Received: by 10.213.65.68 with SMTP id h4csp1113363imn; Wed, 14 Mar 2018 09:59:40 -0700 (PDT) X-Google-Smtp-Source: AG47ELsYnK0ZrWDc4hzPpHo9Qm0ra+RYcv7HduDuu/FOtHM5+Cl3oeNLhYdk8SRMS9zXgK2MNrXz X-Received: by 10.99.111.2 with SMTP id k2mr4108400pgc.199.1521046780076; Wed, 14 Mar 2018 09:59:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521046780; cv=none; d=google.com; s=arc-20160816; b=OS05JMXOHuJ/HnlK+CqDwF7A3dbCvXLRbtMSA2UxwzRKBTpqk+1v/L7BmTc7ZEVFGW 3cJ4QqcDEmWZdtMSYIvRwBLL846zLswT5jhlVbMSASvryGbhvRaUxyYrozPtD8+aQ+nz /w39o9OgDRkX1SUqzYWWVno5tWf2LCF006IPb8Cc3zXtY8QBTGu1SHwD6/hJidsHS13n UbuAw7/UajGKZOJ6ugBGAwgW/YAXYkbctOrKlL7fybSX5nIworky2vDLk6cKgLs9l0d5 5MNnk3G25z6YDUC1TEAz1x7aogzEWAAthMvdzxc8FJt4RHlkHnlGPzUyzT0RnOzZIf/9 9QPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=sN8LNmLtILJX3OEGDXEOb4IJNuHFjtM+FhNeJuCMuEQ=; b=GMwhMUHUIeMa525a7X0XM5ss7ATnRMw85jS6Bwkx/EQqfp5X5cI1S7ZrOGcGTFC85G FYm8TEsRde8brd1IDBQ1zmViDG+GSuY5zcDqaUCIAA/kYOcWk1/WlzRZbwxv/lmaXiN3 BYhPn5VS5gBDK9QgTq6N1Feg1+DSUBNjf2EgL2EeLNG0D3ODiyTfmqW/z0I5LgIox3wc pTGopKDvgbbN9vPtIbfFeIQNdzEc4rJ9efScMF90ECTUEWDIW3UP4iokGcX9TkncFkLW OxZUASaioWcxTFfHECC2EZhoE+E2mmA0q3ZIQuMfuZywwqIishGln9QmBdEZq+l8Wtma kybg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=synopsys.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i6-v6si2212368plt.186.2018.03.14.09.59.24; Wed, 14 Mar 2018 09:59:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=synopsys.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751555AbeCNQ6d (ORCPT + 99 others); Wed, 14 Mar 2018 12:58:33 -0400 Received: from smtprelay.synopsys.com ([198.182.60.111]:44524 "EHLO smtprelay.synopsys.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750950AbeCNQ6b (ORCPT ); Wed, 14 Mar 2018 12:58:31 -0400 Received: from mailhost.synopsys.com (mailhost1.synopsys.com [10.12.238.239]) by smtprelay.synopsys.com (Postfix) with ESMTP id 376B710C0D63; Wed, 14 Mar 2018 09:58:31 -0700 (PDT) Received: from mailhost.synopsys.com (localhost [127.0.0.1]) by mailhost.synopsys.com (Postfix) with ESMTP id F3EDC5697; Wed, 14 Mar 2018 09:58:30 -0700 (PDT) Received: from us01wehtc1.internal.synopsys.com (us01wehtc1-vip.internal.synopsys.com [10.12.239.236]) by mailhost.synopsys.com (Postfix) with ESMTP id E719B5693; Wed, 14 Mar 2018 09:58:30 -0700 (PDT) Received: from IN01WEHTCB.internal.synopsys.com (10.144.199.106) by us01wehtc1.internal.synopsys.com (10.12.239.235) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 14 Mar 2018 09:58:26 -0700 Received: from IN01WEHTCA.internal.synopsys.com (10.144.199.103) by IN01WEHTCB.internal.synopsys.com (10.144.199.105) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 14 Mar 2018 22:28:23 +0530 Received: from [10.10.161.84] (10.10.161.84) by IN01WEHTCA.internal.synopsys.com (10.144.199.243) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 14 Mar 2018 22:28:23 +0530 Subject: Re: arc_usr_cmpxchg and preemption To: Alexey Brodkin CC: Peter Zijlstra , "linux-snps-arc@lists.infradead.org" , lkml , "linux-arch@vger.kernel.org" References: <1521045375.11552.27.camel@synopsys.com> From: Vineet Gupta Message-ID: Date: Wed, 14 Mar 2018 09:58:19 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1521045375.11552.27.camel@synopsys.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.10.161.84] Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +CC linux-arch, Peter for any preemption insights ! On 03/14/2018 09:36 AM, Alexey Brodkin wrote: > Hi Vineet, > > While debugging a segfault of user-space app on system without atomic ops > (I mean LLOCK/SCOND) I understood the root-cause is in implementation > of kernel's __NR_arc_usr_cmpxchg syscall which is supposed to emulate mentioned > atomic ops for user-space. > > So here's a problem. > > 1. User-space app [via libc] triggers __NR_arc_usr_cmpxchg syscall, > we enter arc_usr_cmpxchg()which basically does: > ---------------------------->8------------------------------- > preempt_disable(); > __get_user(uval, uaddr); > __put_user(new, uaddr); > preempt_enable(); > ---------------------------->8------------------------------- > > 2. Most of the time everything is fine because __get_user()/__put_user() > for ARC is just LD/ST. > > 3. Rarely user's variable is situated in not yet allocated page. > Here I mean copy-on-write case, when a page has read-only flag in TLB. > In that case __get_user() succeeds but __put_user() causes Privilege > Violation exception and we enter do_page_fault() where new page allocation > with proper access bits is supposed to happen... but that never happens > because with preempt_disable() we set in_atomic() which set > faulthandler_disabled() and so we exit early from page fault handler > effectively with nothing done, i.e. user's variable is left unchanged > which in its turn causes very strange problems later down the line because > we don't notify user-space app about failed data modification. Interesting problem ! But what is special here, I would think syscalls in general could hit this. > > The simplest fix is to not mess with preemption: > ---------------------------->8------------------------------- > diff --git a/arch/arc/kernel/process.c b/arch/arc/kernel/process.c > index 5ac3b547453f..d1713d8d3981 100644 > --- a/arch/arc/kernel/process.c > +++ b/arch/arc/kernel/process.c > @@ -63,8 +63,6 @@ SYSCALL_DEFINE3(arc_usr_cmpxchg, int *, uaddr, int, expected, int, new) > if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int))) > return -EFAULT; > > - preempt_disable(); > - > if (__get_user(uval, uaddr)) > goto done; ... ... > done: > - preempt_enable(); > - > return uval; > } > ---------------------------->8------------------------------- > > But I'm not really sure how safe is that. Well it is broken wrt the semantics the syscall is supposed to provide. Preemption disabling is what prevents a concurrent thread from coming in and modifying the same location (Imagine a variable which is being cmpxchg concurrently by 2 threads). One approach is to do it the MIPS way, emulate the llsc flag - set it under preemption disabled section and clear it in switch_to see arch/mips/kernel/syscall.c