the UIRR. In that case the kernel would need to
> + * carefully manage the race with the hardware if the UPID gets
> + * updated after the read.
> + */
> + if (READ_ONCE(upid->puir))
> + apic->send_IPI_self(UINTR_NOTIFICATION_VECTOR);
So sending an self IPI is more performant than doing it purely in
memory with some care? I seriously doubt that.
Oh well, I was under the impression that this is about performance and
not about adding as much overhead as possible.
But what do I know....
Thanks,
tglx
On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
> The user interrupt MSRs and the user interrupt state is task specific.
> During task fork and exit clear the task state, clear the MSRs and
> dereference the shared resources.
>
> Some of the memory resources like the UPID are referenced in the file
> descriptor and could be in use while the uintr_fd is still valid.
> Instead of freeing up the UPID just dereference it.
Derefencing the UPID, i.e. accessing task->upid->foo helps in which way?
You want to drop the reference count I assume. Then please write that
so.
> Eventually when every user releases the reference the memory resource
> will be freed up.
Yeah, eventually or not...
> --- a/arch/x86/kernel/fpu/core.c
> +++ b/arch/x86/kernel/fpu/core.c
> @@ -260,6 +260,7 @@ int fpu_clone(struct task_struct *dst)
> {
> struct fpu *src_fpu = ¤t->thread.fpu;
> struct fpu *dst_fpu = &dst->thread.fpu;
> + struct uintr_state *uintr_state;
>
> /* The new task's FPU state cannot be valid in the hardware. */
> dst_fpu->last_cpu = -1;
> @@ -284,6 +285,14 @@ int fpu_clone(struct task_struct *dst)
>
> else
> save_fpregs_to_fpstate(dst_fpu);
> +
> + /* UINTR state is not expected to be inherited (in the current design). */
> + if (static_cpu_has(X86_FEATURE_UINTR)) {
> + uintr_state = get_xsave_addr(&dst_fpu->state.xsave, XFEATURE_UINTR);
> + if (uintr_state)
> + memset(uintr_state, 0, sizeof(*uintr_state));
> + }
1) If the FPU registers are up to date then this can be completely
avoided by excluding the UINTR component from XSAVES
2) If the task never used that muck then UINTR is in init state and
clearing that memory is a redunant exercise because it has been
cleared already
So yes, this clearly is evidence how this is enhancing performance.
> +/*
> + * This should only be called from exit_thread().
Should? Would? Maybe or what?
> + * exit_thread() can happen in current context when the current thread is
> + * exiting or it can happen for a new thread that is being created.
A right that makes sense. If a new thread is created then it can call
exit_thread(), right?
> + * For new threads is_uintr_receiver() should fail.
Should fail?
> + */
> +void uintr_free(struct task_struct *t)
> +{
> + struct uintr_receiver *ui_recv;
> + struct fpu *fpu;
> +
> + if (!static_cpu_has(X86_FEATURE_UINTR) || !is_uintr_receiver(t))
> + return;
> +
> + if (WARN_ON_ONCE(t != current))
> + return;
> +
> + fpu = &t->thread.fpu;
> +
> + fpregs_lock();
> +
> + if (fpregs_state_valid(fpu, smp_processor_id())) {
> + wrmsrl(MSR_IA32_UINTR_MISC, 0ULL);
> + wrmsrl(MSR_IA32_UINTR_PD, 0ULL);
> + wrmsrl(MSR_IA32_UINTR_RR, 0ULL);
> + wrmsrl(MSR_IA32_UINTR_STACKADJUST, 0ULL);
> + wrmsrl(MSR_IA32_UINTR_HANDLER, 0ULL);
> + } else {
> + struct uintr_state *p;
> +
> + p = get_xsave_addr(&fpu->state.xsave, XFEATURE_UINTR);
> + if (p) {
> + p->handler = 0;
> + p->uirr = 0;
> + p->upid_addr = 0;
> + p->stack_adjust = 0;
> + p->uinv = 0;
> + }
> + }
> +
> + /* Check: Can a thread be context switched while it is exiting? */
This looks like a question which should be answered _before_ writing
such code.
> + ui_recv = t->thread.ui_recv;
> +
> + /*
> + * Suppress notifications so that no further interrupts are
> + * generated based on this UPID.
> + */
> + set_bit(UPID_SN, (unsigned long *)&ui_recv->upid_ctx->upid->nc.status);
> + put_upid_ref(ui_recv->upid_ctx);
> + kfree(ui_recv);
> + t->thread.ui_recv = NULL;
Again, why needs all this put/kfree muck be within the fpregs locked section?
> + fpregs_unlock();
> +}
Thanks,
tglx
On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
> static void free_upid(struct uintr_upid_ctx *upid_ctx)
> {
> + put_task_struct(upid_ctx->task);
That's current, right?
> kfree(upid_ctx->upid);
> upid_ctx->upid = NULL;
> kfree(upid_ctx);
> @@ -93,6 +93,7 @@ static struct uintr_upid_ctx *alloc_upid(void)
>
> upid_ctx->upid = upid;
> refcount_set(&upid_ctx->refs, 1);
> + upid_ctx->task = get_task_struct(current);
Current takes a refcount on it's own task struct when allocating upid,
and releases it at some point when freeing upid, right?
What for? Comments are overrated, except for comments describing
the obvious in the wrong way.
If this ever comes back in some form, then I pretty please want the life
time rules of this documented properly. The current state is
unreviewable.
> return upid_ctx;
> }
> @@ -103,6 +104,77 @@ static void put_upid_ref(struct uintr_upid_ctx *upid_ctx)
> free_upid(upid_ctx);
> }
>
> +static struct uintr_upid_ctx *get_upid_ref(struct uintr_upid_ctx *upid_ctx)
> +{
> + refcount_inc(&upid_ctx->refs);
> + return upid_ctx;
> +}
> +
> +static void __clear_vector_from_upid(u64 uvec, struct uintr_upid *upid)
> +{
> + clear_bit(uvec, (unsigned long *)&upid->puir);
> +}
> +
> +static void __clear_vector_from_task(u64 uvec)
> +{
> + struct task_struct *t = current;
> +
> + pr_debug("recv: task=%d free vector %llu\n", t->pid, uvec);
> +
> + if (!(BIT_ULL(uvec) & t->thread.ui_recv->uvec_mask))
> + return;
> +
> + clear_bit(uvec, (unsigned long *)&t->thread.ui_recv->uvec_mask);
> +
> + if (!t->thread.ui_recv->uvec_mask)
> + pr_debug("recv: task=%d unregistered all user vectors\n", t->pid);
Once you are done debugging this complex function can you please turn it
into an unconditional clear_bit(...) at the call site?
> +/* Callback to clear the vector structures when a vector is unregistered. */
> +static void receiver_clear_uvec(struct callback_head *head)
> +{
> + struct uintr_receiver_info *r_info;
> + struct uintr_upid_ctx *upid_ctx;
> + struct task_struct *t = current;
> + u64 uvec;
> +
> + r_info = container_of(head, struct uintr_receiver_info, twork);
> + uvec = r_info->uvec;
> + upid_ctx = r_info->upid_ctx;
> +
> + /*
> + * If a task has unregistered the interrupt handler the vector
> + * structures would have already been cleared.
would ? No. They must have been cleared already, anything else is a bug.
> + */
> + if (is_uintr_receiver(t)) {
> + /*
> + * The UPID context in the callback might differ from the one
> + * on the task if the task unregistered its interrupt handler
> + * and then registered itself again. The vector structures
> + * related to the previous UPID would have already been cleared
> + * in that case.
> + */
> + if (t->thread.ui_recv->upid_ctx != upid_ctx) {
> + pr_debug("recv: task %d is now using a different UPID\n",
> + t->pid);
> + goto out_free;
> + }
> +
> + /*
> + * If the vector has been recognized in the UIRR don't modify
> + * it. We need to disable User Interrupts before modifying the
> + * UIRR. It might be better to just let that interrupt get
> + * delivered.
Might be better? Please provide coherent explanations why this is correct.
> + */
> + __clear_vector_from_upid(uvec, upid_ctx->upid);
> + __clear_vector_from_task(uvec);
> + }
> +
> +out_free:
> + put_upid_ref(upid_ctx);
> + kfree(r_info);
> +}
> +
> int do_uintr_unregister_handler(void)
> {
> struct task_struct *t = current;
> @@ -239,6 +311,53 @@ int do_uintr_register_handler(u64 handler)
> return 0;
> }
>
> +void do_uintr_unregister_vector(struct uintr_receiver_info *r_info)
> +{
> + int ret;
> +
> + pr_debug("recv: Adding task work to clear vector %llu added for task=%d\n",
> + r_info->uvec, r_info->upid_ctx->task->pid);
> +
> + init_task_work(&r_info->twork, receiver_clear_uvec);
How is this safe? Reinitialization has to be serialized against other
usage. Again: Document the life time and serialization rules. Your
pr_debugs sprinkled all over the place are not a replacement for that.
> + ret = task_work_add(r_info->upid_ctx->task, &r_info->twork, true);
Care to look at the type of the third argument of task_work_add()?
> +struct uintrfd_ctx {
> + struct uintr_receiver_info *r_info;
Yet another wrapper struct? What for?
> +/*
> + * sys_uintr_create_fd - Create a uintr_fd for the registered interrupt vector.
So this creates a file descriptor for a vector which is already
allocated and then it calls do_uintr_register_vector() which allocates
the vector?
> + */
> +SYSCALL_DEFINE2(uintr_create_fd, u64, vector, unsigned int, flags)
> +{
Thanks,
tglx
On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
> +/*
> + * No lock is needed to read the active flag. Writes only happen from
> + * r_info->task that owns the UPID. Everyone else would just read this flag.
> + *
> + * This only provides a static check. The receiver may become inactive right
> + * after this check. The primary reason to have this check is to prevent future
> + * senders from connecting with this UPID, since the receiver task has already
> + * made this UPID inactive.
How is that not racy?
> +static void free_uitt(struct uintr_uitt_ctx *uitt_ctx)
> +{
> + unsigned long flags;
> +
> + spin_lock_irqsave(&uitt_ctx->uitt_lock, flags);
> + kfree(uitt_ctx->uitt);
Again. Please move kfree() outside of the lock held region. But aside of
that what is this lock protecting here?
> + uitt_ctx->uitt = NULL;
> + spin_unlock_irqrestore(&uitt_ctx->uitt_lock, flags);
If there is concurrency then the other task which is blocked on
uitt_lock will operate on uitt_ctx while the same is freed.
Again, this lacks any life time and serialization rules. Just sprinkling
locks all over the place does not make it magically correct.
> + kfree(uitt_ctx);
> +}
> +static void put_uitt_ref(struct uintr_uitt_ctx *uitt_ctx)
> +{
> + if (refcount_dec_and_test(&uitt_ctx->refs))
> + free_uitt(uitt_ctx);
> +}
> +static struct uintr_uitt_ctx *get_uitt_ref(struct uintr_uitt_ctx *uitt_ctx)
> +{
> + refcount_inc(&uitt_ctx->refs);
> + return uitt_ctx;
> +}
> +
> +static inline void mark_uitte_invalid(struct uintr_sender_info *s_info)
> +{
> + struct uintr_uitt_entry *uitte;
> + unsigned long flags;
> +
> + spin_lock_irqsave(&s_info->uitt_ctx->uitt_lock, flags);
> + uitte = &s_info->uitt_ctx->uitt[s_info->uitt_index];
> + uitte->valid = 0;
> + spin_unlock_irqrestore(&s_info->uitt_ctx->uitt_lock, flags);
> +}
> +
> static void __clear_vector_from_upid(u64 uvec, struct uintr_upid *upid)
> {
> clear_bit(uvec, (unsigned long *)&upid->puir);
> @@ -175,6 +290,210 @@ static void receiver_clear_uvec(struct callback_head *head)
> kfree(r_info);
> }
>
> +static void teardown_uitt(void)
> +{
> + struct task_struct *t = current;
> + struct fpu *fpu = &t->thread.fpu;
> + u64 msr64;
> +
> + put_uitt_ref(t->thread.ui_send->uitt_ctx);
> + kfree(t->thread.ui_send);
> + t->thread.ui_send = NULL;
> +
> + fpregs_lock();
> +
> + if (fpregs_state_valid(fpu, smp_processor_id())) {
> + /* Modify only the relevant bits of the MISC MSR */
> + rdmsrl(MSR_IA32_UINTR_MISC, msr64);
> + msr64 &= GENMASK_ULL(63, 32);
More magic numbers.
> + wrmsrl(MSR_IA32_UINTR_MISC, msr64);
> + wrmsrl(MSR_IA32_UINTR_TT, 0ULL);
> +static void __free_uitt_entry(unsigned int entry)
> +{
> + struct task_struct *t = current;
> + unsigned long flags;
> +
> + if (entry >= UINTR_MAX_UITT_NR)
> + return;
> +
> + if (!is_uintr_sender(t))
> + return;
> +
> + pr_debug("send: Freeing UITTE entry %d for task=%d\n", entry, t->pid);
> +
> + spin_lock_irqsave(&t->thread.ui_send->uitt_ctx->uitt_lock, flags);
> + memset(&t->thread.ui_send->uitt_ctx->uitt[entry], 0,
> + sizeof(struct uintr_uitt_entry));
> + spin_unlock_irqrestore(&t->thread.ui_send->uitt_ctx->uitt_lock,
> flags);
What's the spinlock protecting here?
> + clear_bit(entry, (unsigned long *)t->thread.ui_send->uitt_mask);
> +
> + if (is_uitt_empty(t)) {
> + pr_debug("send: UITT mask is empty. Dereference and teardown UITT\n");
> + teardown_uitt();
> + }
> +}
> +void do_uintr_unregister_sender(struct uintr_receiver_info *r_info,
> + struct uintr_sender_info *s_info)
> +{
> + int ret;
> +
> + /*
> + * To make sure any new senduipi result in a #GP fault.
> + * The task work might take non-zero time to kick the process out.
-ENOPARSE
> + */
> + mark_uitte_invalid(s_info);
> +
> + pr_debug("send: Adding Free UITTE %d task work for task=%d\n",
> + s_info->uitt_index, s_info->task->pid);
> +
> + init_task_work(&s_info->twork, sender_free_uitte);
> + ret = task_work_add(s_info->task, &s_info->twork, true);
> + if (ret) {
> + /*
> + * Dereferencing the UITT and UPID here since the task has
> + * exited.
> + */
> + pr_debug("send: Free UITTE %d task=%d has already exited\n",
> + s_info->uitt_index, s_info->task->pid);
> + put_upid_ref(s_info->r_upid_ctx);
> + put_uitt_ref(s_info->uitt_ctx);
> + put_task_struct(s_info->task);
> + kfree(s_info);
> + return;
> + }
> +}
> +
> +int do_uintr_register_sender(struct uintr_receiver_info *r_info,
> + struct uintr_sender_info *s_info)
> +{
> + struct uintr_uitt_entry *uitte = NULL;
> + struct uintr_sender *ui_send;
> + struct task_struct *t = current;
> + unsigned long flags;
> + int entry;
> + int ret;
> +
> + /*
> + * Only a static check. Receiver could exit anytime after this check.
> + * This check only prevents connections using uintr_fd after the
> + * receiver has already exited/unregistered.
> + */
> + if (!uintr_is_receiver_active(r_info))
> + return -ESHUTDOWN;
How is this safe against a concurrent unregister/exit operation?
Thanks,
tglx
On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
> Add a new system call to allow applications to block in the kernel and
> wait for user interrupts.
>
> <The current implementation doesn't support waking up from other
> blocking system calls like sleep(), read(), epoll(), etc.
>
> uintr_wait() is a placeholder syscall while we decide on that
> behaviour.>
>
> When the application makes this syscall the notification vector is
> switched to a new kernel vector. Any new SENDUIPI will invoke the kernel
> interrupt which is then used to wake up the process.
>
> Currently, the task wait list is global one. To make the implementation
> scalable there is a need to move to a distributed per-cpu wait list.
How are per cpu wait lists going to solve the problem?
> +
> +/*
> + * Handler for UINTR_KERNEL_VECTOR.
> + */
> +DEFINE_IDTENTRY_SYSVEC(sysvec_uintr_kernel_notification)
> +{
> + /* TODO: Add entry-exit tracepoints */
> + ack_APIC_irq();
> + inc_irq_stat(uintr_kernel_notifications);
> +
> + uintr_wake_up_process();
So this interrupt happens for any of those notifications. How are they
differentiated?
>
> +int uintr_receiver_wait(void)
> +{
> + struct uintr_upid_ctx *upid_ctx;
> + unsigned long flags;
> +
> + if (!is_uintr_receiver(current))
> + return -EOPNOTSUPP;
> +
> + upid_ctx = current->thread.ui_recv->upid_ctx;
> + upid_ctx->upid->nc.nv = UINTR_KERNEL_VECTOR;
> + upid_ctx->waiting = true;
> + spin_lock_irqsave(&uintr_wait_lock, flags);
> + list_add(&upid_ctx->node, &uintr_wait_list);
> + spin_unlock_irqrestore(&uintr_wait_lock, flags);
> +
> + set_current_state(TASK_INTERRUPTIBLE);
Because we have not enough properly implemented wait primitives you need
to open code one which is blantantly wrong vs. a concurrent wake up?
> + schedule();
How is that correct vs. a spurious wakeup? What takes care that the
entry is removed from the list?
Again. We have proper wait primitives.
> + return -EINTR;
> +}
> +
> +/*
> + * Runs in interrupt context.
> + * Scan through all UPIDs to check if any interrupt is on going.
> + */
> +void uintr_wake_up_process(void)
> +{
> + struct uintr_upid_ctx *upid_ctx, *tmp;
> + unsigned long flags;
> +
> + spin_lock_irqsave(&uintr_wait_lock, flags);
> + list_for_each_entry_safe(upid_ctx, tmp, &uintr_wait_list, node) {
> + if (test_bit(UPID_ON, (unsigned long*)&upid_ctx->upid->nc.status)) {
> + set_bit(UPID_SN, (unsigned long *)&upid_ctx->upid->nc.status);
> + upid_ctx->upid->nc.nv = UINTR_NOTIFICATION_VECTOR;
> + upid_ctx->waiting = false;
> + wake_up_process(upid_ctx->task);
> + list_del(&upid_ctx->node);
So any of these notification interrupts does a global mass wake up? How
does that make sense?
> + }
> + }
> + spin_unlock_irqrestore(&uintr_wait_lock, flags);
> +}
> +
> +/* Called when task is unregistering/exiting */
> +static void uintr_remove_task_wait(struct task_struct *task)
> +{
> + struct uintr_upid_ctx *upid_ctx, *tmp;
> + unsigned long flags;
> +
> + spin_lock_irqsave(&uintr_wait_lock, flags);
> + list_for_each_entry_safe(upid_ctx, tmp, &uintr_wait_list, node) {
> + if (upid_ctx->task == task) {
> + pr_debug("wait: Removing task %d from wait\n",
> + upid_ctx->task->pid);
> + upid_ctx->upid->nc.nv = UINTR_NOTIFICATION_VECTOR;
> + upid_ctx->waiting = false;
> + list_del(&upid_ctx->node);
> + }
What? You have to do a global list walk to find the entry which you
added yourself?
Thanks,
tglx
On Fri, Sep 24 2021 at 13:04, Thomas Gleixner wrote:
> On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
>> +int uintr_receiver_wait(void)
>> +{
>> + struct uintr_upid_ctx *upid_ctx;
>> + unsigned long flags;
>> +
>> + if (!is_uintr_receiver(current))
>> + return -EOPNOTSUPP;
>> +
>> + upid_ctx = current->thread.ui_recv->upid_ctx;
>> + upid_ctx->upid->nc.nv = UINTR_KERNEL_VECTOR;
>> + upid_ctx->waiting = true;
>> + spin_lock_irqsave(&uintr_wait_lock, flags);
>> + list_add(&upid_ctx->node, &uintr_wait_list);
>> + spin_unlock_irqrestore(&uintr_wait_lock, flags);
>> +
>> + set_current_state(TASK_INTERRUPTIBLE);
>
> Because we have not enough properly implemented wait primitives you need
> to open code one which is blantantly wrong vs. a concurrent wake up?
>
>> + schedule();
>
> How is that correct vs. a spurious wakeup? What takes care that the
> entry is removed from the list?
>
> Again. We have proper wait primitives.
Aisde of that this is completely broken vs. CPU hotplug.
CPUX
switchto(tsk)
tsk->upid.ndst = apicid(smp_processor_id();
ret_to_user()
...
sys_uintr_wait()
...
schedule()
After that CPU X is unplugged which means the task won't be woken up by
an user IPI which is issued after CPU X went down.
Thanks,
tglx
On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
> Add a new system call to allow applications to block in the kernel and
> wait for user interrupts.
>
> <The current implementation doesn't support waking up from other
> blocking system calls like sleep(), read(), epoll(), etc.
>
> uintr_wait() is a placeholder syscall while we decide on that
> behaviour.>
Which behaviour? You cannot integrate this into [clock_]nanosleep() by
any means or wakeup something which is blocked in read(somefd) via
SENDUIPI.
What you can do is implement read() and poll() support for the
uintrfd. Anything else is just not going to fly.
Adding support for read/poll is pretty much a straight forward variant
of a correctly implemented wait()/wakeup() mechanism.
While poll()/read() support might be useful and poll() also provides a
timeout, having an explicit (timed) wait mechanism might be interesting.
But that brings me to an interesting question. There are two cases:
1) The task installed a user space interrupt handler. Now it
want's to play nice and yield the CPU while waiting.
So it needs to reinstall the UINV vector on return to user and
update UIRR, but that'd be covered by the existing mechanism. Fine.
2) Task has no user space interrupt handler installed and just want's
to use that wait mechanism.
What is consuming the pending bit(s)?
If that's not a valid use case, then the wait has to check for that
and reject the syscall with EINVAL.
If it is valid, then how are the pending bits consumed and relayed to
user space?
The same questions arise when you think about implementing poll/read
support simply because the regular poll/read semantics are:
poll waits for the event and read consumes the event
which would be similar to #2 above, but with an installed user space
interrupt handler the return from the poll system call would consume the
event immediately (assumed that UIF is set).
Thanks,
tglx
On 9/23/2021 3:34 PM, Thomas Gleixner wrote:
> On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
>> Enable xstate supervisor support for User Interrupts by default.
> What means enabled by default? It's enabled when available and not
> disabled on the command line.
I'll remove it.
>> The user interrupt state for a task consists of the MSR state and the
>> User Interrupt Flag (UIF) value. XSAVES and XRSTORS handle saving and
>> restoring both of these states.
>>
>> <The supervisor XSTATE code might be reworked based on issues reported
>> in the past. The Uintr context switching code would also need rework and
>> additional testing in that regard.>
> What? Which issues were reported and if they have been reported then how
> is the provided code correct?
I apologize for causing this confusion. This comment was added a few
months back when the PKRU and FPU code was being reworked. This comment
is no longer valid.
>> +/*
>> + * State component 14 is supervisor state used for User Interrupts state.
>> + * The size of this state is 48 bytes
>> + */
>> +struct uintr_state {
>> + u64 handler;
>> + u64 stack_adjust;
>> + u32 uitt_size;
>> + u8 uinv;
>> + u8 pad1;
>> + u8 pad2;
>> + u8 uif_pad3; /* bit 7 - UIF, bits 6:0 - reserved */
> Please do not use tail comments. Also what kind of name is uif_pad3?
> Bitfields exist for a reason.
An internal version of this used bitfields. I was suggested that use of
bitfields is not recommended for x86 code.
The name uif_pad3 is really ugly though. I'll change it to a bitfield
next time.
Thanks,
Sohil
On 9/23/2021 5:41 PM, Thomas Gleixner wrote:
> On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
>
>> User interrupt state is saved and restored using xstate supervisor
>> feature support. This includes the MSR state and the User Interrupt Flag
>> (UIF) value.
>>
>> During context switch update the UPID for a uintr task to reflect the
>> current state of the task; namely whether the task should receive
>> interrupt notifications and which cpu the task is currently running on.
>>
>> XSAVES clears the notification vector (UINV) in the MISC MSR to prevent
>> interrupts from being recognized in the UIRR MSR while the task is being
>> context switched. The UINV is restored back when the kernel does an
>> XRSTORS.
>>
>> However, this conflicts with the kernel's lazy restore optimization
>> which skips an XRSTORS if the kernel is scheduling the same user task
>> back and the underlying MSR state hasn't been modified. Special handling
>> is needed for a uintr task in the context switch path to keep using this
>> optimization.
> And this special handling is?
By special handling I meant programming the MSR when XRSTORS doesn't
happen on return to userspace. The pseudo code you provided in patch 5
comments handles this well.
>> + * cleared.
>> */
>> void save_fpregs_to_fpstate(struct fpu *fpu)
>> {
>> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
>> index ec0d836a13b1..62b82137db9c 100644
>> --- a/arch/x86/kernel/process_64.c
>> +++ b/arch/x86/kernel/process_64.c
>> @@ -53,6 +53,7 @@
>> #include <asm/xen/hypervisor.h>
>> #include <asm/vdso.h>
>> #include <asm/resctrl.h>
>> +#include <asm/uintr.h>
>> #include <asm/unistd.h>
>> #include <asm/fsgsbase.h>
>> #ifdef CONFIG_IA32_EMULATION
>> @@ -565,6 +566,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
>> WARN_ON_ONCE(IS_ENABLED(CONFIG_DEBUG_ENTRY) &&
>> this_cpu_read(hardirq_stack_inuse));
>>
>> + if (static_cpu_has(X86_FEATURE_UINTR))
> cpu_feature_enabled() please.
I'll fix this and the other issues that you mentioned.
>> + switch_uintr_prepare(prev_p);
>> +
>> if (!test_thread_flag(TIF_NEED_FPU_LOAD))
>> switch_fpu_prepare(prev_fpu, cpu);
>>
>> diff --git a/arch/x86/kernel/uintr_core.c b/arch/x86/kernel/uintr_core.c
>> index 2c6042a6840a..7a29888050ad 100644
>> --- a/arch/x86/kernel/uintr_core.c
>> +++ b/arch/x86/kernel/uintr_core.c
>> @@ -238,3 +238,78 @@ int do_uintr_register_handler(u64 handler)
>>
>> return 0;
>> }
>> +
>> +/* Suppress notifications since this task is being context switched out */
>> +void switch_uintr_prepare(struct task_struct *prev)
>> +{
>> + struct uintr_upid *upid;
>> +
>> + if (is_uintr_receiver(prev)) {
>> + upid = prev->thread.ui_recv->upid_ctx->upid;
>> + set_bit(UPID_SN, (unsigned long *)&upid->nc.status);
> Please add a comment why this needs to be a locked instruction.
>
>
Ok, will do. The SN bit could be read concurrently on another CPU
executing SENDUIPI.
> Of course this is invoked unconditionally when the CPU has
> X86_FEATURE_UINTR:
>
>> + if (static_cpu_has(X86_FEATURE_UINTR))
>> + switch_uintr_return();
> Why?
>
> If the sequence is:
>
> syscall()
> do_stuff()
> return_to_user()
>
> then what on earth has modified that MSR state? Nothing at all, but you
> still run this code. What for?
>
>
The pseudo code in patch 5 covers this. I'll fix the code based on that.
Thanks,
Sohil
On 9/23/2021 6:02 PM, Thomas Gleixner wrote:
> On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
>
>> The user interrupt MSRs and the user interrupt state is task specific.
>> During task fork and exit clear the task state, clear the MSRs and
>> dereference the shared resources.
>>
>> Some of the memory resources like the UPID are referenced in the file
>> descriptor and could be in use while the uintr_fd is still valid.
>> Instead of freeing up the UPID just dereference it.
> Derefencing the UPID, i.e. accessing task->upid->foo helps in which way?
>
> You want to drop the reference count I assume. Then please write that
> so.
Ah! Not sure how I associated dereference to dropping the reference.
Will update this.
>
>> @@ -260,6 +260,7 @@ int fpu_clone(struct task_struct *dst)
>> {
>> struct fpu *src_fpu = ¤t->thread.fpu;
>> struct fpu *dst_fpu = &dst->thread.fpu;
>> + struct uintr_state *uintr_state;
>>
>> /* The new task's FPU state cannot be valid in the hardware. */
>> dst_fpu->last_cpu = -1;
>> @@ -284,6 +285,14 @@ int fpu_clone(struct task_struct *dst)
>>
>> else
>> save_fpregs_to_fpstate(dst_fpu);
>> +
>> + /* UINTR state is not expected to be inherited (in the current design). */
>> + if (static_cpu_has(X86_FEATURE_UINTR)) {
>> + uintr_state = get_xsave_addr(&dst_fpu->state.xsave, XFEATURE_UINTR);
>> + if (uintr_state)
>> + memset(uintr_state, 0, sizeof(*uintr_state));
>> + }
> 1) If the FPU registers are up to date then this can be completely
> avoided by excluding the UINTR component from XSAVES
You mentioned this in the other thread that the UINTR state must be
invalidated during fpu_clone().
I am not sure if understand all the nuances here. Your suggestion seems
valid to me. I'll have to think more about this.
> 2) If the task never used that muck then UINTR is in init state and
> clearing that memory is a redunant exercise because it has been
> cleared already
Yes. I'll add a check for that.
>> + * exit_thread() can happen in current context when the current thread is
>> + * exiting or it can happen for a new thread that is being created.
> A right that makes sense. If a new thread is created then it can call
> exit_thread(), right?
What I meant here is that exit_thread() can also be called during
copy_process() if it runs into an issue.
bad_fork_cleanup_thread:
exit_thread();
In this case is_uintr_receiver() will fail. I'll update the comments to
reflect that.
>> + * For new threads is_uintr_receiver() should fail.
> Should fail?
Thanks,
Sohil
On 9/23/2021 5:28 AM, Greg KH wrote:
> On Mon, Sep 13, 2021 at 01:01:29PM -0700, Sohil Mehta wrote:
>> +/* User Interrupt Target Table Entry (UITTE) */
>> +struct uintr_uitt_entry {
>> + u8 valid; /* bit 0: valid, bit 1-7: reserved */
> Do you check that the other bits are set to 0?
I don't have a check but kzalloc() in alloc_uitt() should set it to 0.
>> + u8 user_vec;
>> + u8 reserved[6];
> What is this reserved for?
This is hardware defined structure as well. I should probably mention
this it in the comment above.
>> + u64 target_upid_addr;
> If this is a pointer, why not say it is a pointer?
I used a u64 to get the size and alignment of this structure as required
by the hardware. I wasn't sure if using a struct upid * would complicate
that.
Also this field is never used as a pointer by the kernel. It is only
used to program an entry that is read by the hardware.
Is this reasonable or would you still prefer a pointer?
>> +} __packed __aligned(16);
>> +
>> +struct uintr_uitt_ctx {
>> + struct uintr_uitt_entry *uitt;
>> + /* Protect UITT */
>> + spinlock_t uitt_lock;
>> + refcount_t refs;
> Again, a kref please.
Will do.
Thanks,
Sohil
On 9/24/2021 3:33 AM, Thomas Gleixner wrote:
> If this ever comes back in some form, then I pretty please want the life
> time rules of this documented properly.
I'll document the life time rules for the UPID, vector and UITT next
time. I realize now that they are quite convoluted in the current
implementation.
I'll also fix the concurrency and serialization issues that you
mentioned in this patch and the next one.
>
>> + ret = task_work_add(r_info->upid_ctx->task, &r_info->twork, true);
> Care to look at the type of the third argument of task_work_add()?
Ah! I didn't realize the third argument changed a long time back.
>
>> +/*
>> + * sys_uintr_create_fd - Create a uintr_fd for the registered interrupt vector.
> So this creates a file descriptor for a vector which is already
> allocated and then it calls do_uintr_register_vector() which allocates
> the vector?
The syscall comment is misleading. Will fix it.
Vector allocation happens in userspace. The application is only expected
to register the vector.
This syscall only creates an FD abstraction for the vector that is
*being* registered.
>> + */
>> +SYSCALL_DEFINE2(uintr_create_fd, u64, vector, unsigned int, flags)
>> +{
Thanks,
Sohil
On 9/24/2021 4:04 AM, Thomas Gleixner wrote:
> On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
>> Currently, the task wait list is global one. To make the implementation
>> scalable there is a need to move to a distributed per-cpu wait list.
> How are per cpu wait lists going to solve the problem?
Currently, the global wait list can be concurrently accessed by multiple
cpus. If we have per-cpu wait lists then the UPID scanning only needs to
happen on the local cpu's wait list.
After an application calls uintr_wait(), the notification interrupt will
be delivered only to the cpu where the task blocked. In this case, we
can reduce the UPID search list and probably get rid of the global
spinlock as well.
Though, I am not sure how much impact this would have vs. the problem of
scanning the entire wait list.
>> +
>> +/*
>> + * Handler for UINTR_KERNEL_VECTOR.
>> + */
>> +DEFINE_IDTENTRY_SYSVEC(sysvec_uintr_kernel_notification)
>> +{
>> + /* TODO: Add entry-exit tracepoints */
>> + ack_APIC_irq();
>> + inc_irq_stat(uintr_kernel_notifications);
>> +
>> + uintr_wake_up_process();
> So this interrupt happens for any of those notifications. How are they
> differentiated?
Unfortunately, there is no help from the hardware here to identify the
intended target.
When a task blocks we:
* switch the UINV to a kernel NV.
* leave SN as 0
* leave UPID.NDST to the current cpu
* add the task to a wait list
When the notification interrupt arrives:
* Scan the entire wait list to check if the ON bit is set for any UPID
(very inefficient)
* Set SN to 1 for that task.
* Change the UINV to user NV.
* Remove the task from the list and make it runnable.
We could end up detecting multiple tasks that have the ON bit set. The
notification interrupt for any task that has ON set is expected to
arrive soon anyway. So no harm done here.
The main issue here is we would end up scanning the entire list for
every interrupt. Not sure if there any way we could optimize this?
> Again. We have proper wait primitives.
I'll use proper wait primitives next time.
>> + return -EINTR;
>> +}
>> +
>> +/*
>> + * Runs in interrupt context.
>> + * Scan through all UPIDs to check if any interrupt is on going.
>> + */
>> +void uintr_wake_up_process(void)
>> +{
>> + struct uintr_upid_ctx *upid_ctx, *tmp;
>> + unsigned long flags;
>> +
>> + spin_lock_irqsave(&uintr_wait_lock, flags);
>> + list_for_each_entry_safe(upid_ctx, tmp, &uintr_wait_list, node) {
>> + if (test_bit(UPID_ON, (unsigned long*)&upid_ctx->upid->nc.status)) {
>> + set_bit(UPID_SN, (unsigned long *)&upid_ctx->upid->nc.status);
>> + upid_ctx->upid->nc.nv = UINTR_NOTIFICATION_VECTOR;
>> + upid_ctx->waiting = false;
>> + wake_up_process(upid_ctx->task);
>> + list_del(&upid_ctx->node);
> So any of these notification interrupts does a global mass wake up? How
> does that make sense?
The wake up happens only for the tasks that have a pending interrupt.
They are going to be woken up soon anyways.
>> +/* Called when task is unregistering/exiting */
>> +static void uintr_remove_task_wait(struct task_struct *task)
>> +{
>> + struct uintr_upid_ctx *upid_ctx, *tmp;
>> + unsigned long flags;
>> +
>> + spin_lock_irqsave(&uintr_wait_lock, flags);
>> + list_for_each_entry_safe(upid_ctx, tmp, &uintr_wait_list, node) {
>> + if (upid_ctx->task == task) {
>> + pr_debug("wait: Removing task %d from wait\n",
>> + upid_ctx->task->pid);
>> + upid_ctx->upid->nc.nv = UINTR_NOTIFICATION_VECTOR;
>> + upid_ctx->waiting = false;
>> + list_del(&upid_ctx->node);
>> + }
> What? You have to do a global list walk to find the entry which you
> added yourself?
Duh! I could have gotten the upid_ctx from the task_struct itself. Will
fix this.
Thanks,
Sohil
On 9/25/2021 5:08 AM, Thomas Gleixner wrote:
> Aisde of that this is completely broken vs. CPU hotplug.
>
Thank you for pointing this out. I hadn't even considered CPU hotplug.
Thanks,
Sohil
On 9/26/2021 7:41 AM, Thomas Gleixner wrote:
> On Mon, Sep 13 2021 at 13:01, Sohil Mehta wrote:
>> Add a new system call to allow applications to block in the kernel and
>> wait for user interrupts.
>>
>> <The current implementation doesn't support waking up from other
>> blocking system calls like sleep(), read(), epoll(), etc.
>>
>> uintr_wait() is a placeholder syscall while we decide on that
>> behaviour.>
> Which behaviour? You cannot integrate this into [clock_]nanosleep() by
> any means or wakeup something which is blocked in read(somefd) via
> SENDUIPI.
That is the (wishful) desire.
The idea is to have a behavior similar to signals for all or a subset of
system calls. i.e. return an EINTR by interrupting the blocked syscall
and possibly have a SA_RESTART type of mechanism.
Can we use the existing signal infrastructure to generate a temporary
in-kernel signal upon detection of an pending user interrupt? The
temporary signal doesn't need to be delivered to application but it
would just be a mechanism to interrupt the blocked syscall.
I don't know anything about the signaling subsystem nor have I tried
prototyping this. So, all this might be completely baseless.
> What you can do is implement read() and poll() support for the
> uintrfd. Anything else is just not going to fly.
>
> Adding support for read/poll is pretty much a straight forward variant
> of a correctly implemented wait()/wakeup() mechanism.
I tried doing this but I ran into a couple of issues.
1) uintrfd is mapped to a single vector (out of 64). But there is no
easy hardware mechanism to wait for specific vectors. Waiting for one
vector might mean waiting for all.
2) The scope of uintrfd is process wide. Also, it would be shared with
senders. But the wait/wake mechanism is specific to the task that
created the fd and has a UPID allocated.
As you mentioned below, relaying the pending interrupt information of
another task would be very tricky.
> While poll()/read() support might be useful and poll() also provides a
> timeout, having an explicit (timed) wait mechanism might be interesting.
I prototyped uintr_wait() with the same intention to have an explicit
timed yield mechanism. There is very little ambiguity about who is
waiting for what and how we would deliver the interrupts.
> But that brings me to an interesting question. There are two cases:
>
> 1) The task installed a user space interrupt handler. Now it
> want's to play nice and yield the CPU while waiting.
>
> So it needs to reinstall the UINV vector on return to user and
> update UIRR, but that'd be covered by the existing mechanism. Fine.
>
> 2) Task has no user space interrupt handler installed and just want's
> to use that wait mechanism.
>
> What is consuming the pending bit(s)?
>
> If that's not a valid use case, then the wait has to check for that
> and reject the syscall with EINVAL.
Yeah. I feel this is not a valid use case. But I am no application
developer. I will try to seek more opinions here.
> If it is valid, then how are the pending bits consumed and relayed to
> user space?
This is very tricky. Because a task that owns the UPID might be
consuming interrupts while the kernel tries to relay the pending
interrupt information to another task.
> The same questions arise when you think about implementing poll/read
> support simply because the regular poll/read semantics are:
>
> poll waits for the event and read consumes the event
> which would be similar to #2 above, but with an installed user space
> interrupt handler the return from the poll system call would consume the
> event immediately (assumed that UIF is set).
>
Yup. There is no read data associated with uintrfd. This might be
confusing for the application.
Overall, I feel signal handler semantics fit better with User interrupts
handlers. But as you mentioned there might be no easy way to achieve that.
Thanks again for providing your input on this.
Sohil
On Mon, Sep 13, 2021, at 1:01 PM, Sohil Mehta wrote:
> Add a new system call to allow applications to block in the kernel and
> wait for user interrupts.
>
...
>
> When the application makes this syscall the notification vector is
> switched to a new kernel vector. Any new SENDUIPI will invoke the kernel
> interrupt which is then used to wake up the process.
Any new SENDUIPI that happens to hit the target CPU's ucode at a time when the kernel vector is enabled will deliver the interrupt. Any new SENDUIPI that happens to hit the target CPU's ucode at a time when a different UIPI-using task is running will *not* deliver the interrupt, unless I'm missing some magic. Which means that wakeups will be missed, which I think makes this whole idea a nonstarter.
Am I missing something?
On Mon, Sep 13, 2021, at 1:01 PM, Sohil Mehta wrote:
> User Interrupts Introduction
> ============================
>
> User Interrupts (Uintr) is a hardware technology that enables delivering
> interrupts directly to user space.
>
> Today, virtually all communication across privilege boundaries happens by going
> through the kernel. These include signals, pipes, remote procedure calls and
> hardware interrupt based notifications. User interrupts provide the foundation
> for more efficient (low latency and low CPU utilization) versions of these
> common operations by avoiding transitions through the kernel.
>
...
I spent some time reviewing the docs (ISE) and contemplating how this all fits together, and I have a high level question:
Can someone give an example of a realistic workload that would benefit from SENDUIPI and precisely how it would use SENDUIPI? Or an example of a realistic workload that would benefit from hypothetical device-initiated user interrupts and how it would use them? I'm having trouble imagining something that wouldn't work as well or better by simply polling, at least on DMA-coherent architectures like x86.
(I can imagine some benefit to a hypothetical improved SENDUIPI with idential user semantics but that supported a proper interaction with the scheduler and blocking syscalls. But that's not what's documented in the ISE...)
--Andy
On 9/28/2021 8:30 PM, Andy Lutomirski wrote:
> On Mon, Sep 13, 2021, at 1:01 PM, Sohil Mehta wrote:
>> Add a new system call to allow applications to block in the kernel and
>> wait for user interrupts.
>>
> ...
>
>> When the application makes this syscall the notification vector is
>> switched to a new kernel vector. Any new SENDUIPI will invoke the kernel
>> interrupt which is then used to wake up the process.
> Any new SENDUIPI that happens to hit the target CPU's ucode at a time when the kernel vector is enabled will deliver the interrupt. Any new SENDUIPI that happens to hit the target CPU's ucode at a time when a different UIPI-using task is running will *not* deliver the interrupt, unless I'm missing some magic. Which means that wakeups will be missed, which I think makes this whole idea a nonstarter.
>
> Am I missing something?
The current kernel implementation reserves 2 notification vectors (NV)
for the 2 states of a thread (running vs blocked).
NV-1 – used only for tasks that are running. (results in a user
interrupt or a spurious kernel interrupt)
NV-2 – used only for a tasks that are blocked in the kernel. (always
results in a kernel interrupt)
The UPID.UINV bits are switched between NV-1 and NV-2 based on the state
of the task.
However, NV-1 is also programmed in the running task's MISC_MSR UINV
bits. This is what tells the ucode that the notification vector received
is for the user instead of the kernel.
NV-2 is never programmed in the MISC_MSR of a task. When NV-2 arrives on
any cpu there is never a possibility of it being detected as a User
Interrupt. It will always be delivered to the kernel.
Does this help clarify the above?
I just realized, we need to be careful when the notification vectors are
switched in the UPID. Any pending vectors detected after the switch
should abort the blocking call. The current code is wrong in a lot of
places where it touches the UPID.
Thanks,
Sohil
On Tue, Sep 28, 2021 at 11:01:54AM -0700, Sohil Mehta wrote:
> On 9/23/2021 5:28 AM, Greg KH wrote:
> > On Mon, Sep 13, 2021 at 01:01:29PM -0700, Sohil Mehta wrote:
> > > +/* User Interrupt Target Table Entry (UITTE) */
> > > +struct uintr_uitt_entry {
> > > + u8 valid; /* bit 0: valid, bit 1-7: reserved */
> > Do you check that the other bits are set to 0?
>
> I don't have a check but kzalloc() in alloc_uitt() should set it to 0.
>
> > > + u8 user_vec;
> > > + u8 reserved[6];
> > What is this reserved for?
>
> This is hardware defined structure as well. I should probably mention this
> it in the comment above.
>
> > > + u64 target_upid_addr;
> > If this is a pointer, why not say it is a pointer?
>
> I used a u64 to get the size and alignment of this structure as required by
> the hardware. I wasn't sure if using a struct upid * would complicate that.
>
> Also this field is never used as a pointer by the kernel. It is only used to
> program an entry that is read by the hardware.
>
> Is this reasonable or would you still prefer a pointer?
Ok, just document it really well that this is NOT a real address used by
the kernel. As it is, that's not obvious at all.
And if this crosses the user/kernel boundry, it needs to be __u64 right?
thanks,
greg k-h
On 9/29/2021 12:04 AM, Greg KH wrote:
> On Tue, Sep 28, 2021 at 11:01:54AM -0700, Sohil Mehta wrote:
>>
>> Is this reasonable or would you still prefer a pointer?
> Ok, just document it really well that this is NOT a real address used by
> the kernel. As it is, that's not obvious at all.
Thanks. I'll do that.
>
> And if this crosses the user/kernel boundry, it needs to be __u64 right?
This one doesn't cross the user/kernel boundary. The kernel programs a
value in this struct for the hardware to consume.
But there might be other places where I have missed that. I'll fix those.
Thanks,
Sohil
On 9/30/2021 9:30 AM, Stefan Hajnoczi wrote:
> On Tue, Sep 28, 2021 at 09:31:34PM -0700, Andy Lutomirski wrote:
>>
>> I spent some time reviewing the docs (ISE) and contemplating how this all fits together, and I have a high level question:
>>
>> Can someone give an example of a realistic workload that would benefit from SENDUIPI and precisely how it would use SENDUIPI? Or an example of a realistic workload that would benefit from hypothetical device-initiated user interrupts and how it would use them? I'm having trouble imagining something that wouldn't work as well or better by simply polling, at least on DMA-coherent architectures like x86.
> I was wondering the same thing. One thing came to mind:
>
> An application that wants to be *interrupted* from what it's doing
> rather than waiting until the next polling point. For example,
> applications that are CPU-intensive and have green threads. I can't name
> a real application like this though :P.
Thank you Stefan and Andy for giving this some thought.
We are consolidating the information internally on where and how exactly
we expect to see benefits with real workloads for the various sources of
User Interrupts. It will take a few days to get back on this one.
> (I can imagine some benefit to a hypothetical improved SENDUIPI with idential user semantics but that supported a proper interaction with the scheduler and blocking syscalls. But that's not what's documented in the ISE...)
Andy, can you please provide some more context/details on this? Is this
regarding the blocking syscalls discussion (in patch 11) or something else?
Thanks,
Sohil
On Thu, Sep 30, 2021, at 10:24 AM, Sohil Mehta wrote:
> On 9/30/2021 9:30 AM, Stefan Hajnoczi wrote:
>> On Tue, Sep 28, 2021 at 09:31:34PM -0700, Andy Lutomirski wrote:
>>>
>>> I spent some time reviewing the docs (ISE) and contemplating how this all fits together, and I have a high level question:
>>>
>>> Can someone give an example of a realistic workload that would benefit from SENDUIPI and precisely how it would use SENDUIPI? Or an example of a realistic workload that would benefit from hypothetical device-initiated user interrupts and how it would use them? I'm having trouble imagining something that wouldn't work as well or better by simply polling, at least on DMA-coherent architectures like x86.
>> I was wondering the same thing. One thing came to mind:
>>
>> An application that wants to be *interrupted* from what it's doing
>> rather than waiting until the next polling point. For example,
>> applications that are CPU-intensive and have green threads. I can't name
>> a real application like this though :P.
>
> Thank you Stefan and Andy for giving this some thought.
>
> We are consolidating the information internally on where and how exactly
> we expect to see benefits with real workloads for the various sources of
> User Interrupts. It will take a few days to get back on this one.
Thanks!
>
>
>> (I can imagine some benefit to a hypothetical improved SENDUIPI with idential user semantics but that supported a proper interaction with the scheduler and blocking syscalls. But that's not what's documented in the ISE...)
>
> Andy, can you please provide some more context/details on this? Is this
> regarding the blocking syscalls discussion (in patch 11) or something else?
>
Yes, and I'll follow up there. I hereby upgrade my opinion of SENDUIPI wakeups to "probably doable but maybe not in a nice way."
On Tue, Sep 28, 2021 at 09:31:34PM -0700, Andy Lutomirski wrote:
> On Mon, Sep 13, 2021, at 1:01 PM, Sohil Mehta wrote:
> > User Interrupts Introduction
> > ============================
> >
> > User Interrupts (Uintr) is a hardware technology that enables delivering
> > interrupts directly to user space.
> >
> > Today, virtually all communication across privilege boundaries happens by going
> > through the kernel. These include signals, pipes, remote procedure calls and
> > hardware interrupt based notifications. User interrupts provide the foundation
> > for more efficient (low latency and low CPU utilization) versions of these
> > common operations by avoiding transitions through the kernel.
> >
>
> ...
>
> I spent some time reviewing the docs (ISE) and contemplating how this all fits together, and I have a high level question:
>
> Can someone give an example of a realistic workload that would benefit from SENDUIPI and precisely how it would use SENDUIPI? Or an example of a realistic workload that would benefit from hypothetical device-initiated user interrupts and how it would use them? I'm having trouble imagining something that wouldn't work as well or better by simply polling, at least on DMA-coherent architectures like x86.
I was wondering the same thing. One thing came to mind:
An application that wants to be *interrupted* from what it's doing
rather than waiting until the next polling point. For example,
applications that are CPU-intensive and have green threads. I can't name
a real application like this though :P.
Stefan
On Tue, Sep 28, 2021, at 9:56 PM, Sohil Mehta wrote:
> On 9/28/2021 8:30 PM, Andy Lutomirski wrote:
>> On Mon, Sep 13, 2021, at 1:01 PM, Sohil Mehta wrote:
>>> Add a new system call to allow applications to block in the kernel and
>>> wait for user interrupts.
>>>
>> ...
>>
>>> When the application makes this syscall the notification vector is
>>> switched to a new kernel vector. Any new SENDUIPI will invoke the kernel
>>> interrupt which is then used to wake up the process.
>> Any new SENDUIPI that happens to hit the target CPU's ucode at a time when the kernel vector is enabled will deliver the interrupt. Any new SENDUIPI that happens to hit the target CPU's ucode at a time when a different UIPI-using task is running will *not* deliver the interrupt, unless I'm missing some magic. Which means that wakeups will be missed, which I think makes this whole idea a nonstarter.
>>
>> Am I missing something?
>
>
> The current kernel implementation reserves 2 notification vectors (NV)
> for the 2 states of a thread (running vs blocked).
>
> NV-1 – used only for tasks that are running. (results in a user
> interrupt or a spurious kernel interrupt)
>
> NV-2 – used only for a tasks that are blocked in the kernel. (always
> results in a kernel interrupt)
>
> The UPID.UINV bits are switched between NV-1 and NV-2 based on the state
> of the task.
Aha, cute. So NV-1 is only sent if the target is directly paying attention and, assuming all the atomics are done right, NV-2 will be sent for tasks that are asleep.
Logically, I think these are the possible states for a receiving task:
1. Running. SENDUIPI will actually deliver the event directly (or not if uintr is masked). If the task just stopped running and the atomics are right, then the schedule-out code can, I think, notice.
2. Not running, but either runnable or not currently waiting for uintr (e.g. blocked in an unrelated syscall). This is straightforward -- no IPI or other action is needed other than setting the uintr-pending bit.
3. Blocked and waiting for uintr. For this to work right, anyone trying to send with SENDUIPI (or maybe a vdso or similar clever wrapper around it) needs to result in either a fault or an IPI so the kernel can process the wakeup.
(Note that, depending on how fancy we get with file descriptors and polling, we need to watch out for the running-and-also-waiting-for-kernel-notification state. That one will never work right.)
3 is the nasty case, and your patch makes it work with this NV-2 trick. The trick is a bit gross for a couple reasons. First, it conveys no useful information to the kernel except that an unknown task did SENDUIPI and maybe that the target was most recently on a given CPU. So a big list search is needed. Also, it hits an essentially arbitrary and possibly completely innocent victim CPU and task, and people doing any sort of task isolation workload will strongly dislike this. For some of those users, "strongly" may mean "treat system as completely failed, fail over to something else and call expensive tech support." So we can't do that.
I think we have three choices:
Use a fancy wrapper around SENDUIPI. This is probably a bad idea.
Treat the NV-2 as a real interrupt and honor affinity settings. This will be annoying and slow, I think, if it's even workable at all.
Handle this case with faults instead of interrupts. We could set a reserved bit in UPID so that SENDUIPI results in #GP, decode it, and process it. This puts the onus on the actual task causing trouble, which is nice, and it lets us find the UPID and target directly instead of walking all of them. I don't know how well it would play with hypothetical future hardware-initiated uintrs, though.
On Thu, Sep 30 2021 at 11:08, Andy Lutomirski wrote:
> On Tue, Sep 28, 2021, at 9:56 PM, Sohil Mehta wrote:
> I think we have three choices:
>
> Use a fancy wrapper around SENDUIPI. This is probably a bad idea.
>
> Treat the NV-2 as a real interrupt and honor affinity settings. This
> will be annoying and slow, I think, if it's even workable at all.
We can make it a real interrupt in form of a per CPU interrupt, but
affinity settings are not really feasible because the affinity is in the
UPID.ndst field. So, yes we can target it to some CPU, but that's racy.
> Handle this case with faults instead of interrupts. We could set a
> reserved bit in UPID so that SENDUIPI results in #GP, decode it, and
> process it. This puts the onus on the actual task causing trouble,
> which is nice, and it lets us find the UPID and target directly
> instead of walking all of them. I don't know how well it would play
> with hypothetical future hardware-initiated uintrs, though.
I thought about that as well and dismissed it due to the hardware
initiated ones but thinking more about it, those need some translation
unit (e.g. irq remapping) anyway, so it might be doable to catch those
as well. So we could just ignore them for now and go for the #GP trick
and deal with the device initiated ones later when they come around :)
But even with that we still need to keep track of the armed ones per CPU
so we can handle CPU hotunplug correctly. Sigh...
Thanks,
tglx
On Mon, Sep 13, 2021 at 01:01:19PM -0700, Sohil Mehta wrote:
> User Interrupts Introduction
> ============================
>
> User Interrupts (Uintr) is a hardware technology that enables delivering
> interrupts directly to user space.
>
> Today, virtually all communication across privilege boundaries happens by going
> through the kernel. These include signals, pipes, remote procedure calls and
> hardware interrupt based notifications. User interrupts provide the foundation
> for more efficient (low latency and low CPU utilization) versions of these
> common operations by avoiding transitions through the kernel.
>
> In the User Interrupts hardware architecture, a receiver is always expected to
> be a user space task. However, a user interrupt can be sent by another user
> space task, kernel or an external source (like a device).
>
> In addition to the general infrastructure to receive user interrupts, this
> series introduces a single source: interrupts from another user task. These
> are referred to as User IPIs.
>
> The first implementation of User IPIs will be in the Intel processor code-named
> Sapphire Rapids. Refer Chapter 11 of the Intel Architecture instruction set
> extensions for details of the hardware architecture [1].
>
> Series-reviewed-by: Tony Luck <[email protected]>
>
> Main goals of this RFC
> ======================
> - Introduce this upcoming technology to the community.
> This cover letter includes a hardware architecture summary along with the
> software architecture and kernel design choices. This post is a bit long as a
> result. Hopefully, it helps answer more questions than it creates :) I am also
> planning to talk about User Interrupts next week at the LPC Kernel summit.
>
> - Discuss potential use cases.
> We are starting to look at actual usages and libraries (like libevent[2] and
> liburing[3]) that can take advantage of this technology. Unfortunately, we
> don't have much to share on this right now. We need some help from the
> community to identify usages that can benefit from this. We would like to make
> sure the proposed APIs work for the eventual consumers.
>
> - Get early feedback on the software architecture.
> We are hoping to get some feedback on the direction of overall software
> architecture - starting with User IPI, extending it for kernel-to-user
> interrupt notifications and external interrupts in the future.
>
> - Discuss some of the main architecture opens.
> There is lot of work that still needs to happen to enable this technology. We
> are looking for some input on future patches that would be of interest. Here
> are some of the big opens that we are looking to resolve.
> * Should Uintr interrupt all blocking system calls like sleep(), read(),
> poll(), etc? If so, should we implement an SA_RESTART type of mechanism
> similar to signals? - Refer Blocking for interrupts section below.
>
> * Should the User Interrupt Target table (UITT) be shared between threads of a
> multi-threaded application or maybe even across processes? - Refer Sharing
> the UITT section below.
>
> Why care about this? - Micro benchmark performance
> ==================================================
> There is a ~9x or higher performance improvement using User IPI over other IPC
> mechanisms for event signaling.
>
> Below is the average normalized latency for a 1M ping-pong IPC notifications
> with message size=1.
>
> +------------+-------------------------+
> | IPC type | Relative Latency |
> | |(normalized to User IPI) |
> +------------+-------------------------+
> | User IPI | 1.0 |
> | Signal | 14.8 |
> | Eventfd | 9.7 |
Is this the bi-directional eventfd benchmark?
https://github.com/intel/uintr-ipc-bench/blob/linux-rfc-v1/source/eventfd/eventfd-bi.c
Two things stand out:
1. The server and client threads are racing on the same eventfd.
Eventfds aren't bi-directional! The eventfd_wait() function has code
to write the value back, which is a waste of CPU cycles and hinders
progress. I've never seen eventfd used this way in real applications.
Can you use two separate eventfds?
2. The fd is in blocking mode and the task may be descheduled, so we're
measuring eventfd read/write latency plus scheduler/context-switch
latency. A fairer comparison against user interrupts would be to busy
wait on a non-blocking fd so the scheduler/context-switch latency is
mostly avoided. After all, the uintrfd-bi.c benchmark does this in
uintrfd_wait():
// Keep spinning until the interrupt is received
while (!uintr_received[token]);
On Thu, Sep 30, 2021, at 12:29 PM, Thomas Gleixner wrote:
> On Thu, Sep 30 2021 at 11:08, Andy Lutomirski wrote:
>> On Tue, Sep 28, 2021, at 9:56 PM, Sohil Mehta wrote:
>> I think we have three choices:
>>
>> Use a fancy wrapper around SENDUIPI. This is probably a bad idea.
>>
>> Treat the NV-2 as a real interrupt and honor affinity settings. This
>> will be annoying and slow, I think, if it's even workable at all.
>
> We can make it a real interrupt in form of a per CPU interrupt, but
> affinity settings are not really feasible because the affinity is in the
> UPID.ndst field. So, yes we can target it to some CPU, but that's racy.
>
>> Handle this case with faults instead of interrupts. We could set a
>> reserved bit in UPID so that SENDUIPI results in #GP, decode it, and
>> process it. This puts the onus on the actual task causing trouble,
>> which is nice, and it lets us find the UPID and target directly
>> instead of walking all of them. I don't know how well it would play
>> with hypothetical future hardware-initiated uintrs, though.
>
> I thought about that as well and dismissed it due to the hardware
> initiated ones but thinking more about it, those need some translation
> unit (e.g. irq remapping) anyway, so it might be doable to catch those
> as well. So we could just ignore them for now and go for the #GP trick
> and deal with the device initiated ones later when they come around :)
Sounds good to me. In the long run, if Intel wants device initiated fancy interrupts to work well, they need a new design.
>
> But even with that we still need to keep track of the armed ones per CPU
> so we can handle CPU hotunplug correctly. Sigh...
I don’t think any real work is needed. We will only ever have armed UPIDs (with notification interrupts enabled) for running tasks, and hot-unplugged CPUs don’t have running tasks. We do need a way to drain pending IPIs before we offline a CPU, but that’s a separate problem and may be unsolvable for all I know. Is there a magic APIC operation to wait until all initiated IPIs targeting the local CPU arrive? I guess we can also just mask the notification vector so that it won’t crash us if we get a stale IPI after going offline.
>
> Thanks,
>
> tglx
On Thu, Sep 30 2021 at 15:01, Andy Lutomirski wrote:
> On Thu, Sep 30, 2021, at 12:29 PM, Thomas Gleixner wrote:
>>
>> But even with that we still need to keep track of the armed ones per CPU
>> so we can handle CPU hotunplug correctly. Sigh...
>
> I don’t think any real work is needed. We will only ever have armed
> UPIDs (with notification interrupts enabled) for running tasks, and
> hot-unplugged CPUs don’t have running tasks.
That's not the problem. The problem is the wait for uintr case where the
task is obviously not running:
CPU 1
upid = T1->upid;
upid->vector = UINTR_WAIT_VECTOR;
upid->ndst = local_apic_id();
...
do {
....
schedule();
}
CPU 0
unplug CPU 1
SENDUPI(index)
// Hardware does:
tblentry = &ttable[index];
upid = tblentry->upid;
upid->pir |= tblentry->uv;
send_IPI(upid->vector, upid->ndst);
So SENDUPI will send the IPI to the APIC ID provided by T1->upid.ndst
which points to the offlined CPU 1 and therefore is obviously going to
/dev/null. IOW, lost wakeup...
> We do need a way to drain pending IPIs before we offline a CPU, but
> that’s a separate problem and may be unsolvable for all I know. Is
> there a magic APIC operation to wait until all initiated IPIs
> targeting the local CPU arrive? I guess we can also just mask the
> notification vector so that it won’t crash us if we get a stale IPI
> after going offline.
All of this is solved already otherwise CPU hot unplug would explode in
your face every time. The software IPI send side is carefully
synchronized vs. hotplug (at least in theory). May I ask you politely to
make yourself familiar with all that before touting "We do need..." based
on random assumptions?
The above SENDUIPI vs. CPU hotplug scenario is the same problem as we
have with regular device interrupts which are targeted at an outgoing
CPU. We have magic mechanisms in place to handle that to the extent
possible, but due to the insanity of X86 interrupt handling mechanics
that still leaves a very tiny hole which might cause a lost and
subsequently stale interrupt. Nothing we can fix in software.
So on CPU offline the hotplug code walks through all device interrupts
and checks whether they are targeted at the outgoing CPU. If so they are
rerouted to an online CPU with lots of care to make the possible race
window as small as it gets. That's nowadays only a problem on systems
where interrupt remapping is not available or disabled via commandline.
For tasks which just have the user interrupt armed there is no problem
because SENDUPI modifies UPID->PIR which is reevaluated when the task
which got migrated to an online CPU is going back to user space.
The uintr_wait() syscall creates the very same problem as we have with
device interrupts. Which means we need to make that wait thing:
upid = T1->upid;
upid->vector = UINTR_WAIT_VECTOR;
upid->ndst = local_apic_id();
list_add(this_cpu_ptr(pcp_uintrs), upid->pcp_uintr);
...
do {
....
schedule();
}
list_del_init(upid->pcp_uintr);
and the hotplug code do:
for_each_entry_safe(upid, this_cpu_ptr(pcp_uintrs), ...) {
list_del(upid->pcp_uintr);
upid->ndst = apic_id_of_random_online_cpu();
if (do_magic_checks_whether_ipi_is_pending())
send_ipi(upid->vector, upid->ndst);
}
See?
We could map that to the interrupt subsystem by creating a virtual
interrupt domain for this, but that would make uintr_wait() look like
this:
irq = uintr_alloc_irq();
request_irq(irq, ......);
upid = T1->upid;
upid->vector = UINTR_WAIT_VECTOR;
upid->ndst = local_apic_id();
list_add(this_cpu_ptr(pcp_uintrs), upid->pcp_uintr);
...
do {
....
schedule();
}
list_del_init(upid->pcp_uintr);
free_irq(irq);
But the benefit of that is dubious as it creates overhead on both sides
of the sleep and the only real purpose of the irq request would be to
handle CPU hotunplug without the above per CPU list mechanics.
Welcome to my wonderful world!
Thanks,
tglx
On 9/30/2021 9:26 AM, Stefan Hajnoczi wrote:
> On Mon, Sep 13, 2021 at 01:01:19PM -0700, Sohil Mehta wrote:
>> +------------+-------------------------+
>> | IPC type | Relative Latency |
>> | |(normalized to User IPI) |
>> +------------+-------------------------+
>> | User IPI | 1.0 |
>> | Signal | 14.8 |
>> | Eventfd | 9.7 |
> Is this the bi-directional eventfd benchmark?
> https://github.com/intel/uintr-ipc-bench/blob/linux-rfc-v1/source/eventfd/eventfd-bi.c
Yes. I have left it unmodified from the original source. But, I should
have looked at it more closely.
> Two things stand out:
>
> 1. The server and client threads are racing on the same eventfd.
> Eventfds aren't bi-directional! The eventfd_wait() function has code
> to write the value back, which is a waste of CPU cycles and hinders
> progress. I've never seen eventfd used this way in real applications.
> Can you use two separate eventfds?
Sure. I can do that.
> 2. The fd is in blocking mode and the task may be descheduled, so we're
> measuring eventfd read/write latency plus scheduler/context-switch
> latency. A fairer comparison against user interrupts would be to busy
> wait on a non-blocking fd so the scheduler/context-switch latency is
> mostly avoided. After all, the uintrfd-bi.c benchmark does this in
> uintrfd_wait():
>
> // Keep spinning until the interrupt is received
> while (!uintr_received[token]);
That makes sense. I'll give this a try and send out the updated results.
Thanks,
Sohil
On Thu, Sep 30, 2021, at 5:01 PM, Thomas Gleixner wrote:
> On Thu, Sep 30 2021 at 15:01, Andy Lutomirski wrote:
>> On Thu, Sep 30, 2021, at 12:29 PM, Thomas Gleixner wrote:
>>>
>>> But even with that we still need to keep track of the armed ones per CPU
>>> so we can handle CPU hotunplug correctly. Sigh...
>>
>> I don’t think any real work is needed. We will only ever have armed
>> UPIDs (with notification interrupts enabled) for running tasks, and
>> hot-unplugged CPUs don’t have running tasks.
>
> That's not the problem. The problem is the wait for uintr case where the
> task is obviously not running:
>
> CPU 1
> upid = T1->upid;
> upid->vector = UINTR_WAIT_VECTOR;
> upid->ndst = local_apic_id();
> ...
> do {
> ....
> schedule();
> }
>
> CPU 0
> unplug CPU 1
>
> SENDUPI(index)
> // Hardware does:
> tblentry = &ttable[index];
> upid = tblentry->upid;
> upid->pir |= tblentry->uv;
> send_IPI(upid->vector, upid->ndst);
>
> So SENDUPI will send the IPI to the APIC ID provided by T1->upid.ndst
> which points to the offlined CPU 1 and therefore is obviously going to
> /dev/null. IOW, lost wakeup...
Yes, but I don't think this is how we should structure this.
CPU 1
upid->vector = UINV;
upid->ndst = local_apic_id()
exit to usermode;
return from usermode;
...
schedule();
fpu__save_crap [see below]:
if (this task is waiting for a uintr) {
upid->resv0 = 1; /* arm #GP */
} else {
upid->sn = 1;
}
>
>> We do need a way to drain pending IPIs before we offline a CPU, but
>> that’s a separate problem and may be unsolvable for all I know. Is
>> there a magic APIC operation to wait until all initiated IPIs
>> targeting the local CPU arrive? I guess we can also just mask the
>> notification vector so that it won’t crash us if we get a stale IPI
>> after going offline.
>
> All of this is solved already otherwise CPU hot unplug would explode in
> your face every time. The software IPI send side is carefully
> synchronized vs. hotplug (at least in theory). May I ask you politely to
> make yourself familiar with all that before touting "We do need..." based
> on random assumptions?
I'm aware that the software send IPI side is synchronized against hotplug. But SENDUIPI is not unless we're going to have the CPU offline code IPI every other CPU to make sure that their SENDUIPIs have completed -- we don't control the SENDUIPI code.
After reading the ISE docs again, I think it might be possible to use the ON bit to synchronize. In the schedule-out path, if we discover that ON = 1, then there is an IPI in flight to us. In theory, we could wait for it, although actually doing so could be a mess. That's why I'm asking whether there's a way to tell the APIC to literally wait for all IPIs that are *already sent* to be delivered.
>
> The above SENDUIPI vs. CPU hotplug scenario is the same problem as we
> have with regular device interrupts which are targeted at an outgoing
> CPU. We have magic mechanisms in place to handle that to the extent
> possible, but due to the insanity of X86 interrupt handling mechanics
> that still leaves a very tiny hole which might cause a lost and
> subsequently stale interrupt. Nothing we can fix in software.
>
> So on CPU offline the hotplug code walks through all device interrupts
> and checks whether they are targeted at the outgoing CPU. If so they are
> rerouted to an online CPU with lots of care to make the possible race
> window as small as it gets. That's nowadays only a problem on systems
> where interrupt remapping is not available or disabled via commandline.
>
> For tasks which just have the user interrupt armed there is no problem
> because SENDUPI modifies UPID->PIR which is reevaluated when the task
> which got migrated to an online CPU is going back to user space.
>
> The uintr_wait() syscall creates the very same problem as we have with
> device interrupts. Which means we need to make that wait thing:
>
> upid = T1->upid;
> upid->vector = UINTR_WAIT_VECTOR;
This is exactly what I'm suggesting we *don't* do. Instead we set a reserved bit, we decode SENDUIPI in the #GP handler, and we emulate, in-kernel, the notification process for non-running tasks.
Now that I read the docs some more, I'm seriously concerned about this XSAVE design. XSAVES with UINTR is destructive -- it clears UINV. If we actually use this, then the whole last_cpu "preserve the state in registers" optimization goes out the window. So does anything that happens to assume that merely saving the state doesn't destroy it on respectable modern CPUs XRSTORS will #GP if you XRSTORS twice, which makes me nervous and would need a serious audit of our XRSTORS paths.
This is gross.
--Andy
On Thu, Sep 30 2021 at 21:41, Andy Lutomirski wrote:
> On Thu, Sep 30, 2021, at 5:01 PM, Thomas Gleixner wrote:
>> All of this is solved already otherwise CPU hot unplug would explode in
>> your face every time. The software IPI send side is carefully
>> synchronized vs. hotplug (at least in theory). May I ask you politely to
>> make yourself familiar with all that before touting "We do need..." based
>> on random assumptions?
>
> I'm aware that the software send IPI side is synchronized against
> hotplug. But SENDUIPI is not unless we're going to have the CPU
> offline code IPI every other CPU to make sure that their SENDUIPIs
> have completed -- we don't control the SENDUIPI code.
That's correct, but on CPU hot unplug _all_ running tasks have been
migrated to an online CPU _before_ the APIC is turned off. So they all
went through schedule() which set the UPID->SN bit. That's obviously
racy, but that has to be handled in exit to user mode anyway because
that's not different from any other migration or preemption. So that's
_not_ a problem at all.
The problem only exists if we can't do the #GP trick for tasks which are
sitting in uintr_wait(). Because then we _have_ to be careful vs. a
concurrent SENDUPI. But that'd be not any different from the problem
vs. device interrupts which we have today.
If we can use #GP then there is no problem at all and we avoid all the
nasty stuff vs. hotplug and avoid the list walk etc.
> After reading the ISE docs again, I think it might be possible to use
> the ON bit to synchronize. In the schedule-out path, if we discover
> that ON = 1, then there is an IPI in flight to us. In theory, we
> could wait for it, although actually doing so could be a mess. That's
> why I'm asking whether there's a way to tell the APIC to literally
> wait for all IPIs that are *already sent* to be delivered.
You could busy poll with interrupts enabled, but that does not solve
anything. What guarantees that after APIC.IRR is clear no further IPI is
sent? Nothing at all. But again, that's not any different from device
interrupts and we already handle that today:
cpu down()
...
disable interrupts();
for_each_interrupt_affine_to_cpu(irq) {
change_affinity_to_online_cpu(irq, new_target_cpu);
// Did device send to the old vector?
if (APIC.IRR & vector_bit(old_vector))
send_IPI(new_target_cpu, new_vector);
}
So for uintr_wait() w/o #GP we'd need to do:
for_each_waiter_on_cpu(w) {
move_waiter_to_new_target_cpu_wait_list(w);
w->ndest = new_target_cpu;
if (w->ON)
send_IPI(new_target_cpu, UIWAIT_VECTOR);
}
>> The uintr_wait() syscall creates the very same problem as we have with
>> device interrupts. Which means we need to make that wait thing:
>>
>> upid = T1->upid;
>> upid->vector = UINTR_WAIT_VECTOR;
>
> This is exactly what I'm suggesting we *don't* do. Instead we set a
> reserved bit, we decode SENDUIPI in the #GP handler, and we emulate,
> in-kernel, the notification process for non-running tasks.
Yes, under the assumption that we can use #GP without breaking device
delivery.
> Now that I read the docs some more, I'm seriously concerned about this
> XSAVE design. XSAVES with UINTR is destructive -- it clears UINV. If
> we actually use this, then the whole last_cpu "preserve the state in
> registers" optimization goes out the window. So does anything that
> happens to assume that merely saving the state doesn't destroy it on
> respectable modern CPUs XRSTORS will #GP if you XRSTORS twice, which
> makes me nervous and would need a serious audit of our XRSTORS paths.
I have no idea what you are fantasizing about. You can XRSTORS five
times in a row as long as your XSTATE memory image is correct.
If you don't want to use XSAVES to manage UINTR then you have to manualy
fiddle with the MSRs and UIF in schedule() and return to user space.
Also keeping UINV alive when scheduling out creates a life time issue
vs. UPID:
CPU 0 CPU 1 CPU2
T1 -> schedule // UPID is live in UINTR MSRs
do_stuff_in_kernel()
local_irq_disable();
SENDUIPI(T1 -> CPU1)
pull T1
T1 exits
free UPID
local_irq_enable();
ucode handles UINV -> UAF
Clearing UINV prevents the ucode from handling the IPI and fiddling with
UPID. The CPU will forward the IPI vector to the kernel which acks it
and does nothing else, i.e. it's a spurious interrupt.
Coming back to state preserving. All what needs to be done for a
situation where the rest of the XSTATE is live in the registers, i.e.
the T -> kthread -> T scheduling scenario, is to restore UINV on exit to
user mode and handle UPID.PIR which might contain newly set bits which
are obviously not yet in UPID.IRR. That can be done by MSR fiddling or
by issuing an self IPI on the UINV vector which will be handled in ucode
on the first user space instruction after return.
When the FPU has to be restored then the state has to be updated in the
XSAVE memory image before doing XRSTORS.
Thanks,
tglx
Hi!
> Instructions
> ------------
> senduipi <index> - send a user IPI to a target task based on the UITT index.
>
> clui - Mask user interrupts by clearing UIF (User Interrupt Flag).
>
> stui - Unmask user interrupts by setting UIF.
>
> testui - Test current value of UIF.
>
> uiret - return from a user interrupt handler.
Are other CPU vendors allowed to implement compatible instructions?
If not, we should probably have VDSO entries so kernel can abstract
differences between CPUs.
> Untrusted processes
> -------------------
> The current implementation expects only trusted and cooperating processes to
> communicate using user interrupts. Coordination is expected between processes
> for a connection teardown. In situations where coordination doesn't happen
> (say, due to abrupt process exit), the kernel would end up keeping shared
> resources (like UPID) allocated to avoid faults.
Keeping resources allocated after process exit is a no-no.
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
On Fri, Oct 1, 2021, at 2:56 AM, Thomas Gleixner wrote:
> On Thu, Sep 30 2021 at 21:41, Andy Lutomirski wrote:
>> On Thu, Sep 30, 2021, at 5:01 PM, Thomas Gleixner wrote:
>
>> Now that I read the docs some more, I'm seriously concerned about this
>> XSAVE design. XSAVES with UINTR is destructive -- it clears UINV. If
>> we actually use this, then the whole last_cpu "preserve the state in
>> registers" optimization goes out the window. So does anything that
>> happens to assume that merely saving the state doesn't destroy it on
>> respectable modern CPUs XRSTORS will #GP if you XRSTORS twice, which
>> makes me nervous and would need a serious audit of our XRSTORS paths.
>
> I have no idea what you are fantasizing about. You can XRSTORS five
> times in a row as long as your XSTATE memory image is correct.
I'm just reading TFM, which is some kind of dystopian fantasy.
11.8.2.4 XRSTORS
Before restoring the user-interrupt state component, XRSTORS verifies that UINV is 0. If it is not, XRSTORS
causes a general-protection fault (#GP) before loading any part of the user-interrupt state component. (UINV
is IA32_UINTR_MISC[39:32]; XRSTORS does not check the contents of the remainder of that MSR.)
So if UINV is set in the memory image and you XRSTORS five times in a row, the first one will work assuming UINV was zero. The second one will #GP. And:
11.8.2.3 XSAVES
After saving the user-interrupt state component, XSAVES clears UINV. (UINV is IA32_UINTR_MISC[39:32];
XSAVES does not modify the remainder of that MSR.)
So if we're running a UPID-enabled user task and we switch to a kernel thread, we do XSAVES and UINV is cleared. Then we switch back to the same task and don't do XRSTORS (or otherwise write IA32_UINTR_MISC) and UINV is still clear.
And we had better clear UINV when running a kernel thread because the UPID might get freed or the kernel thread might do some CPL3 shenanigans (via EFI, perhaps? I don't know if any firmwares actually do this).
So all this seems to put UINV into the "independent" category of feature along with LBR. And the 512-byte wastes from extra copies of the legacy area and the loss of the XMODIFIED optimization will just be collateral damage.
On Thu, Sep 30, 2021 at 10:24:24AM -0700, Sohil Mehta wrote:
>
> On 9/30/2021 9:30 AM, Stefan Hajnoczi wrote:
> > On Tue, Sep 28, 2021 at 09:31:34PM -0700, Andy Lutomirski wrote:
> > >
> > > I spent some time reviewing the docs (ISE) and contemplating how this all fits together, and I have a high level question:
> > >
> > > Can someone give an example of a realistic workload that would benefit from SENDUIPI and precisely how it would use SENDUIPI? Or an example of a realistic workload that would benefit from hypothetical device-initiated user interrupts and how it would use them? I'm having trouble imagining something that wouldn't work as well or better by simply polling, at least on DMA-coherent architectures like x86.
> > I was wondering the same thing. One thing came to mind:
> >
> > An application that wants to be *interrupted* from what it's doing
> > rather than waiting until the next polling point. For example,
> > applications that are CPU-intensive and have green threads. I can't name
> > a real application like this though :P.
>
> Thank you Stefan and Andy for giving this some thought.
>
> We are consolidating the information internally on where and how exactly we
> expect to see benefits with real workloads for the various sources of User
> Interrupts. It will take a few days to get back on this one.
One possible use case came to mind in QEMU's TCG just-in-time compiler:
QEMU's TCG threads execute translated code. There are events that
require interrupting these threads. Today a check is performed at the
start of every translated block. Most of the time the check is false and
it's a waste of CPU.
User interrupts can eliminate the need for checks by interrupting TCG
threads when events occur.
I don't know whether this will improve performance or how feasible it is
to implement, but I've added people who might have ideas. (For a summary
of user interrupts, see
https://lwn.net/SubscriberLink/871113/60652640e11fc5df/.)
Stefan
On 10/1/21 12:35 PM, Stefan Hajnoczi wrote:
> QEMU's TCG threads execute translated code. There are events that
> require interrupting these threads. Today a check is performed at the
> start of every translated block. Most of the time the check is false and
> it's a waste of CPU.
>
> User interrupts can eliminate the need for checks by interrupting TCG
> threads when events occur.
We used to use interrupts, and stopped because we need to wait until the guest is in a
stable state. The guest is always in a stable state at the beginning of each TB.
See 378df4b2375.
r~
On 10/1/2021 8:13 AM, Andy Lutomirski wrote:
>
> I'm just reading TFM, which is some kind of dystopian fantasy.
>
> 11.8.2.4 XRSTORS
>
> Before restoring the user-interrupt state component, XRSTORS verifies that UINV is 0. If it is not, XRSTORS
> causes a general-protection fault (#GP) before loading any part of the user-interrupt state component. (UINV
> is IA32_UINTR_MISC[39:32]; XRSTORS does not check the contents of the remainder of that MSR.)
>
> So if UINV is set in the memory image and you XRSTORS five times in a row, the first one will work assuming UINV was zero. The second one will #GP. And:
>
> 11.8.2.3 XSAVES
> After saving the user-interrupt state component, XSAVES clears UINV. (UINV is IA32_UINTR_MISC[39:32];
> XSAVES does not modify the remainder of that MSR.)
>
> So if we're running a UPID-enabled user task and we switch to a kernel thread, we do XSAVES and UINV is cleared. Then we switch back to the same task and don't do XRSTORS (or otherwise write IA32_UINTR_MISC) and UINV is still clear.
Andy,
I am still catching up with the rest of the discussion but I wanted to
provide some input here.
Have you had a chance to look at the discussion on this topic in patch 5?
https://lore.kernel.org/lkml/87bl4fcxz8.ffs@tglx/
The pseudo code Thomas provided and my comments on the same cover the
above situation.
The UINV bits in the IA32_UINTR_MISC act as an on/off switch for
detecting user interrupts (i.e. moving them from UPID.PIR to UIRR). When
XSAVES saves UIRR into memory we want the switch to atomically turn off
to stop detecting additional interrupts. When we restore the state back
the hardware wants to be sure the switch is off before writing to UIRR.
If not, the UIRR state could potentially be overwritten.
That's how I understand the XSAVES/XRSTORS behavior. I can confirm with
the hardware architects if you want more details here.
Regarding the #GP trick proposal, I am planning to get some feedback
from the hardware folks to see if any potential issues could arise.
I am on a pre-planned break next week. I apologize (in advance) for the
delay in responding.
Thanks,
Sohil
On Fri, Oct 01 2021 at 08:13, Andy Lutomirski wrote:
> On Fri, Oct 1, 2021, at 2:56 AM, Thomas Gleixner wrote:
>> On Thu, Sep 30 2021 at 21:41, Andy Lutomirski wrote:
>>> On Thu, Sep 30, 2021, at 5:01 PM, Thomas Gleixner wrote:
>>
>>> Now that I read the docs some more, I'm seriously concerned about this
>>> XSAVE design. XSAVES with UINTR is destructive -- it clears UINV. If
>>> we actually use this, then the whole last_cpu "preserve the state in
>>> registers" optimization goes out the window. So does anything that
>>> happens to assume that merely saving the state doesn't destroy it on
>>> respectable modern CPUs XRSTORS will #GP if you XRSTORS twice, which
>>> makes me nervous and would need a serious audit of our XRSTORS paths.
>>
>> I have no idea what you are fantasizing about. You can XRSTORS five
>> times in a row as long as your XSTATE memory image is correct.
>
> I'm just reading TFM, which is some kind of dystopian fantasy.
>
> 11.8.2.4 XRSTORS
>
> Before restoring the user-interrupt state component, XRSTORS verifies
> that UINV is 0. If it is not, XRSTORS causes a general-protection
> fault (#GP) before loading any part of the user-interrupt state
> component. (UINV is IA32_UINTR_MISC[39:32]; XRSTORS does not check the
> contents of the remainder of that MSR.)
Duh. I was staring at the SDM and searching for a hint. Stupid me!
> So if UINV is set in the memory image and you XRSTORS five times in a
> row, the first one will work assuming UINV was zero. The second one
> will #GP.
Yes. I can see what you mean now :)
> 11.8.2.3 XSAVES
> After saving the user-interrupt state component, XSAVES clears UINV. (UINV is IA32_UINTR_MISC[39:32];
> XSAVES does not modify the remainder of that MSR.)
>
> So if we're running a UPID-enabled user task and we switch to a kernel
> thread, we do XSAVES and UINV is cleared. Then we switch back to the
> same task and don't do XRSTORS (or otherwise write IA32_UINTR_MISC)
> and UINV is still clear.
Yes, that has to be mopped up on the way to user space.
> And we had better clear UINV when running a kernel thread because the
> UPID might get freed or the kernel thread might do some CPL3
> shenanigans (via EFI, perhaps? I don't know if any firmwares actually
> do this).
Right. That's what happens already with the current pile.
> So all this seems to put UINV into the "independent" category of
> feature along with LBR. And the 512-byte wastes from extra copies of
> the legacy area and the loss of the XMODIFIED optimization will just
> be collateral damage.
So we'd end up with two XSAVES on context switch. We can simply do:
XSAVES();
fpu.state.xtsate.uintr.uinv = 0;
which allows to do as many XRSTORS in a row as we want. Only the final
one on the way to user space will have to restore the real vector if the
register state is not valid:
if (fpu_state_valid()) {
if (needs_uinv(current)
wrmsrl(UINV, vector);
} else {
if (needs_uinv(current)
fpu.state.xtsate.uintr.uinv = vector;
XRSTORS();
}
Hmm?
Thanks,
tglx
> On Oct 1, 2021, at 2:29 PM, Thomas Gleixner <[email protected]> wrote:
>
> On Fri, Oct 01 2021 at 08:13, Andy Lutomirski wrote:
>
>>> On Fri, Oct 1, 2021, at 2:56 AM, Thomas Gleixner wrote:
>>> On Thu, Sep 30 2021 at 21:41, Andy Lutomirski wrote:
>>>>> On Thu, Sep 30, 2021, at 5:01 PM, Thomas Gleixner wrote:
>>>
>>>> Now that I read the docs some more, I'm seriously concerned about this
>>>> XSAVE design. XSAVES with UINTR is destructive -- it clears UINV. If
>>>> we actually use this, then the whole last_cpu "preserve the state in
>>>> registers" optimization goes out the window. So does anything that
>>>> happens to assume that merely saving the state doesn't destroy it on
>>>> respectable modern CPUs XRSTORS will #GP if you XRSTORS twice, which
>>>> makes me nervous and would need a serious audit of our XRSTORS paths.
>>>
>>> I have no idea what you are fantasizing about. You can XRSTORS five
>>> times in a row as long as your XSTATE memory image is correct.
>>
>> I'm just reading TFM, which is some kind of dystopian fantasy.
>>
>> 11.8.2.4 XRSTORS
>>
>> Before restoring the user-interrupt state component, XRSTORS verifies
>> that UINV is 0. If it is not, XRSTORS causes a general-protection
>> fault (#GP) before loading any part of the user-interrupt state
>> component. (UINV is IA32_UINTR_MISC[39:32]; XRSTORS does not check the
>> contents of the remainder of that MSR.)
>
> Duh. I was staring at the SDM and searching for a hint. Stupid me!
>
>> So if UINV is set in the memory image and you XRSTORS five times in a
>> row, the first one will work assuming UINV was zero. The second one
>> will #GP.
>
> Yes. I can see what you mean now :)
>
>> 11.8.2.3 XSAVES
>> After saving the user-interrupt state component, XSAVES clears UINV. (UINV is IA32_UINTR_MISC[39:32];
>> XSAVES does not modify the remainder of that MSR.)
>>
>> So if we're running a UPID-enabled user task and we switch to a kernel
>> thread, we do XSAVES and UINV is cleared. Then we switch back to the
>> same task and don't do XRSTORS (or otherwise write IA32_UINTR_MISC)
>> and UINV is still clear.
>
> Yes, that has to be mopped up on the way to user space.
>
>> And we had better clear UINV when running a kernel thread because the
>> UPID might get freed or the kernel thread might do some CPL3
>> shenanigans (via EFI, perhaps? I don't know if any firmwares actually
>> do this).
>
> Right. That's what happens already with the current pile.
>
>> So all this seems to put UINV into the "independent" category of
>> feature along with LBR. And the 512-byte wastes from extra copies of
>> the legacy area and the loss of the XMODIFIED optimization will just
>> be collateral damage.
>
> So we'd end up with two XSAVES on context switch. We can simply do:
>
> XSAVES();
> fpu.state.xtsate.uintr.uinv = 0;
Could work. As long as UINV is armed, RR can change at any time (maybe just when IF=1? The manual is unclear). But the first XSAVES disarms UINV, so maybe this won’t confuse any callers.
>
> which allows to do as many XRSTORS in a row as we want. Only the final
> one on the way to user space will have to restore the real vector if the
> register state is not valid:
>
> if (fpu_state_valid()) {
> if (needs_uinv(current)
> wrmsrl(UINV, vector);
> } else {
> if (needs_uinv(current)
> fpu.state.xtsate.uintr.uinv = vector;
> XRSTORS();
> }
>
> Hmm?
I like it better than anything else I’ve seen.
>
> Thanks,
>
> tglx
On 10/1/2021 2:29 PM, Thomas Gleixner wrote:
> So we'd end up with two XSAVES on context switch. We can simply do:
> XSAVES();
> fpu.state.xtsate.uintr.uinv = 0;
I am a bit confused. Do we need to set UINV to 0 explicitly?
If XSAVES gets called twice during context switch then the UINV in the
XSTATE buffer automatically gets set to 0. Since XSAVES saves the
current UINV value in the MISC_MSR which was already set to 0 by the
previous XSAVES.
Though, this probably happens due to pure luck than intentional design :)
> which allows to do as many XRSTORS in a row as we want. Only the final
> one on the way to user space will have to restore the real vector if the
> register state is not valid:
>
> if (fpu_state_valid()) {
> if (needs_uinv(current)
> wrmsrl(UINV, vector);
> } else {
> if (needs_uinv(current)
> fpu.state.xtsate.uintr.uinv = vector;
> XRSTORS();
> }
I might have missed some subtle difference. Has this logic changed from
what you previously suggested for arch_exit_to_user_mode_prepare()?
if (xrstors_pending)) {
// Update the saved xstate for xrstors
// Unconditionally update the UINV since it could have been
overwritten by calling XSAVES twice.
current->xstate.uintr.uinv = UINTR_NOTIFICATION_VECTOR;
current->xstate.uintr.uirr |= pir;
} else {
// Manually restore UIRR and UINV
rdmsrl(IA32_UINTR_RR, uirr);
wrmsrl(IA32_UINTR_RR, uirr | pir);
misc.val64 = 0;
misc.uittsz = current->uintr->uittsz;
misc.uinv = UINTR_NOTIFICATION_VECTOR;
wrmsrl(IA32_UINTR_MISC, misc.val64);
}
> Hmm?
The one case I can see this failing is if there was another XRSTORS
after the "final" restore in arch_exit_to_user_mode_prepare()? I think
that is not possible but I am not an expert on this. Did I misunderstand
something?
Thanks,
Sohil
> On Sep 13, 2021, at 1:01 PM, Sohil Mehta <[email protected]> wrote:
>
> User Interrupts Introduction
> ============================
>
> User Interrupts (Uintr) is a hardware technology that enables delivering
> interrupts directly to user space.
>
> Today, virtually all communication across privilege boundaries happens by going
> through the kernel. These include signals, pipes, remote procedure calls and
> hardware interrupt based notifications. User interrupts provide the foundation
> for more efficient (low latency and low CPU utilization) versions of these
> common operations by avoiding transitions through the kernel.
>
> In the User Interrupts hardware architecture, a receiver is always expected to
> be a user space task. However, a user interrupt can be sent by another user
> space task, kernel or an external source (like a device).
>
> In addition to the general infrastructure to receive user interrupts, this
> series introduces a single source: interrupts from another user task. These
> are referred to as User IPIs.
>
> The first implementation of User IPIs will be in the Intel processor code-named
> Sapphire Rapids. Refer Chapter 11 of the Intel Architecture instruction set
> extensions for details of the hardware architecture [1].
>
> Series-reviewed-by: Tony Luck <[email protected]>
>
> Main goals of this RFC
> ======================
> - Introduce this upcoming technology to the community.
> This cover letter includes a hardware architecture summary along with the
> software architecture and kernel design choices. This post is a bit long as a
> result. Hopefully, it helps answer more questions than it creates :) I am also
> planning to talk about User Interrupts next week at the LPC Kernel summit.
>
> - Discuss potential use cases.
> We are starting to look at actual usages and libraries (like libevent[2] and
> liburing[3]) that can take advantage of this technology. Unfortunately, we
> don't have much to share on this right now. We need some help from the
> community to identify usages that can benefit from this. We would like to make
> sure the proposed APIs work for the eventual consumers.
>
Here are some use cases received from our Databases(Oracle) group.
They envision considerable benefits with use of user interrupts in
following areas.
1) User mode scheduler
Oracle DB implements user threads(green threads), with cooperative
task switching. User interrupts would enable preempting tasks that are
long running. SENDUIPI would be useful in preempting tasks.
2) Get attention of threads/processes dedicated to cores.
3) Latency sensitive execution
To perform a task in the interrupt context of running threads.
4) User mode I/O completion
Some threads can be waiting on memory using ‘umwait' for RDMA to complete.
Consequently dispatch completion of RDMA event to another thread using
user interrupts for processing.
On those lines, DB will implement services like following using user
interrupts.
1) General RPC, for example
a. Service requests to a small number of worker process/threads.
To request processing data in memory locally on a numa node
by service threads running on that node.
b. Abort current operation to yield or release resources to a
higher priority threads.
2) User mode scheduling - force run the holder of resources.
3) User mode scheduling - log writer is a critical piece of execution for
database updates. So we could post to a thread asking it to run log writer
thread(user thread) immediately. This is useful in user mode scheduling
with use of PMEM, where the log writer no longer has to perform I/O. The
log is written sequentially in PMEM.
4) Debugging:
User interrupt SENDUIPI would be used to force a running DB process to
dump out debug information.
> - Get early feedback on the software architecture.
> We are hoping to get some feedback on the direction of overall software
> architecture - starting with User IPI, extending it for kernel-to-user
> interrupt notifications and external interrupts in the future.
>
> - Discuss some of the main architecture opens.
> There is lot of work that still needs to happen to enable this technology. We
> are looking for some input on future patches that would be of interest. Here
> are some of the big opens that we are looking to resolve.
> * Should Uintr interrupt all blocking system calls like sleep(), read(),
> poll(), etc? If so, should we implement an SA_RESTART type of mechanism
> similar to signals? - Refer Blocking for interrupts section below.
>
> * Should the User Interrupt Target table (UITT) be shared between threads of a
> multi-threaded application or maybe even across processes? - Refer Sharing
> the UITT section below.
>
> Why care about this? - Micro benchmark performance
> ==================================================
> There is a ~9x or higher performance improvement using User IPI over other IPC
> mechanisms for event signaling.
>
> Below is the average normalized latency for a 1M ping-pong IPC notifications
> with message size=1.
>
> +------------+-------------------------+
> | IPC type | Relative Latency |
> | |(normalized to User IPI) |
> +------------+-------------------------+
> | User IPI | 1.0 |
> | Signal | 14.8 |
> | Eventfd | 9.7 |
> | Pipe | 16.3 |
> | Domain | 17.3 |
> +------------+-------------------------+
>
> Results have been estimated based on tests on internal hardware with Linux
> v5.14 + User IPI patches.
>
> Original benchmark: https://github.com/goldsborough/ipc-bench
> Updated benchmark: https://github.com/intel/uintr-ipc-bench/tree/linux-rfc-v1
>
> *Performance varies by use, configuration and other factors.
>
> How it works underneath? - Hardware Summary
> ===========================================
> User Interrupts is a posted interrupt delivery mechanism. The interrupts are
> first posted to a memory location and then delivered to the receiver when they
> are running with CPL=3.
>
> Kernel managed architectural data structures
> --------------------------------------------
> UPID: User Posted Interrupt Descriptor - Holds receiver interrupt vector
> information and notification state (like an ongoing notification, suppressed
> notifications).
>
> UITT: User Interrupt Target Table - Stores UPID pointer and vector information
> for interrupt routing on the sender side. Referred by the senduipi instruction.
>
> The interrupt state of each task is referenced via MSRs which are saved and
> restored by the kernel during context switch.
>
> Instructions
> ------------
> senduipi <index> - send a user IPI to a target task based on the UITT index.
>
> clui - Mask user interrupts by clearing UIF (User Interrupt Flag).
>
> stui - Unmask user interrupts by setting UIF.
>
> testui - Test current value of UIF.
>
> uiret - return from a user interrupt handler.
>
> User IPI
> --------
> When a User IPI sender executes 'senduipi <index>', the hardware refers the
> UITT table entry pointed by the index and posts the interrupt vector (63-0)
> into the receiver's UPID.
>
> If the receiver is running (CPL=3), the sender cpu would send a physical IPI to
> the receiver's cpu. On the receiver side this IPI is detected as a User
> Interrupt. The User Interrupt handler for the receiver is invoked and the
> vector number (63-0) is pushed onto the stack.
>
> Upon execution of 'uiret' in the interrupt handler, the control is transferred
> back to instruction that was interrupted.
>
> Refer Chapter 11 of the Intel Architecture instruction set extensions [1] for
> more details.
>
> Application interface - Software Architecture
> =============================================
> User Interrupts (Uintr) is an opt-in feature (unlike signals). Applications
> wanting to use Uintr are expected to register themselves with the kernel using
> the Uintr related system calls. A Uintr receiver is always a userspace task. A
> Uintr sender can be another userspace task, kernel or a device.
>
> 1) A receiver can register/unregister an interrupt handler using the Uintr
> receiver related syscalls.
> uintr_register_handler(handler, flags)
> uintr_unregister_handler(flags)
>
> 2) A syscall also allows a receiver to register a vector and create a user
> interrupt file descriptor - uintr_fd.
> uintr_fd = uintr_create_fd(vector, flags)
>
> Uintr can be useful in some of the usages where eventfd or signals are used for
> frequent userspace event notifications. The semantics of uintr_fd are somewhat
> similar to an eventfd() or the write end of a pipe.
>
> 3) Any sender with access to uintr_fd can use it to deliver events (in this
> case - interrupts) to a receiver. A sender task can manage its connection with
> the receiver using the sender related syscalls based on uintr_fd.
> uipi_index = uintr_register_sender(uintr_fd, flags)
>
> Using an FD abstraction provides a secure mechanism to connect with a receiver.
> The FD sharing and isolation mechanisms put in place by the kernel would extend
> to Uintr as well.
>
> 4a) After the initial setup, a sender task can use the SENDUIPI instruction
> along with the uipi_index to generate user IPIs without any kernel
> intervention.
> SENDUIPI <uipi_index>
>
> If the receiver is running (CPL=3), then the user interrupt is delivered
> directly without a kernel transition. If the receiver isn't running the
> interrupt is delivered when the receiver gets context switched back. If the
> receiver is blocked in the kernel, the user interrupt is delivered to the
> kernel which then unblocks the intended receiver to deliver the interrupt.
>
> 4b) If the sender is the kernel or a device, the uintr_fd can be passed onto
> the related kernel entity to allow them to setup a connection and then generate
> a user interrupt for event delivery. <The exact details of this API are still
> being worked upon.>
>
> For details of the user interface and associated system calls refer the Uintr
> man-pages draft:
> https://github.com/intel/uintr-linux-kernel/tree/rfc-v1/tools/uintr/manpages.
> We have also included the same content as patch 1 of this series to make it
> easier to review.
>
> Refer the Uintr compiler programming guide [4] for details on Uintr integration
> with GCC and Binutils.
>
> Kernel design choices
> =====================
> Here are some of the reasons and trade-offs for the current design of the APIs.
>
> System call interface
> ---------------------
> Why a system call interface?: The 2 options we considered are using a char
> device at /dev or use system calls (current approach). A syscall approach
> avoids exposing a core cpu feature through a driver model. Also, we want to
> have a user interrupt FD per vector and share a single common interrupt handler
> among all vectors. This seems easier for the kernel and userspace to accomplish
> using a syscall based approach.
>
> Data sharing using user interrupts: Uintr doesn't include a mechanism to
> share/transmit data. The expectation is applications use existing data sharing
> mechanisms to share data and use Uintr only for signaling.
>
> An FD for each vector: A uintr_fd is assigned to each vector to allow fine
> grained priority and event management by the receiver. The alternative we
> considered was to allocate an FD to the interrupt handler and having that
> shared with the sender. However, that approach relies on the sender selecting
> the vector and moves the vector priority management to the sender. Also, if
> multiple senders want to send unique user interrupts they would need to
> coordinate the vector selection amongst them.
>
> Extending the APIs: Currently, the system calls are only extendable using the
> flags argument. We can add a variable size struct to some of the syscalls if
> needed.
>
> Extending existing mechanisms
> -----------------------------
> Uintr can be beneficial in some of the usages where eventfd() or signals are
> used. Since Uintr is hardware-dependent, thread-specific and bypasses the
> kernel in the fast path, it makes extending existing mechanisms harder.
>
> Main issues with extending signals:
> Signal handlers are defined significantly differently than a User interrupt
> handler. An application needs to save/restore registers in a user interrupt
> handler and call uiret to return from it. Also, signals can be process directed
> (or thread directed) but user interrupts are always thread directed.
>
> Comparison of signals with User Interrupts:
> +=====================+===========================+===========================+
> | | Signals | User Interrupts |
> +=====================+===========================+===========================+
> | Stacks | Has alt stacks | Uses application stack |
> | | | (alternate stack option |
> | | | not yet enabled) |
> +---------------------+---------------------------+---------------------------+
> | Registers state | Kernel manages incl. | App responsible (Use GCC |
> | | FPU/XSTATE area | 'interrupt' attribute for |
> | | | general purpose registers)|
> +---------------------+---------------------------+---------------------------+
> | Blocking/Masking | sigprocmask(2)/sa_mask | CLUI instruction (No per |
> | | | vector masking) |
> +---------------------+---------------------------+---------------------------+
> | Direction | Uni-directional | Uni-directional |
> +---------------------+---------------------------+---------------------------+
> | Post event | kill(), signal(), | SENDUIPI <index> - index |
> | | sigqueue(), etc. | derived from uintr_fd |
> +---------------------+---------------------------+---------------------------+
> | Target | Process-directed or | Thread-directed |
> | | thread-directed | |
> +---------------------+---------------------------+---------------------------+
> | Fork/inheritance | Empty signal set | Nothing is inherited |
> +---------------------+---------------------------+---------------------------+
> | Execv | Pending signals preserved | Nothing is inherited |
> +---------------------+---------------------------+---------------------------+
> | Order of delivery | Undetermined | High to low vector numbers|
> | for multiple signals| | |
> +---------------------+---------------------------+---------------------------+
> | Handler re-entry | All signals except the | No interrupts can cause |
> | | one being handled | handler re-entry. |
> +---------------------+---------------------------+---------------------------+
> | Delivery feedback | 0 or -1 based on whether | No feedback on whether the|
> | | the signal was sent | interrupt was sent or |
> | | | received. |
> +---------------------+---------------------------+---------------------------+
>
> Main issues with extending eventfd():
> eventfd() has a counter value that is core to the API. User interrupts can't
> have an associated counter since the signaling happens at the user level and
> the hardware doesn't have a memory counter mechanism. Also, eventfd can be used
> for bi-directional signaling where as uintr_fd is uni-directional.
>
> Comparison of eventfd with uintr_fd:
> +====================+======================+==============================+
> | | Eventfd | uintr_fd (User Interrupt FD) |
> +====================+======================+==============================+
> | Object | Counter - uint64 | Receiver vector information |
> +--------------------+----------------------+------------------------------+
> | Post event | write() to eventfd | SENDUIPI <index> - index |
> | | | derived from uintr_fd |
> +--------------------+----------------------+------------------------------+
> | Receive event | read() on eventfd | Implicit - Handler is |
> | | | invoked with associated |
> | | | vector. |
> +--------------------+----------------------+------------------------------+
> | Direction | Bi-directional | Uni-directional |
> +--------------------+----------------------+------------------------------+
> | Data transmitted | Counter - uint64 | None |
> +--------------------+----------------------+------------------------------+
> | Waiting for events | Poll() family of | No per vector wait. |
> | | syscalls | uintr_wait() allows waiting |
> | | | for all user interrupts |
> +--------------------+----------------------+------------------------------+
>
> Security Model
> ==============
> User Interrupts is designed as an opt-in feature (unlike signals). The security
> model for user interrupts is intended to be similar to eventfd(). The general
> idea is that any sender with access to uintr_fd would be able to generate the
> associated interrupt vector for the receiver task that created the fd.
>
> Untrusted processes
> -------------------
> The current implementation expects only trusted and cooperating processes to
> communicate using user interrupts. Coordination is expected between processes
> for a connection teardown. In situations where coordination doesn't happen
> (say, due to abrupt process exit), the kernel would end up keeping shared
> resources (like UPID) allocated to avoid faults.
>
> Currently, a sender can easily cause a denial of service for the receiver by
> generating a storm of user interrupts. A user interrupt handler is invoked with
> interrupts disabled, but upon execution of uiret, interrupts get enabled again
> by the hardware. This can lead to the handler being invoked again before normal
> execution can resume. There isn't a hardware mechanism to mask specific
> interrupt vectors.
>
> To enable untrusted processes to communicate, we need to add a per-vector
> masking option through another syscall (or maybe IOCTL). However, this can add
> some complexity to the kernel code. A vector can only be masked by modifying
> the UITT entries at the source. We need to be careful about races while
> removing and restoring the UPID from the UITT.
>
> Resource limits
> ---------------
> The maximum number of receiver-sender connections would be limited by the
> maximum number of open file descriptors and the size of the UITT.
>
> The UITT size is chosen as 4kB fixed size arbitrarily right now. We plan to
> make it dynamic and configurable in size. RLIMIT_MEMLOCK or ENOMEM should be
> triggered when the size limits have been hit.
>
> Main Opens
> ==========
>
> Blocking for interrupts
> -----------------------
> User interrupts are delivered to applications immediately if they are running
> in userspace. If a receiver task has blocked in the kernel using the placeholder
> uintr_wait() syscall, the task would be woken up to deliver the user interrupt.
> However, if the task is blocked due to any other blocking calls like read(),
> sleep(), etc; the interrupt will only get delivered when the application gets
> scheduled again. We need to consider if applications need to receive User
> Interrupts as soon as they are posted (similar to signals) when they are
> blocked due to some other reason. Adding this capability would likely make the
> kernel implementation more complex.
>
> Interrupting system calls using User Interrupts would also mean we need to
> consider an SA_RESTART type of mechanism. We also need to evaluate if some of
> the signal handler related semantics in the kernel can be reused for User
> Interrupts.
The DB use case requires a thread blocked in the kernel in a system call
to be interrupted immediately by the user interrupt. Need same behavior
as signals with respect to interrupting system calls.
Aim is to use user interrupts as one mechanism, for fast IPC and to signal
target thread blocked in the kernel in a system call.
i.e replace use of signals with user interrupts.
>
> Sharing the User Interrupt Target Table (UITT)
> ----------------------------------------------
> The current implementation assigns a unique UITT to each task. This assumes
> that User interrupts are used for point-to-point communication between 2 tasks.
> Also, this keeps the kernel implementation relatively simple.
>
> However, there are of benefits to sharing the UITT between threads of a
> multi-threaded application. One, they would see a consistent view of the UITT.
> i.e. SENDUIPI <index> would mean the same on all threads of the application.
> Also, each thread doesn't have to register itself using the common uintr_fd.
> This would simplify the userspace setup and make efficient use of kernel
> memory. The potential downside is that the kernel implementation to allocate,
> modify, expand and free the UITT would be more complex.
>
> A similar argument can be made for a set of processes that do a lot of IPC
> amongst them. They would prefer to have a shared UITT that lets them target any
> process from any process. With the current file descriptor based approach, the
> connection setup can be time consuming and somewhat cumbersome. We need to
> evaluate if this can be made simpler as well.
>
Following enhancements with respect to sharing UITT table will be beneficial.
Oracle DB creates large number of multithreaded processes. A thread in a
process may need to communicate(using user interrupts) with another
thread in any other process. Current proposal of receiver sending an FD
per vector to each of the sender will be an overhead. Also every sender
process/thread allocating a sender table for storing same receiver UPIDs
will be duplication resulting in wasted memory.
In addition to the current FD based registration approach, having a way
for a group of DB processes to share a sender(UITT) table and allowing
each of the receiver threads to directly register itself in the shared UITT
table, will be efficient. For this the receiver need not create an fd. The
receiver’s UPID index in UITT got from the registration will be shared
with all senders via shared memory(IPC).
DB maintains a process table of all the DB processes/threads in the shared
memory. The receiver can register itself in the shared UITT table and store
its UPID index in the process table. Sender will lookup target process from
the process table to get the UITT index and send the user interrupt.
> Kernel page table isolation (KPTI)
> ----------------------------------
> SENDUIPI is a special ring-3 instruction that makes a supervisor mode memory
> access to the UPID and UITT memory. The current patches need KPTI to be
> disabled for User IPIs to work. To make User IPI work with KPTI, we need to
> allocate these structures from a special memory region that has supervisor
> access but it is mapped into userspace. The plan is to implement a mechanism
> similar to LDT.
>
> Processors that support user interrupts are not affected by Meltdown so the
> auto mode of KPTI will default to off. Users who want to force enable KPTI will
> need to wait for a later version of this patch series to use user interrupts.
> Please let us know if you want the development of these patches to be
> prioritized (or deprioritized).
>
> FAQs
> ====
> Q: What happens if a process is "surprised" by a user interrupt?
> A: For tasks that haven't registered with the kernel and requested for user
> interrupts aren't expected or able to receive to user interrupts.
>
> Q: Do user interrupts affect kernel scheduling?
> A: No. If a task is blocked waiting for user interrupts, when the kernel
> receives a notification on behalf of that task we only put it back on the
> runqueue. Delivery of a user interrupt in no way changes the scheduling
> priorities of a task.
>
> Q: Does the sender get to know if the interrupt was delivered?
> A: No. User interrupts only provides a posted interrupt delivery mechanism. If
> applications need to rely on whether the interrupt was delivered they should
> consider a userspace mechanism for feedback (like a shared memory counter or a
> user interrupt back to the sender).
>
> Q: Why is there no feedback on interrupt delivery?
> A: Being a posted interrupt delivery mechanism, the interrupt delivery
> happens in 2 steps:
> 1) The interrupt information is stored in a memory location (UPID).
> 2) The physical interrupt is delivered to the interrupt receiver.
>
> The 2nd step could happen immediately, after an extended period, or it might
> never happen based on the state of the receiver after step 1. (The receiver
> could have disabled interrupts, have been context switched out or it might have
> crashed during that time.) This makes it very hard for the hardware to reliably
> provide feedback upon execution of SENDUIPI.
>
> Q: Can user interrupts be nested?
> A: Yes. Using STUI instruction in the interrupt handler would allow new user
> interrupts to be delivered. However, there no TPR(thread priority register)
> like mechanism to allow only higher priority interrupts. Any user interrupt can
> be taken when nesting is enabled.
>
> Q: Can a task receive all pending user interrupts in one go?
> A: No. The hardware allows only one vector to be processed at a time. If a task
> is interested in knowing all the interrupts that are pending then we could add
> a syscall that provides the pending interrupts information.
>
> Q: Do the processes need to be pinned to a cpu?
> A: No. User interrupts will be routed correctly to whichever cpu the receiver
> is running on. The kernel updates the cpu information in the UPID during
> context switch.
>
> Q: Why are UPID and UITT allocated by the kernel?
> A: If allocated by user space, applications could misuse the UPID and UITT to
> write to unauthorized memory and generate interrupts on any cpu. The UPID and
> UITT are allocated by the kernel and accessed by the hardware with supervisor
> privilege.
>
> Patch structure for this series
> ===============================
> - Man-pages and Kernel documentation (patch 1,2)
> - Hardware enumeration (patch 3, 4)
> - User IPI kernel vector reservation (patch 5)
> - Syscall interface for interrupt receiver, sender and vector
> management(uintr_fd) (patch 6-12)
> - Basic selftests (patch 13)
>
> Along with the patches in this RFC, there are additional tests and samples that
> are available at:
> https://github.com/intel/uintr-linux-kernel/tree/rfc-v1
>
> Links
> =====
> [1]: https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
> [2]: https://libevent.org/
> [3]: https://github.com/axboe/liburing
> [4]: https://github.com/intel/uintr-compiler-guide/blob/uintr-gcc-11.1/UINTR-compiler-guide.pdf
>
> Sohil Mehta (13):
> x86/uintr/man-page: Include man pages draft for reference
> Documentation/x86: Add documentation for User Interrupts
> x86/cpu: Enumerate User Interrupts support
> x86/fpu/xstate: Enumerate User Interrupts supervisor state
> x86/irq: Reserve a user IPI notification vector
> x86/uintr: Introduce uintr receiver syscalls
> x86/process/64: Add uintr task context switch support
> x86/process/64: Clean up uintr task fork and exit paths
> x86/uintr: Introduce vector registration and uintr_fd syscall
> x86/uintr: Introduce user IPI sender syscalls
> x86/uintr: Introduce uintr_wait() syscall
> x86/uintr: Wire up the user interrupt syscalls
> selftests/x86: Add basic tests for User IPI
>
> .../admin-guide/kernel-parameters.txt | 2 +
> Documentation/x86/index.rst | 1 +
> Documentation/x86/user-interrupts.rst | 107 +++
> arch/x86/Kconfig | 12 +
> arch/x86/entry/syscalls/syscall_32.tbl | 6 +
> arch/x86/entry/syscalls/syscall_64.tbl | 6 +
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/include/asm/disabled-features.h | 8 +-
> arch/x86/include/asm/entry-common.h | 4 +
> arch/x86/include/asm/fpu/types.h | 20 +-
> arch/x86/include/asm/fpu/xstate.h | 3 +-
> arch/x86/include/asm/hardirq.h | 4 +
> arch/x86/include/asm/idtentry.h | 5 +
> arch/x86/include/asm/irq_vectors.h | 6 +-
> arch/x86/include/asm/msr-index.h | 8 +
> arch/x86/include/asm/processor.h | 8 +
> arch/x86/include/asm/uintr.h | 76 ++
> arch/x86/include/uapi/asm/processor-flags.h | 2 +
> arch/x86/kernel/Makefile | 1 +
> arch/x86/kernel/cpu/common.c | 61 ++
> arch/x86/kernel/cpu/cpuid-deps.c | 1 +
> arch/x86/kernel/fpu/core.c | 17 +
> arch/x86/kernel/fpu/xstate.c | 20 +-
> arch/x86/kernel/idt.c | 4 +
> arch/x86/kernel/irq.c | 51 +
> arch/x86/kernel/process.c | 10 +
> arch/x86/kernel/process_64.c | 4 +
> arch/x86/kernel/uintr_core.c | 880 ++++++++++++++++++
> arch/x86/kernel/uintr_fd.c | 300 ++++++
> include/linux/syscalls.h | 8 +
> include/uapi/asm-generic/unistd.h | 15 +-
> kernel/sys_ni.c | 8 +
> scripts/checksyscalls.sh | 6 +
> tools/testing/selftests/x86/Makefile | 10 +
> tools/testing/selftests/x86/uintr.c | 147 +++
> tools/uintr/manpages/0_overview.txt | 265 ++++++
> tools/uintr/manpages/1_register_receiver.txt | 122 +++
> .../uintr/manpages/2_unregister_receiver.txt | 62 ++
> tools/uintr/manpages/3_create_fd.txt | 104 +++
> tools/uintr/manpages/4_register_sender.txt | 121 +++
> tools/uintr/manpages/5_unregister_sender.txt | 79 ++
> tools/uintr/manpages/6_wait.txt | 59 ++
> 42 files changed, 2626 insertions(+), 8 deletions(-)
> create mode 100644 Documentation/x86/user-interrupts.rst
> create mode 100644 arch/x86/include/asm/uintr.h
> create mode 100644 arch/x86/kernel/uintr_core.c
> create mode 100644 arch/x86/kernel/uintr_fd.c
> create mode 100644 tools/testing/selftests/x86/uintr.c
> create mode 100644 tools/uintr/manpages/0_overview.txt
> create mode 100644 tools/uintr/manpages/1_register_receiver.txt
> create mode 100644 tools/uintr/manpages/2_unregister_receiver.txt
> create mode 100644 tools/uintr/manpages/3_create_fd.txt
> create mode 100644 tools/uintr/manpages/4_register_sender.txt
> create mode 100644 tools/uintr/manpages/5_unregister_sender.txt
> create mode 100644 tools/uintr/manpages/6_wait.txt
>
>
> base-commit: 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f
> --
> 2.33.0
>
>
On 11/15/2021 7:49 PM, Prakash Sangappa wrote:
>
> Here are some use cases received from our Databases(Oracle) group.
Thank you Prakash for providing the potential use cases. This would
really help with the design and validation of the UINTR APIs.
>
> Aim is to use user interrupts as one mechanism, for fast IPC and to signal
> target thread blocked in the kernel in a system call.
> i.e replace use of signals with user interrupts.
>
Mimicking this signal behavior would likely add some complexity to the
implementation. Since there is interest, we'll work on prototyping this
to evaluate tradeoffs and present them here.
> Following enhancements with respect to sharing UITT table will be beneficial.
>
> Oracle DB creates large number of multithreaded processes. A thread in a
> process may need to communicate(using user interrupts) with another
> thread in any other process. Current proposal of receiver sending an FD
> per vector to each of the sender will be an overhead. Also every sender
> process/thread allocating a sender table for storing same receiver UPIDs
> will be duplication resulting in wasted memory.
> > In addition to the current FD based registration approach, having a way
> for a group of DB processes to share a sender(UITT) table and allowing
> each of the receiver threads to directly register itself in the shared UITT
> table, will be efficient. For this the receiver need not create an fd. The
> receiver’s UPID index in UITT got from the registration will be shared
> with all senders via shared memory(IPC).
>
Sharing the UITT between tasks of the same process would be relatively
easier compared to the sharing the UITT across processes. We would need
a scalable mechanism to authenticate the sharing of this kernel resource
across the process boundary.
I am working on a proposal for this. I'll send it out once I have
something concrete.
> DB maintains a process table of all the DB processes/threads in the shared
> memory. The receiver can register itself in the shared UITT table and store
> its UPID index in the process table. Sender will lookup target process from
> the process table to get the UITT index and send the user interrupt.
>
Thanks,
Sohil
On 10/1/2021 1:19 AM, Pavel Machek wrote:
> Hi!
>
Thank you for reviewing the patches!
>> Instructions
>> ------------
>> senduipi <index> - send a user IPI to a target task based on the UITT index.
>>
>> clui - Mask user interrupts by clearing UIF (User Interrupt Flag).
>>
>> stui - Unmask user interrupts by setting UIF.
>>
>> testui - Test current value of UIF.
>>
>> uiret - return from a user interrupt handler.
>
> Are other CPU vendors allowed to implement compatible instructions?
>
> If not, we should probably have VDSO entries so kernel can abstract
> differences between CPUs.
>
Yes, we are evaluating VDSO support for this.
>> Untrusted processes
>> -------------------
>> The current implementation expects only trusted and cooperating processes to
>> communicate using user interrupts. Coordination is expected between processes
>> for a connection teardown. In situations where coordination doesn't happen
>> (say, due to abrupt process exit), the kernel would end up keeping shared
>> resources (like UPID) allocated to avoid faults.
>
> Keeping resources allocated after process exit is a no-no.
>
I meant the resource is still tracked via the shared file descriptor, so
it will eventually get freed when the FD release happens. I am planning
to include better documentation on lifetime rules of these shared
resources next time.
Thanks,
Sohil
On 9/13/21 4:01 PM, Sohil Mehta wrote:
> User Interrupts Introduction
> ============================
>
> User Interrupts (Uintr) is a hardware technology that enables delivering
> interrupts directly to user space.
>
> Today, virtually all communication across privilege boundaries happens by going
> through the kernel. These include signals, pipes, remote procedure calls and
> hardware interrupt based notifications. User interrupts provide the foundation
> for more efficient (low latency and low CPU utilization) versions of these
> common operations by avoiding transitions through the kernel.
>
> In the User Interrupts hardware architecture, a receiver is always expected to
> be a user space task. However, a user interrupt can be sent by another user
> space task, kernel or an external source (like a device).
>
> In addition to the general infrastructure to receive user interrupts, this
> series introduces a single source: interrupts from another user task. These
> are referred to as User IPIs.
>
> The first implementation of User IPIs will be in the Intel processor code-named
> Sapphire Rapids. Refer Chapter 11 of the Intel Architecture instruction set
> extensions for details of the hardware architecture [1].
>
> Series-reviewed-by: Tony Luck<[email protected]>
>
> Main goals of this RFC
> ======================
> - Introduce this upcoming technology to the community.
> This cover letter includes a hardware architecture summary along with the
> software architecture and kernel design choices. This post is a bit long as a
> result. Hopefully, it helps answer more questions than it creates :) I am also
> planning to talk about User Interrupts next week at the LPC Kernel summit.
>
> - Discuss potential use cases.
> We are starting to look at actual usages and libraries (like libevent[2] and
> liburing[3]) that can take advantage of this technology. Unfortunately, we
> don't have much to share on this right now. We need some help from the
> community to identify usages that can benefit from this. We would like to make
> sure the proposed APIs work for the eventual consumers.
>
> - Get early feedback on the software architecture.
> We are hoping to get some feedback on the direction of overall software
> architecture - starting with User IPI, extending it for kernel-to-user
> interrupt notifications and external interrupts in the future.
>
> - Discuss some of the main architecture opens.
> There is lot of work that still needs to happen to enable this technology. We
> are looking for some input on future patches that would be of interest. Here
> are some of the big opens that we are looking to resolve.
> * Should Uintr interrupt all blocking system calls like sleep(), read(),
> poll(), etc? If so, should we implement an SA_RESTART type of mechanism
> similar to signals? - Refer Blocking for interrupts section below.
>
> * Should the User Interrupt Target table (UITT) be shared between threads of a
> multi-threaded application or maybe even across processes? - Refer Sharing
> the UITT section below.
>
> Why care about this? - Micro benchmark performance
> ==================================================
> There is a ~9x or higher performance improvement using User IPI over other IPC
> mechanisms for event signaling.
>
> Below is the average normalized latency for a 1M ping-pong IPC notifications
> with message size=1.
>
> +------------+-------------------------+
> | IPC type | Relative Latency |
> | |(normalized to User IPI) |
> +------------+-------------------------+
> | User IPI | 1.0 |
> | Signal | 14.8 |
> | Eventfd | 9.7 |
> | Pipe | 16.3 |
> | Domain | 17.3 |
> +------------+-------------------------+
>
> Results have been estimated based on tests on internal hardware with Linux
> v5.14 + User IPI patches.
>
> Original benchmark:https://github.com/goldsborough/ipc-bench
> Updated benchmark:https://github.com/intel/uintr-ipc-bench/tree/linux-rfc-v1
>
> *Performance varies by use, configuration and other factors.
>
> How it works underneath? - Hardware Summary
> ===========================================
> User Interrupts is a posted interrupt delivery mechanism. The interrupts are
> first posted to a memory location and then delivered to the receiver when they
> are running with CPL=3.
>
> Kernel managed architectural data structures
> --------------------------------------------
> UPID: User Posted Interrupt Descriptor - Holds receiver interrupt vector
> information and notification state (like an ongoing notification, suppressed
> notifications).
>
> UITT: User Interrupt Target Table - Stores UPID pointer and vector information
> for interrupt routing on the sender side. Referred by the senduipi instruction.
>
> The interrupt state of each task is referenced via MSRs which are saved and
> restored by the kernel during context switch.
>
> Instructions
> ------------
> senduipi <index> - send a user IPI to a target task based on the UITT index.
>
> clui - Mask user interrupts by clearing UIF (User Interrupt Flag).
>
> stui - Unmask user interrupts by setting UIF.
>
> testui - Test current value of UIF.
>
> uiret - return from a user interrupt handler.
>
> User IPI
> --------
> When a User IPI sender executes 'senduipi <index>', the hardware refers the
> UITT table entry pointed by the index and posts the interrupt vector (63-0)
> into the receiver's UPID.
>
> If the receiver is running (CPL=3), the sender cpu would send a physical IPI to
> the receiver's cpu. On the receiver side this IPI is detected as a User
> Interrupt. The User Interrupt handler for the receiver is invoked and the
> vector number (63-0) is pushed onto the stack.
>
> Upon execution of 'uiret' in the interrupt handler, the control is transferred
> back to instruction that was interrupted.
>
> Refer Chapter 11 of the Intel Architecture instruction set extensions [1] for
> more details.
>
> Application interface - Software Architecture
> =============================================
> User Interrupts (Uintr) is an opt-in feature (unlike signals). Applications
> wanting to use Uintr are expected to register themselves with the kernel using
> the Uintr related system calls. A Uintr receiver is always a userspace task. A
> Uintr sender can be another userspace task, kernel or a device.
>
> 1) A receiver can register/unregister an interrupt handler using the Uintr
> receiver related syscalls.
> uintr_register_handler(handler, flags)
> uintr_unregister_handler(flags)
>
> 2) A syscall also allows a receiver to register a vector and create a user
> interrupt file descriptor - uintr_fd.
> uintr_fd = uintr_create_fd(vector, flags)
>
> Uintr can be useful in some of the usages where eventfd or signals are used for
> frequent userspace event notifications. The semantics of uintr_fd are somewhat
> similar to an eventfd() or the write end of a pipe.
>
> 3) Any sender with access to uintr_fd can use it to deliver events (in this
> case - interrupts) to a receiver. A sender task can manage its connection with
> the receiver using the sender related syscalls based on uintr_fd.
> uipi_index = uintr_register_sender(uintr_fd, flags)
>
> Using an FD abstraction provides a secure mechanism to connect with a receiver.
> The FD sharing and isolation mechanisms put in place by the kernel would extend
> to Uintr as well.
>
> 4a) After the initial setup, a sender task can use the SENDUIPI instruction
> along with the uipi_index to generate user IPIs without any kernel
> intervention.
> SENDUIPI <uipi_index>
>
> If the receiver is running (CPL=3), then the user interrupt is delivered
> directly without a kernel transition. If the receiver isn't running the
> interrupt is delivered when the receiver gets context switched back. If the
> receiver is blocked in the kernel, the user interrupt is delivered to the
> kernel which then unblocks the intended receiver to deliver the interrupt.
>
> 4b) If the sender is the kernel or a device, the uintr_fd can be passed onto
> the related kernel entity to allow them to setup a connection and then generate
> a user interrupt for event delivery. <The exact details of this API are still
> being worked upon.>
>
> For details of the user interface and associated system calls refer the Uintr
> man-pages draft:
> https://github.com/intel/uintr-linux-kernel/tree/rfc-v1/tools/uintr/manpages.
> We have also included the same content as patch 1 of this series to make it
> easier to review.
>
> Refer the Uintr compiler programming guide [4] for details on Uintr integration
> with GCC and Binutils.
>
> Kernel design choices
> =====================
> Here are some of the reasons and trade-offs for the current design of the APIs.
>
> System call interface
> ---------------------
> Why a system call interface?: The 2 options we considered are using a char
> device at /dev or use system calls (current approach). A syscall approach
> avoids exposing a core cpu feature through a driver model. Also, we want to
> have a user interrupt FD per vector and share a single common interrupt handler
> among all vectors. This seems easier for the kernel and userspace to accomplish
> using a syscall based approach.
>
> Data sharing using user interrupts: Uintr doesn't include a mechanism to
> share/transmit data. The expectation is applications use existing data sharing
> mechanisms to share data and use Uintr only for signaling.
>
> An FD for each vector: A uintr_fd is assigned to each vector to allow fine
> grained priority and event management by the receiver. The alternative we
> considered was to allocate an FD to the interrupt handler and having that
> shared with the sender. However, that approach relies on the sender selecting
> the vector and moves the vector priority management to the sender. Also, if
> multiple senders want to send unique user interrupts they would need to
> coordinate the vector selection amongst them.
>
> Extending the APIs: Currently, the system calls are only extendable using the
> flags argument. We can add a variable size struct to some of the syscalls if
> needed.
>
> Extending existing mechanisms
> -----------------------------
> Uintr can be beneficial in some of the usages where eventfd() or signals are
> used. Since Uintr is hardware-dependent, thread-specific and bypasses the
> kernel in the fast path, it makes extending existing mechanisms harder.
>
> Main issues with extending signals:
> Signal handlers are defined significantly differently than a User interrupt
> handler. An application needs to save/restore registers in a user interrupt
> handler and call uiret to return from it. Also, signals can be process directed
> (or thread directed) but user interrupts are always thread directed.
>
> Comparison of signals with User Interrupts:
> +=====================+===========================+===========================+
> | | Signals | User Interrupts |
> +=====================+===========================+===========================+
> | Stacks | Has alt stacks | Uses application stack |
> | | | (alternate stack option |
> | | | not yet enabled) |
> +---------------------+---------------------------+---------------------------+
> | Registers state | Kernel manages incl. | App responsible (Use GCC |
> | | FPU/XSTATE area | 'interrupt' attribute for |
> | | | general purpose registers)|
> +---------------------+---------------------------+---------------------------+
> | Blocking/Masking | sigprocmask(2)/sa_mask | CLUI instruction (No per |
> | | | vector masking) |
> +---------------------+---------------------------+---------------------------+
> | Direction | Uni-directional | Uni-directional |
> +---------------------+---------------------------+---------------------------+
> | Post event | kill(), signal(), | SENDUIPI <index> - index |
> | | sigqueue(), etc. | derived from uintr_fd |
> +---------------------+---------------------------+---------------------------+
> | Target | Process-directed or | Thread-directed |
> | | thread-directed | |
> +---------------------+---------------------------+---------------------------+
> | Fork/inheritance | Empty signal set | Nothing is inherited |
> +---------------------+---------------------------+---------------------------+
> | Execv | Pending signals preserved | Nothing is inherited |
> +---------------------+---------------------------+---------------------------+
> | Order of delivery | Undetermined | High to low vector numbers|
> | for multiple signals| | |
> +---------------------+---------------------------+---------------------------+
> | Handler re-entry | All signals except the | No interrupts can cause |
> | | one being handled | handler re-entry. |
> +---------------------+---------------------------+---------------------------+
> | Delivery feedback | 0 or -1 based on whether | No feedback on whether the|
> | | the signal was sent | interrupt was sent or |
> | | | received. |
> +---------------------+---------------------------+---------------------------+
>
> Main issues with extending eventfd():
> eventfd() has a counter value that is core to the API. User interrupts can't
> have an associated counter since the signaling happens at the user level and
> the hardware doesn't have a memory counter mechanism. Also, eventfd can be used
> for bi-directional signaling where as uintr_fd is uni-directional.
>
> Comparison of eventfd with uintr_fd:
> +====================+======================+==============================+
> | | Eventfd | uintr_fd (User Interrupt FD) |
> +====================+======================+==============================+
> | Object | Counter - uint64 | Receiver vector information |
> +--------------------+----------------------+------------------------------+
> | Post event | write() to eventfd | SENDUIPI <index> - index |
> | | | derived from uintr_fd |
> +--------------------+----------------------+------------------------------+
> | Receive event | read() on eventfd | Implicit - Handler is |
> | | | invoked with associated |
> | | | vector. |
> +--------------------+----------------------+------------------------------+
> | Direction | Bi-directional | Uni-directional |
> +--------------------+----------------------+------------------------------+
> | Data transmitted | Counter - uint64 | None |
> +--------------------+----------------------+------------------------------+
> | Waiting for events | Poll() family of | No per vector wait. |
> | | syscalls | uintr_wait() allows waiting |
> | | | for all user interrupts |
> +--------------------+----------------------+------------------------------+
>
> Security Model
> ==============
> User Interrupts is designed as an opt-in feature (unlike signals). The security
> model for user interrupts is intended to be similar to eventfd(). The general
> idea is that any sender with access to uintr_fd would be able to generate the
> associated interrupt vector for the receiver task that created the fd.
>
> Untrusted processes
> -------------------
> The current implementation expects only trusted and cooperating processes to
> communicate using user interrupts. Coordination is expected between processes
> for a connection teardown. In situations where coordination doesn't happen
> (say, due to abrupt process exit), the kernel would end up keeping shared
> resources (like UPID) allocated to avoid faults.
>
> Currently, a sender can easily cause a denial of service for the receiver by
> generating a storm of user interrupts. A user interrupt handler is invoked with
> interrupts disabled, but upon execution of uiret, interrupts get enabled again
> by the hardware. This can lead to the handler being invoked again before normal
> execution can resume. There isn't a hardware mechanism to mask specific
> interrupt vectors.
>
> To enable untrusted processes to communicate, we need to add a per-vector
> masking option through another syscall (or maybe IOCTL). However, this can add
> some complexity to the kernel code. A vector can only be masked by modifying
> the UITT entries at the source. We need to be careful about races while
> removing and restoring the UPID from the UITT.
>
> Resource limits
> ---------------
> The maximum number of receiver-sender connections would be limited by the
> maximum number of open file descriptors and the size of the UITT.
>
> The UITT size is chosen as 4kB fixed size arbitrarily right now. We plan to
> make it dynamic and configurable in size. RLIMIT_MEMLOCK or ENOMEM should be
> triggered when the size limits have been hit.
>
> Main Opens
> ==========
>
> Blocking for interrupts
> -----------------------
> User interrupts are delivered to applications immediately if they are running
> in userspace. If a receiver task has blocked in the kernel using the placeholder
> uintr_wait() syscall, the task would be woken up to deliver the user interrupt.
> However, if the task is blocked due to any other blocking calls like read(),
> sleep(), etc; the interrupt will only get delivered when the application gets
> scheduled again. We need to consider if applications need to receive User
> Interrupts as soon as they are posted (similar to signals) when they are
> blocked due to some other reason. Adding this capability would likely make the
> kernel implementation more complex.
>
> Interrupting system calls using User Interrupts would also mean we need to
> consider an SA_RESTART type of mechanism. We also need to evaluate if some of
> the signal handler related semantics in the kernel can be reused for User
> Interrupts.
>
> Sharing the User Interrupt Target Table (UITT)
> ----------------------------------------------
> The current implementation assigns a unique UITT to each task. This assumes
> that User interrupts are used for point-to-point communication between 2 tasks.
> Also, this keeps the kernel implementation relatively simple.
>
> However, there are of benefits to sharing the UITT between threads of a
> multi-threaded application. One, they would see a consistent view of the UITT.
> i.e. SENDUIPI <index> would mean the same on all threads of the application.
> Also, each thread doesn't have to register itself using the common uintr_fd.
> This would simplify the userspace setup and make efficient use of kernel
> memory. The potential downside is that the kernel implementation to allocate,
> modify, expand and free the UITT would be more complex.
>
> A similar argument can be made for a set of processes that do a lot of IPC
> amongst them. They would prefer to have a shared UITT that lets them target any
> process from any process. With the current file descriptor based approach, the
> connection setup can be time consuming and somewhat cumbersome. We need to
> evaluate if this can be made simpler as well.
>
> Kernel page table isolation (KPTI)
> ----------------------------------
> SENDUIPI is a special ring-3 instruction that makes a supervisor mode memory
> access to the UPID and UITT memory. The current patches need KPTI to be
> disabled for User IPIs to work. To make User IPI work with KPTI, we need to
> allocate these structures from a special memory region that has supervisor
> access but it is mapped into userspace. The plan is to implement a mechanism
> similar to LDT.
>
> Processors that support user interrupts are not affected by Meltdown so the
> auto mode of KPTI will default to off. Users who want to force enable KPTI will
> need to wait for a later version of this patch series to use user interrupts.
> Please let us know if you want the development of these patches to be
> prioritized (or deprioritized).
>
> FAQs
> ====
> Q: What happens if a process is "surprised" by a user interrupt?
> A: For tasks that haven't registered with the kernel and requested for user
> interrupts aren't expected or able to receive to user interrupts.
>
> Q: Do user interrupts affect kernel scheduling?
> A: No. If a task is blocked waiting for user interrupts, when the kernel
> receives a notification on behalf of that task we only put it back on the
> runqueue. Delivery of a user interrupt in no way changes the scheduling
> priorities of a task.
>
> Q: Does the sender get to know if the interrupt was delivered?
> A: No. User interrupts only provides a posted interrupt delivery mechanism. If
> applications need to rely on whether the interrupt was delivered they should
> consider a userspace mechanism for feedback (like a shared memory counter or a
> user interrupt back to the sender).
>
> Q: Why is there no feedback on interrupt delivery?
> A: Being a posted interrupt delivery mechanism, the interrupt delivery
> happens in 2 steps:
> 1) The interrupt information is stored in a memory location (UPID).
> 2) The physical interrupt is delivered to the interrupt receiver.
>
> The 2nd step could happen immediately, after an extended period, or it might
> never happen based on the state of the receiver after step 1. (The receiver
> could have disabled interrupts, have been context switched out or it might have
> crashed during that time.) This makes it very hard for the hardware to reliably
> provide feedback upon execution of SENDUIPI.
>
> Q: Can user interrupts be nested?
> A: Yes. Using STUI instruction in the interrupt handler would allow new user
> interrupts to be delivered. However, there no TPR(thread priority register)
> like mechanism to allow only higher priority interrupts. Any user interrupt can
> be taken when nesting is enabled.
>
> Q: Can a task receive all pending user interrupts in one go?
> A: No. The hardware allows only one vector to be processed at a time. If a task
> is interested in knowing all the interrupts that are pending then we could add
> a syscall that provides the pending interrupts information.
>
> Q: Do the processes need to be pinned to a cpu?
> A: No. User interrupts will be routed correctly to whichever cpu the receiver
> is running on. The kernel updates the cpu information in the UPID during
> context switch.
>
> Q: Why are UPID and UITT allocated by the kernel?
> A: If allocated by user space, applications could misuse the UPID and UITT to
> write to unauthorized memory and generate interrupts on any cpu. The UPID and
> UITT are allocated by the kernel and accessed by the hardware with supervisor
> privilege.
>
> Patch structure for this series
> ===============================
> - Man-pages and Kernel documentation (patch 1,2)
> - Hardware enumeration (patch 3, 4)
> - User IPI kernel vector reservation (patch 5)
> - Syscall interface for interrupt receiver, sender and vector
> management(uintr_fd) (patch 6-12)
> - Basic selftests (patch 13)
>
> Along with the patches in this RFC, there are additional tests and samples that
> are available at:
> https://github.com/intel/uintr-linux-kernel/tree/rfc-v1
>
> Links
> =====
> [1]:https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
> [2]:https://libevent.org/
> [3]:https://github.com/axboe/liburing
> [4]:https://github.com/intel/uintr-compiler-guide/blob/uintr-gcc-11.1/UINTR-compiler-guide.pdf
>
> Sohil Mehta (13):
> x86/uintr/man-page: Include man pages draft for reference
> Documentation/x86: Add documentation for User Interrupts
> x86/cpu: Enumerate User Interrupts support
> x86/fpu/xstate: Enumerate User Interrupts supervisor state
> x86/irq: Reserve a user IPI notification vector
> x86/uintr: Introduce uintr receiver syscalls
> x86/process/64: Add uintr task context switch support
> x86/process/64: Clean up uintr task fork and exit paths
> x86/uintr: Introduce vector registration and uintr_fd syscall
> x86/uintr: Introduce user IPI sender syscalls
> x86/uintr: Introduce uintr_wait() syscall
> x86/uintr: Wire up the user interrupt syscalls
> selftests/x86: Add basic tests for User IPI
>
> .../admin-guide/kernel-parameters.txt | 2 +
> Documentation/x86/index.rst | 1 +
> Documentation/x86/user-interrupts.rst | 107 +++
> arch/x86/Kconfig | 12 +
> arch/x86/entry/syscalls/syscall_32.tbl | 6 +
> arch/x86/entry/syscalls/syscall_64.tbl | 6 +
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/include/asm/disabled-features.h | 8 +-
> arch/x86/include/asm/entry-common.h | 4 +
> arch/x86/include/asm/fpu/types.h | 20 +-
> arch/x86/include/asm/fpu/xstate.h | 3 +-
> arch/x86/include/asm/hardirq.h | 4 +
> arch/x86/include/asm/idtentry.h | 5 +
> arch/x86/include/asm/irq_vectors.h | 6 +-
> arch/x86/include/asm/msr-index.h | 8 +
> arch/x86/include/asm/processor.h | 8 +
> arch/x86/include/asm/uintr.h | 76 ++
> arch/x86/include/uapi/asm/processor-flags.h | 2 +
> arch/x86/kernel/Makefile | 1 +
> arch/x86/kernel/cpu/common.c | 61 ++
> arch/x86/kernel/cpu/cpuid-deps.c | 1 +
> arch/x86/kernel/fpu/core.c | 17 +
> arch/x86/kernel/fpu/xstate.c | 20 +-
> arch/x86/kernel/idt.c | 4 +
> arch/x86/kernel/irq.c | 51 +
> arch/x86/kernel/process.c | 10 +
> arch/x86/kernel/process_64.c | 4 +
> arch/x86/kernel/uintr_core.c | 880 ++++++++++++++++++
> arch/x86/kernel/uintr_fd.c | 300 ++++++
> include/linux/syscalls.h | 8 +
> include/uapi/asm-generic/unistd.h | 15 +-
> kernel/sys_ni.c | 8 +
> scripts/checksyscalls.sh | 6 +
> tools/testing/selftests/x86/Makefile | 10 +
> tools/testing/selftests/x86/uintr.c | 147 +++
> tools/uintr/manpages/0_overview.txt | 265 ++++++
> tools/uintr/manpages/1_register_receiver.txt | 122 +++
> .../uintr/manpages/2_unregister_receiver.txt | 62 ++
> tools/uintr/manpages/3_create_fd.txt | 104 +++
> tools/uintr/manpages/4_register_sender.txt | 121 +++
> tools/uintr/manpages/5_unregister_sender.txt | 79 ++
> tools/uintr/manpages/6_wait.txt | 59 ++
> 42 files changed, 2626 insertions(+), 8 deletions(-)
> create mode 100644 Documentation/x86/user-interrupts.rst
> create mode 100644 arch/x86/include/asm/uintr.h
> create mode 100644 arch/x86/kernel/uintr_core.c
> create mode 100644 arch/x86/kernel/uintr_fd.c
> create mode 100644 tools/testing/selftests/x86/uintr.c
> create mode 100644 tools/uintr/manpages/0_overview.txt
> create mode 100644 tools/uintr/manpages/1_register_receiver.txt
> create mode 100644 tools/uintr/manpages/2_unregister_receiver.txt
> create mode 100644 tools/uintr/manpages/3_create_fd.txt
> create mode 100644 tools/uintr/manpages/4_register_sender.txt
> create mode 100644 tools/uintr/manpages/5_unregister_sender.txt
> create mode 100644 tools/uintr/manpages/6_wait.txt
>
>
> base-commit: 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f
Hi All,
My apologies if this email was sent twice.
I was not sure if my previous email followed the proper reply instruction.
I resent this email using the first reply method (Saving the mbox file,
importing it into my mail client, and using reply-to-all from there).
The following is our understanding of the proposed User Interrupt.
----------------------------------------------------------------------------------------
We have been exploring how user-level interrupts (UIs) can be used to
improve performance and programmability in several different areas:
e.g., parallel programming, memory management, I/O, and floating-point
libraries. Before we venture into the discussion here, we want to
make sure we understand the proposed model. We describe our
understanding below in four sections:
1. Current target use cases
2. Preparing for future use cases
3. Basic Understanding
4. Multi-threaded parallel programming example
If people on this thread could either confirm or point out our
misunderstandings, we would appreciate it.
# Current Use Cases
The Current RFC is focused on sending an interrupt from one user-space
thread (UST) to another user-space thread (UST2UST). These threads
could be in different processes, as long as the sender has access to
the receiver's User Interrupt File Descriptor (uifd). Based on our
understanding, UIs are currently targeted as a low overhead
alternative for the current IPC mechanisms.
# Preparing for future use cases
Based on the RFC, we are aware that allowing a device and the kernel
to send a UI is still in development. Both these cases would support
imprecise interrupts. We can see a clear use case for the Device to
user-space thread (D2UST) UI, for example, supporting a fast way for a
GPU to inform a thread that it has finished executing a particular
kernel. If someone could point out an example for Kernel to
user-space thread (K2UST) UI, we would appreciate it.
In our work, we have also been exploring precise UIs from the
currently running thread. We call these CPU to UST (CPU2UST) UIs.
For example, a SIGSEGV generated by writing to a read-only page, a
SIGFPE generated by dividing a number by zero.
- QUESTION: Is there is a rough draft/plan that we can refer to that
describes the
current thinking on these three cases.
- QUESTION: Are there use cases for K2UST, or is K2UST the same as CPU2UST?
# Basic Understanding
First, we would like to make sure that our understanding of the
terminology and the data structures is correct.
- User Interrupt Vector (UIV): The identity of the user interrupt.
- User Interrupt Target Table (UITT):
This allows the sender to locate the "address" of the receiver
through the uifd.
- ui_frame: Argument passed to the UI handler. It contains a stack
pointer, saved flags, and an instruction pointer.
- Sender: The thread that issues the `_senduipi`.
- Receiver: The thread that receives the UI from the sender.
Below outlines our understanding of the current API for UIs.
- Each thread that can receive UIs has exactly one handler
registered with `uintr_register_handler` (a syscall).
- Each thread that registers a handler calls `uintr_create_fd` for
every user-level interrupt vector (UIV) that they expect to receive.
- The only information delivered to the handler is the UIV.
- There are 64 UIVs that can be used per thread.
- A thread that wants to send a UI must register the receiver's uifd
with `uintr_register_sender` (a syscall).
This returns an index the sender uses to locate the receiver.
- `_senduipi(index)` sends a user interrupt to a particular destination.
The sender's UITT and index determine the destination.
- A thread uses `_stui` (and `_clui`) to enable (and disable) the
reception of UIs.
- As for now, there is no mechanism to mask a particular UIV.
- A UI is delivered to the receiver immediately only if it is currently
running.
- If a thread executes the `uintr_wait()`, it will be scheduled only
after receiving a UI.
There is no guarantee on the delay between the processor receiving
the UI and when the thread is scheduled.
- If a thread is the target of a UI and another thread is running, or
the target thread is blocked in the kernel,
then the target thread will handle the UI when it is next scheduled.
- Ordinary interrupts (interrupt delivered with CPL=0) have a higher
priority over user interrupts.
- UI handler only saves general-purpose registers (e.g., do not save
floating-point registers).
- User Interrupts with higher UIV are given a higher priority than those
with smaller UIV.
## Private UITT
The Current RFC focuses on a private UITT where each thread has its own
UITT. Thus, different threads executing `_senduipi(index1)` with the
same `index1` may cause different receiver threads to be interrupted.
In many cases, the receiver of an interrupt needs to know which thread
sent the interrupt. If we understand the proposal correctly, there are
only 64 user-level interrupt vectors (UIVs), and the UIV is the only
information transmitted to the receiver. The UIV itself allows the
receiver to distinguish different senders through careful management
of the receiver's UIV.
- QUESTION: Given the code below where the same UIV is registered twice:
```c
uintr_fd1 = uintr_create_fd(vector1, flags)
uintr_fd2 = uintr_create_fd(vector1, flags)
```
Would `uintr_fd1` be the same as `uintr_fd2`, or would it be registered
with a different index in the UITT table?
- QUESTION: If it is registered in a different index, would the
receiver be able to distinguish the sender if `uintr_fd1` and
`uintr_fd2` are used from two different threads?
- QUESTION: What is the intended future use of the `flags` argument?
## Shared UITT
In the case of the shared UITT model, all the threads share the same
UITT and thus, if two different threads execute `_senduipi(index)`
with the same index, they would both cause an interrupt in the
same destination/receiver.
- QUESTION: Since both threads use the same entry (same
destination/receiver), does this mean that the receiver will not be
able to distinguish the sender of the interrupt?
# Multi-threaded parallel programming example
One of the uses for UIs that we have been exploring is combining the
message-passing and shared memory models for parallel programming. In
our approach, message-passing is used for synchronization and shared
memory for data sharing. The message passing part of the programming
pattern is based loosely on Active Messages (See ISCA92), where a
particular thread can turn off/on interrupts to ignore incoming
messages so they can execute critical sections without having to
notify any other threads in the system.
- QUESTION: Is there any data on the performance impact of `_stui` and
`_clui`?
----------------------------------------------------------------------------------------
Thank you.
Best regards,
Chrisma
Hi Chrisma,
On 12/22/2021 8:17 AM, Chrisma Pakha wrote:
>
> The following is our understanding of the proposed User Interrupt.
>
Thank you for giving this some thought.
>
> We have been exploring how user-level interrupts (UIs) can be used to
> improve performance and programmability in several different areas:
> e.g., parallel programming, memory management, I/O, and floating-point
> libraries.
Can you please share more details on this? It would really help improve
the API design.
>
> # Current Use Cases
>
> The Current RFC is focused on sending an interrupt from one user-space
> thread (UST) to another user-space thread (UST2UST). These threads
> could be in different processes, as long as the sender has access to
> the receiver's User Interrupt File Descriptor (uifd). Based on our
> understanding, UIs are currently targeted as a low overhead
> alternative for the current IPC mechanisms.
>
That's correct.
> # Preparing for future use cases
> > If someone could point out an example for Kernel to
> user-space thread (K2UST) UI, we would appreciate it.
>
The idea here is improve the kernel-to-user event notification latency.
Theoretically, this can be useful when the kernel sees event completion
on one cpu but it want to signal (notify) a thread actively running on
some other CPU. The receiver thread can save some cycles by avoiding
ring transitions to receive the event.
IO_URING is one of the examples for kernel-to-user event notifications.
We are evaluating whether providing a UINTR based completion mechanism
can have benefit over eventfd based completions. The benefits in
practice are yet to be measured and proven.
> In our work, we have also been exploring precise UIs from the
> currently running thread. We call these CPU to UST (CPU2UST) UIs.
> For example, a SIGSEGV generated by writing to a read-only page, a
> SIGFPE generated by dividing a number by zero.
>
It is definitely possible in future to delivery CPU events as User
Interrupts. The hardware architecture for this is still being worked on
internally.
Though our focus isn't on exceptions being delivered as User Interrupts.
Do you have details on what type of benefit is expected?
> - QUESTION: Is there is a rough draft/plan that we can refer to that
> describes the
> current thinking on these three cases.
>
> - QUESTION: Are there use cases for K2UST, or is K2UST the same as CPU2UST?
>
No, K2UST isn't the same as CPU2UST. We would expect limited benefits
from K2UST but on the other hand CPU2UST can provide significant speedup
since it avoids the kernel completely.
Unfortunately, due to the large scope of the feature, the hardware
architecture development is happening in stages. I don't have detailed
plans for each of the sources of User Interrupts.
Here is our rough plan:
1. Provide a common infrastructure to receive User Interrupts. This is
independent of the source of the interrupt. The intention here is to
keep the software APIs generic and extendable so that future sources can
be added without causing much disturbance to the older APIs.
2. Introduce various sources of User Interrupts in stages:
UST2UST - This RFC. Available in the upcoming Sapphire Rapids processor.
K2UST - Also available in upcoming Sapphire Rapids. Working towards
proving the value before sending something out.
D2UST - Future processor. Hardware architecture being worked on
internally. Not much to share right now.
CPU2UST - Future processor. Hardware architecture being worked on
internally. Not much to share right now.
> # Basic Understanding
>
The overall description you have mentioned below looks good to me. I
have added some minor comments for clarification.
Also, the abbreviations that you have used are somewhat different from
the ones I have used in the patches.
> First, we would like to make sure that our understanding of the
> terminology and the data structures is correct.
>
> - User Interrupt Vector (UIV): The identity of the user interrupt.
> - User Interrupt Target Table (UITT):
> This allows the sender to locate the "address" of the receiver
> through the uifd.
The UITT refers to the 'UPID' address which is different from the uifd
that you mention below.
> Below outlines our understanding of the current API for UIs.
>
All of the statements below seem accurate.
However, some of the restrictions below are due to hardware design and
some are mainly due to the software implementation. The software design
and APIs might change significantly as this patch series evolves.
Please feel free to provide input wherever you think the APIs can be
improved.
> - Each thread that can receive UIs has exactly one handler
> registered with `uintr_register_handler` (a syscall).
> - Each thread that registers a handler calls `uintr_create_fd` for
> every user-level interrupt vector (UIV) that they expect to receive.
> - The only information delivered to the handler is the UIV.
> - There are 64 UIVs that can be used per thread.
Though only one generic handler is registered with the hardware, an
application can choose to implement 64 unique sub-handlers in user space
based on each unique UIV.
> - A thread that wants to send a UI must register the receiver's uifd
> with `uintr_register_sender` (a syscall).
> This returns an index the sender uses to locate the receiver.
> - `_senduipi(index)` sends a user interrupt to a particular destination.
> The sender's UITT and index determine the destination.
> - A thread uses `_stui` (and `_clui`) to enable (and disable) the
> reception of UIs.
> - As for now, there is no mechanism to mask a particular UIV.
> - A UI is delivered to the receiver immediately only if it is currently
> running.
> - If a thread executes the `uintr_wait()`, it will be scheduled only
> after receiving a UI.
> There is no guarantee on the delay between the processor receiving
> the UI and when the thread is scheduled.
> - If a thread is the target of a UI and another thread is running, or
> the target thread is blocked in the kernel,
> then the target thread will handle the UI when it is next scheduled.
> - Ordinary interrupts (interrupt delivered with CPL=0) have a higher
> priority over user interrupts.
> - UI handler only saves general-purpose registers (e.g., do not save
> floating-point registers).
The saving and restoring of the registers is done by gcc when the muintr
flag along with the 'interrupt' attribute is used. Applications can
choose to save floating point registers as part of the interrupt handler
as well.
To make it easier for applications we are working on implementing a thin
library that can help with some of this common functionality like saving
floating point registers or redirecting to 64 sub-handlers.
> - User Interrupts with higher UIV are given a higher priority than those
> with smaller UIV.
>
> ## Private UITT
>
> The Current RFC focuses on a private UITT where each thread has its own
> UITT. Thus, different threads executing `_senduipi(index1)` with the
> same `index1` may cause different receiver threads to be interrupted.
>
That's right.
> In many cases, the receiver of an interrupt needs to know which thread
> sent the interrupt. If we understand the proposal correctly, there are
> only 64 user-level interrupt vectors (UIVs), and the UIV is the only
> information transmitted to the receiver. The UIV itself allows the
> receiver to distinguish different senders through careful management
> of the receiver's UIV.
>
That's correct. User Interrupts mainly provide a door bell mechanism
with the actual data expected to be shared through some existing mechanism.
If multiple senders want to share the same interrupt vector then they
would have to rely on some sort of shared memory (or similar) mechanism
to relay the relevant information to the receiver. This would likely
come with some latency cost.
> - QUESTION: Given the code below where the same UIV is registered twice:
> ```c
> uintr_fd1 = uintr_create_fd(vector1, flags)
> uintr_fd2 = uintr_create_fd(vector1, flags)
> ```
> Would `uintr_fd1` be the same as `uintr_fd2`, or would it be registered
> with a different index in the UITT table?
In the current design, if the same thread tries to register the same
vector again the second uintr_create_fd() would fail with a EBUSY error
code.
>
> - QUESTION: If it is registered in a different index, would the
> receiver be able to distinguish the sender if `uintr_fd1` and
> `uintr_fd2` are used from two different threads?
>
> - QUESTION: What is the intended future use of the `flags` argument?
>
In the uintr_create_fd() call, flags would be used to provide options
such as O_CLOEXEC. In general, I added flags argument to all the system
calls to keep them extendable when new boolean options need to be added.
> ## Shared UITT
>
> In the case of the shared UITT model, all the threads share the same
> UITT and thus, if two different threads execute `_senduipi(index)`
> with the same index, they would both cause an interrupt in the
> same destination/receiver.
>
> - QUESTION: Since both threads use the same entry (same
> destination/receiver), does this mean that the receiver will not be
> able to distinguish the sender of the interrupt?
>
Yes. However this is true even in case of a private UITT. This isn't
because the senders used the same UITT index rather it is the result of
the senders generating the same UIVs.
For example, even if a receiver created 2 FDs with 2 unique vectors.
uintr_fd1 = uintr_create_fd(vector1, flags)
uintr_fd2 = uintr_create_fd(vector2, flags)
In case of the a private UITT, both sender threads can register
themselves with uintr_fd1. They might get different uitt indexes
returned to them. But when they generate a User interrupt using their
respective index, the end result would be the same. The receiver will
see the same vector1 being generated. There is no way for the receiver
to distinguish the sender without some additional information being
shared somewhere.
> # Multi-threaded parallel programming example
>
> One of the uses for UIs that we have been exploring is combining the
> message-passing and shared memory models for parallel programming. In
> our approach, message-passing is used for synchronization and shared
> memory for data sharing. The message passing part of the programming
> pattern is based loosely on Active Messages (See ISCA92), where a
> particular thread can turn off/on interrupts to ignore incoming
> messages so they can execute critical sections without having to
> notify any other threads in the system.
>
This look like a good fit for the User IPI (UST2UST) implementation in
this RFC. Have you had a chance to evaluate the current API design for
this usage?
Also, is any of the above work publicly available?
> - QUESTION: Is there any data on the performance impact of `_stui` and
> `_clui`?
>
_stui and _clui are expected to have very minimal overhead since they
only modify a local flag. I'll try to measure this next time I am doing
some performance measurement.
Thanks,
Sohil
Hi Sohil,
Thank you for your reply and the clarification.
>>
>> We have been exploring how user-level interrupts (UIs) can be used to
>> improve performance and programmability in several different areas:
>> e.g., parallel programming, memory management, I/O, and floating-point
>> libraries.
>
> Can you please share more details on this? It would really help
> improve the API design.
>
Of course! Below we describe a few use cases for both user-level
interrupts (UIs) and user-level exceptions (UEs). We realize that the
current proposal is targeted towards UIs, but we also describe some UEs
use cases because we believe handling exceptions without going through
the kernel may provide even more of a benefit than UIs. We hope these
use cases can influence the direction of the API so that it can be made
forward compatible for future hardware revisions.
To be clear, we distinguish between interrupts (generated from an
external source, such as another core or Device) that are most likely
imprecise and asynchronous and exceptions (generated by the currently
executing program) that need to be precise and synchronous.
# UST2UST
A UI is a mechanism to allow two or more threads to communicate with one
another asynchronously without requiring the intervention of the kernel
or a change in privilege. We believe that having UIs can help integrate
the shared memory model and message passing model for multicore
processors. This integration makes it easier to build parallel programs,
allowing developers to take advantage of both models. The shared memory
model provides an easy way to share data between threads, while the
message passing model can be used for synchronization between threads.
In the following section, we will describe two use cases for UIs.
- We show how UIs can be used to improve parallel program performance by
reducing the overhead of exposing parallelism.
- We show how UIs can be used to build efficient active messages.
Both of the use cases we present below require the receiver of a UI to
know which thread issued it. At the end of the email we describe how we
would implement this using the current API and suggest an alternative,
and possibly more streamlined approach.
## Lazy Work Stealing
One of the hurdles in writing parallel programs is ensuring that the
cost of parallelizing the code does not become a bottleneck in program
performance. Some of these overheads come from unnecessarily exposing
too much parallelism, even if all cores are busy. One mechanism to
reduce this overhead is to lazily expose parallelism only when it is
needed. This can be done through stack unwinding (similar to how
Exception Handling works). Whenever a thread (thief) asks for work from
another thread (victim), the victim will perform stack unwinding,
creating the work for the thief. This approach to lazy thread creation
requires some mechanism for the thief to ask for work.
We have implemented a prototype compiler and runtime for this mechanism.
Our runtime requires a mechanism for the thief to signal the victim when
it needs work. We implement this signaling through polls because the
current IPI mechanism is too expensive to use. However, requiring the
victim to poll can introduce excessive polling overhead and/or introduce
significant latency between the request and the response. The compiler
tries to keep the overhead of polling low (<5%) while still ensuring
that the latency between a work-stealing request and its response is as
low as possible. Currently, we essentially only poll for work requests
in the function prologue, keeping the overhead to about 2% of execution
time on average. This works well for almost all applications. However,
in some applications, this can add 100 of microseconds of latency to the
response of a work-stealing request.
One reason we use polling today, instead of the victim just taking work,
is that there are points in the program where work-stealing is not
allowed. So, in addition to having an inexpensive mechanism to request
work, we need an inexpensive method to disallow the requests. IOW, the
compiler only inserts polls at points where it is safe to do so. With
the UI mechanism in the proposed API, we could signal a work-stealing
request with a UST2UST UI and disallow such requests by disabling
interrupts. One nice advantage of the current proposal is that disabling
interrupts is a *local* operation, making it very inexpensive and not
causing any interference with the rest of the threads. In other words,
an important benefit of the proposed UI mechanism is that we can ensure
atomicity (with respect to work stealing) without having to do any
global communication.
## Implementing Active Message
Active messages can efficiently support the message passing parallel
programming model. With the proposed API, the UI could signal that an AM
is being delivered while shared memory data structures could be used for
the payload. As described in the above use case, this would allow
receiving threads to provide atomicity by disabling interrupts without
any global communication.
Clearly, having a shared address space makes data access and management
easier for parallel programming. On the other hand, controlling access
to that data can often be cleaner to implement in message passing
models. Dogan et al. have shown promising improvements by using explicit
messaging hardware to accelerate Machine Learning and Graphs workloads
(see [DHAKWETAL17,DAKK19]). Explicit messaging is used as a
synchronization mechanism and has better scalability than shared
memory-based synchronization. The current proposal would support this
model integration with significantly lower overheads and lower latencies
compared to what are available on today's machines.
------------------------------------------------------------------------
# D2UST
Applications that frequently interact with external devices can benefit
from UIs. To achieve high performance, conventional IO approaches
through the kernel are not appealing as it incurs high overhead. It
requires context switching and data transfer from kernel-space to
user-space, possibly polluting the cache and TLB. One improvement to
bypass the kernel is by pinning pages to specific physical addresses,
where these pages act as a buffer between user-space and device.
However, since the device cannot directly interrupt the UST, the UST
needs to poll to check if the data from the device is available.
However, having the UST poll can easily erase any potential performance
improvements offered by bypassing the kernel in the first place.
Allowing a device to interrupt a UST under the proposed API will
eliminate the need to poll and support atomicity as required which could
significantly improve application performance.
This would be particularly useful when an application uses a GPU as an
accelerator for parallel computation and CPU for serial computation (see
[WBSACETAL08]). An example would be K-means. Finding which clusters each
point belongs to is computed in the GPU (in parallel), while computing
the mean is computed in the CPU (in serial). As this process is
iterative, there are multiple computation transitions between the CPU
and GPU. Without UIs, the only real option is to poll for GPU task
completion, complicating control flow if there is also other work for
the CPU thread to do. With UIs, keeping the GPU busy can be handled by
the UI handler. The result would be cleaner code and better load
balancing. To make this work, the D2UST interrupt will have to ensure
that the process that started the task on the GPU is the same one that
is currently running. When a different process is running, the interrupt
will have to be saved by the kernel so it can be delivered to the UST
when is is next scheduled.
------------------------------------------------------------------------
# CPU2UST
Providing a low cost user-level exception mechanism could fundamentally
change the approach to implementing many algorithms. Examples range
across many common tasks, e.g., checking for valid pointers,
preprocessing floating-point data, garbage collection, etc. Today, due
to the high cost of exception handling, programmers go to great lengths
to ensure that exceptions do not happen. Unfortunately, this leads to
more code and often less performance. Below we describe different
scenarios where UEs could potentially reduce programming effort and/or
improve performance.
## API for CPU2UST
For the examples, below we propose a small modification to the proposed
API to support exceptions. We propose that a handler be registered for a
particular fault to distinguish the exception type. Potentially, the
`flags` argument could hold the `signum`, or a bit in the `flags`
argument could indicate that a third parameter was being included with
the `signum`. We suggest including `signum` in the current API for
future use.
```
int uintr_register_handler(u64 handler_address, unsigned int flags, int
signum);
```
Since each handler is registered for a particular exception, the handler
itself would only have one argument, a pointer to the `__uintr_frame`.
In some cases, the handler might need the `error_code` information
(e.g., for a page-fault), which could be obtained using a new function,
`unsigned long long __get_ue_errorcode(void)`.
```
__attribute__ ((interrupt))
void
handlerFunction (struct __uintr_frame *ui_frame)
{
// Get error code if needed
// unsigned long long error_code = __get_ue_errorcode();
...
}
```
We envision four ways for the user handler to manipulate the thread's
state. Here we assume that a UE is handled by the thread that causes the
exception.
1. Continuing the faulting thread of control.
2. Suspending a faulting thread or continuing another thread in the same
process.
3. Deferring processing of the fault back to the kernel.
4. Or, finally, terminating the thread of control.
In case 1, where the faulting thread is continued, the handler can
simply use the uiret (It could potentially modify the return address on
the stack to change where execution continues). For case 2, we do not
have a proposed API yet, but potentially some set of functions that
extend pthreads might be appropriate. For case 3, the handler would use
a trap to signal that the kernel should continue processing the
exception. The compiler would have to restore registers appropriately
before the trap is executed.
## Binary rewriting
Binary rewriting is a valuable technique for debugging, optimizing,
repairing, emulating, and hardening (tightening security) a program
[WMUW19]. One implementation of binary rewriting is to replace the
probed instructions (instrumentation points) with a redirect instruction
(either jump or trap) to the patch instructions. Most developers use
jump instructions instead of traps due to their lower cost. However,
because instructions have variable encoding lengths, inserting jump
instructions requires care, e.g., "instruction punning" [CSDN17] with a
combination of padding and eviction [DGR20]. On the other hand, the trap
instruction is only a single byte, allowing it to replace any patched
instruction. If the trap can be made inexpensive, this would potentially
allow a simpler approach to binary rewriting without control flow recovery.
## Binary Emulation for forward/backward compatibility
Some processor families have an all encompassing ISA of which only a
subset is implemented in hardware for some instances of the family.
Applications built for the processor family either have to be recompiled
for each instance or software emulation must handle the unimplemented
instructions. If there is a UE for the illegal instruction fault, this
can potentially be made inexpensive enough to avoid recompilation.
Furthermore, it could be a way to handle legacy code and allow future
generations to avoid the older crufty instructions that are no longer
commonly used.
## Floating-Point Performance
Today, floating-point algorithms often preprocess the data in order to
avoid underflow (or overflow) exceptions. If UEs were low enough cost,
it is possible that these time consuming data preparation steps could be
removed and only run if an exception was generated. A simple example is
the calculation of the Root Mean Square (RMS) of a vector [HFT94,H96].
The common approach to calculating a vector's RMS is to scan the input
vector and then potentially scale it to avoid underflow/overflow. For
many applications, the common case is that the data does not require
rescaling. In those cases, one could calculate the RMS on the unscaled
data and only scale it if a UE was generated.
## Memory: garbage collection and watch points
User-level Page Fault exceptions (ULPF) is one essential component for
improving the performance of a wide variety of applications. For
example, in [AL20], we describe a solution that shows how ULPFs when
combined with a mechanism that allows the user a limited ability to
change a page's permissions without kernel intervention, can be used to
implement an unlimited number of efficient software watchpoints. Our
experiments were performed using GEM5, where we made changes to the MMU
and TLB. However, Intel's Memory Protection Keys for User (MPK) [MPK17]
combined with UE could also potentially do the trick.
Another example of an application that could benefit from ULPF is
Concurrent Garbage Collection. Concurrent Garbage collection allows both
the program (aka mutator) threads and the collector to run in parallel.
To implement concurrent GC, a read barrier or write barrier is often
needed (these are GC terms and should not be confused with hardware
memory barriers). These barriers ensure that the GC invariants are
maintained before a read or write operations. The write barrier prevents
the GC from reclaiming a live object that was recently accessed by the
mutator (in the case of a concurrent mark-sweep) [BDS91]. The read
barrier prevents the mutator from reading stale objects (in the case of
concurrent mark-compact) [AL91]. Both read and write barriers can be
implemented using ULPF. The programmer can use the permission bit in the
user-level page tables to cheaply turn on/off memory protection (e.g.,
inside the handler).
Belay et al. [BBMTMETAL12] has shown how to implement Boehm GC[BDS91] (a
mostly parallel mark-sweep GC used in the Mono project [Mono18] and
Objective-C [Objc15]) on their platform, Dune. Dune is a platform that
allows user-space direct access to exceptions and privileged hardware
features. The results show both speedup and slowdown, where the slowdown
is attributed to their platform's inherent overhead. On the other hand,
Click et al. [CTW05] and Tene et al. [TIW11] have built a custom system
to build a Pauseless GC. This custom system allows fast page fault
handling. The mechanism described in [AL20] could be extended to
implement a similar approach.
# References
- [AL91] Appel, Andrew W. and Li, Kai, Virtual Memory Primitives for
User Programs (1991)
- [AL20] Li, Qingyang, User Level Page Faults (2020),
http://reports-archive.adm.cs.cmu.edu/anon/2020/CMU-CS-20-124.pdf
- [BBMTMETAL12] Belay, Adam and Bittau, Andrea and Mashtizadeh, Ali and
Terei, David and Mazi\`{e}res, David and Kozyrakis, Christos, Dune: Safe
User-Level Access to Privileged CPU Features (2012)
- [BDS91] Boehm, Hans-J. and Demers, Alan J. and Shenker, Scott, Mostly
Parallel Garbage Collection (1991)
- [CSDN17] Chamith, Buddhika and Svensson, Bo Joel and Dalessandro, Luke
and Newton, Ryan R., Instruction Punning: Lightweight Instrumentation
for X86-64 (2017)
- [CTW05] Click, Cliff and Tene, Gil and Wolf, Michael, The Pauseless GC
Algorithm (2005)
- [DAKK19] Dogan, Halit and Ahmad, Masab and Kahne, Brian and Khan,
Omer, Accelerating Synchronization Using Moving Compute to Data Model at
1,000-core Multicore Scale (2019)
- [DHAKWETAL17] Dogan, Halit and Hijaz, Farrukh and Ahmad, Masab and
Kahne, Brian and Wilson, Peter and Khan, Omer, Accelerating Graph and
Machine Learning Workloads Using a Shared Memory Multicore Architecture
with Auxiliary Support for in-Hardware Explicit Messaging (2017)
- [DGR20] Duck, Gregory J. and Gao, Xiang and Roychoudhury, Abhik,
Binary Rewriting without Control Flow Recovery (2020)
- [ECGS92] von Eicken, Thorsten and Culler, David E. and Goldstein, Seth
Copen and Schauser, Klaus Erik, Active Messages: A Mechanism for
Integrated Communication and Computation (1992)
- [H96] Hauser, John R., Handling Floating-Point Exceptions in Numeric
Programs (1996)
- [HFT94] Hull, T. E. and Fairgrieve, Thomas F. and Tang, Ping-Tak
Peter, Implementing Complex Elementary Functions Using Exception
Handling (1994)
- [Mono18] https://www.mono-project.com/docs/advanced/runtime/ (2018)
- [MPK17]
https://www.kernel.org/doc/Documentation/x86/protection-keys.txt (2017)
- [Objc15]
https://gcc.gnu.org/onlinedocs/gcc-4.8.5/gcc/Garbage-Collection.html (2015)
- [TIW11] Tene, Gil and Iyengar, Balaji and Wolf, Michael, C4: The
Continuously Concurrent Compacting Collector (2011)
- [WBSACETAL08] Wong, Henry and Bracy, Anne and Schuchman, Ethan and
Aamodt, Tor M. and Collins, Jamison D. and Wang, Perry H. and Chinya,
Gautham and Groen, Ankur Khandelwal and Jiang, Hong and Wang, Hong ,
Pangaea: A tightly-coupled IA32 heterogeneous chip multiprocessor (2008)
- [WMUW19] Wenzl, Matthias and Merzdovnik, Georg and Ullrich, Johanna
and Weippl, Edgar, From Hack to Elaborate Technique—A Survey on Binary
Rewriting (2019)
>> # Preparing for future use cases
>> If someone could point out an example for Kernel to
>> user-space thread (K2UST) UI, we would appreciate it.
>>
>
> The idea here is improve the kernel-to-user event notification
> latency. Theoretically, this can be useful when the kernel sees event
> completion on one cpu but it want to signal (notify) a thread actively
> running on some other CPU. The receiver thread can save some cycles by
> avoiding ring transitions to receive the event.
>
> IO_URING is one of the examples for kernel-to-user event
> notifications. We are evaluating whether providing a UINTR based
> completion mechanism can have benefit over eventfd based completions.
> The benefits in practice are yet to be measured and proven.
>
Thank you for the clarification.
- QUESTION: If the processor has D2UST capability, would this allow the
device to directly send the interrupt to the target process (the process
that initiates the I/O through io_uring) instead of the kernel?
>> In our work, we have also been exploring precise UIs from the
>> currently running thread. We call these CPU to UST (CPU2UST) UIs.
>> For example, a SIGSEGV generated by writing to a read-only page, a
>> SIGFPE generated by dividing a number by zero.
>>
>
> It is definitely possible in future to delivery CPU events as User
> Interrupts. The hardware architecture for this is still being worked
> on internally.
>
> Though our focus isn't on exceptions being delivered as User
> Interrupts. Do you have details on what type of benefit is expected?
>
Described in the use-cases we mentioned above.
>> - QUESTION: Is there is a rough draft/plan that we can refer to that
>> describes the
>> current thinking on these three cases.
>>
>> - QUESTION: Are there use cases for K2UST, or is K2UST the same as
>> CPU2UST?
>>
>
> No, K2UST isn't the same as CPU2UST. We would expect limited benefits
> from K2UST but on the other hand CPU2UST can provide significant
> speedup since it avoids the kernel completely.
>
> Unfortunately, due to the large scope of the feature, the hardware
> architecture development is happening in stages. I don't have detailed
> plans for each of the sources of User Interrupts.
>
> Here is our rough plan:
>
> 1. Provide a common infrastructure to receive User Interrupts. This is
> independent of the source of the interrupt. The intention here is to
> keep the software APIs generic and extendable so that future sources
> can be added without causing much disturbance to the older APIs.
>
> 2. Introduce various sources of User Interrupts in stages:
>
> UST2UST - This RFC. Available in the upcoming Sapphire Rapids processor.
>
> K2UST - Also available in upcoming Sapphire Rapids. Working towards
> proving the value before sending something out.
>
> D2UST - Future processor. Hardware architecture being worked on
> internally. Not much to share right now.
>
> CPU2UST - Future processor. Hardware architecture being worked on
> internally. Not much to share right now.
Thank you for the update, really appreciate it.
>
> The saving and restoring of the registers is done by gcc when the
> muintr flag along with the 'interrupt' attribute is used. Applications
> can choose to save floating point registers as part of the interrupt
> handler as well.
>
> To make it easier for applications we are working on implementing a
> thin library that can help with some of this common functionality like
> saving floating point registers or redirecting to 64 sub-handlers.
- QUESTION: Would this thin library also provide a mechanism to share
data between sender and receiver through shared memory (similar to
implementing Active message)?
- QUESTION: Is there a plan in the future to allow data to be
transmitted along with the interrupt?
>> # Multi-threaded parallel programming example
>>
>> One of the uses for UIs that we have been exploring is combining the
>> message-passing and shared memory models for parallel programming. In
>> our approach, message-passing is used for synchronization and shared
>> memory for data sharing. The message passing part of the programming
>> pattern is based loosely on Active Messages (See ISCA92), where a
>> particular thread can turn off/on interrupts to ignore incoming
>> messages so they can execute critical sections without having to
>> notify any other threads in the system.
>>
>
> This look like a good fit for the User IPI (UST2UST) implementation in
> this RFC. Have you had a chance to evaluate the current API design for
> this usage?
Our approach requires point-to-point communication to implement the
UST2UST use cases described above. From my understanding, the current
API requires (n-1)*n descriptors to enable point-to-point communication
(assuming a private UITT). Here, each receiver assigns a vector to the
UI file descriptor (uifd) and shares it with the appropriate sender.
This way, the receivers know the sender based on the vector.
Have other approaches to handling the case where the receiver needs to
know the sender's identity been explored? In particular, approaches that
do not require n^2 descriptors be created? In the context of the RFC,
one possibility we have thought about would be where the sender assigns
a vector to uifd (maybe based on its cpuid) and shares this information
to all receivers. This would possibly only require n descriptors.
> Also, is any of the above work publicly available?
Not yet. We are still working on it and hope to update you on it.
Best regards,
Chrisma and Seth