Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp872567imm; Tue, 15 May 2018 10:21:30 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr3av2tszvVQMXrPThFmCCgSBE5Y9JMpXvygwZnD87p113cS2tl6TMZy2mkUGLkBwOk8GRL X-Received: by 2002:a63:6842:: with SMTP id d63-v6mr13027643pgc.304.1526404890595; Tue, 15 May 2018 10:21:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526404890; cv=none; d=google.com; s=arc-20160816; b=JV8tcxdrp+AiB5VPaopX9UEcm87gvA2HYhpDzaymtVB0iB+Cq4/LGCijymawdHs3/E in7s4hKQ1xNK8RFnWka+TYVu4maPsk21eSQ/+3p6XM7wTLG/0xF1md5QRZ5FHF9B9SJu jIw6Jqpa5UmcxHsvpccB2WGcI6lqSIwdYvGguuGqpCpCi1d1VgdeK/DiSzWnPhXTTSjW k8AN0yU4DjobbKBJMxyHjPCqaqoNPBT88Re4wp3hAvNaTHJQL8n3g/AHanX8HXYp+juO GZG8Uf/qMOhiDoHwt/FAT2hwmw0jbLknSprvojzeBnxoxRHsYkHD1GpgiYu0th+bc6/A HgoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=5neMRbfTfHMh7uAwfcvkOkq+h31OeA8dELdwIzcb1Ls=; b=peb/wVekfuYYmAmqpMPS5vF4w43cY7g9/0GUO+oJffYc0yBfZZ/mc4Q/ZaN0iYYHXT +GbRZVhr/UUno3pzUjkkNhhoi36J9O4QTKVDfuJwxtQDAJWSDu+6hsDE6ihEQ07jISBb W9KOGccLLmX+E9ZhxlnenX+8YWjzHA6ZKKidWpRya0/6ARkJAEDK0L4UWAdsvVbxQlu1 Ji8zvk15Zl/hT0W9CV9u8X3psE1kFoEqPfbyEK1/cNLFiKuInFVCq/d3gr/YaXpv/ZiK p06cdjShPr2Zzoi1Q8M8DDeqoD/RfmVC6FEZeXHPKATbMuJml3BeitAZtlxjpiPXceXw lwHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l18-v6si484570pfe.299.2018.05.15.10.21.15; Tue, 15 May 2018 10:21:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932158AbeEORUu (ORCPT + 99 others); Tue, 15 May 2018 13:20:50 -0400 Received: from mga04.intel.com ([192.55.52.120]:47138 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932143AbeEORUt (ORCPT ); Tue, 15 May 2018 13:20:49 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 May 2018 10:20:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,404,1520924400"; d="scan'208";a="42019076" Received: from romley-ivt3.sc.intel.com ([172.25.110.60]) by orsmga006.jf.intel.com with ESMTP; 15 May 2018 10:20:47 -0700 Date: Tue, 15 May 2018 10:21:15 -0700 From: Fenghua Yu To: Dave Hansen Cc: Fenghua Yu , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Ashok Raj , Ravi V Shankar , Tony Luck , Rafael Wysocki , Arjan van de Ven , Alan Cox , x86 , linux-kernel Subject: Re: [PATCH 03/15] x86/split_lock: Handle #AC exception for split lock in kernel mode Message-ID: <20180515172115.GB244301@romley-ivt3.sc.intel.com> References: <1526323945-211107-1-git-send-email-fenghua.yu@intel.com> <1526323945-211107-4-git-send-email-fenghua.yu@intel.com> <03909bf6-2dc5-f5e4-d6bc-a4ebaf20709d@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <03909bf6-2dc5-f5e4-d6bc-a4ebaf20709d@intel.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 15, 2018 at 08:51:24AM -0700, Dave Hansen wrote: > On 05/14/2018 11:52 AM, Fenghua Yu wrote: > > +#define delay_ms 1 > > That seems like a dangerously-generic name that should not be a #define > anyway. Sure. I will change it to #define split_lock_delay_ms 1 > > > +static void delayed_reenable_split_lock(struct work_struct *w) > > +{ > > + if (split_lock_ac == ENABLE_SPLIT_LOCK_AC) > > + _setup_split_lock(ENABLE_SPLIT_LOCK_AC); > > +} > > This seems like it might get confusing. We have the split lock ac > *mode* (what the kernel is doing overall) and also the *status* (what > mode the CPU is in at the moment). > > The naming here doesn't really split up those two concepts very well. To check the status and re-enable split lock is complex because the MSR is shared among threads in one core and locking could be complex. I will re-think about this code... > > > +/* Will the faulting instruction be re-executed? */ > > +static bool re_execute(struct pt_regs *regs) > > +{ > > + /* > > + * The only reason for generating #AC from kernel is because of > > + * split lock. The kernel faulting instruction will be re-executed. > > + */ > > + if (!user_mode(regs)) > > + return true; > > + > > + return false; > > +} > > This helper with a single user is a bit unnecessary. Just open-code > this and move the comments into the caller. In this patch, this helper is only used for checking kernel mode. Then in patch #11, this helper will add checking user mode code. It would be better to have a helper defined and called. > > > +/* > > + * #AC handler for kernel split lock is called by generic #AC handler. > > + * > > + * Disable #AC for split lock on this CPU so that the faulting instruction > > + * gets executed. The #AC for split lock is re-enabled later. > > + */ > > +bool do_split_lock_exception(struct pt_regs *regs, unsigned long error_code) > > +{ > > + unsigned long delay = msecs_to_jiffies(delay_ms); > > + unsigned long address = read_cr2(); /* Get the faulting address */ > > + int this_cpu = smp_processor_id(); > > How does this end up working? This seems to depend on this handler not > getting preempted. Maybe change the handler to: this_cpu = task_cpu(current); Then disable split lock on this_cpu. Re-enable split lock on this_cpu (already in this way). Does this sound better? > > > + if (!re_execute(regs)) > > + return false; > > + > > + pr_info_ratelimited("Alignment check for split lock at %lx\n", address); > > This is a potential KASLR bypass, I believe. We shouldn't be printing > raw kernel addresses. > > We have some nice printk's for page faults that give you kernel symbols. > Could you copy one of those? Sure. Will do that. > > > diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c > > index 03f3d7695dac..c07b817bbbe9 100644 > > --- a/arch/x86/kernel/traps.c > > +++ b/arch/x86/kernel/traps.c > > @@ -61,6 +61,7 @@ > > #include > > #include > > #include > > +#include > > > > #ifdef CONFIG_X86_64 > > #include > > @@ -286,10 +287,21 @@ static void do_error_trap(struct pt_regs *regs, long error_code, char *str, > > unsigned long trapnr, int signr) > > { > > siginfo_t info; > > + int ret; > > > > RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU"); > > > > /* > > + * #AC exception could be handled by split lock handler. > > + * If the handler can't handle the exception, go to generic #AC handler. > > + */ > > + if (trapnr == X86_TRAP_AC) { > > + ret = do_split_lock_exception(regs, error_code); > > + if (ret) > > + return; > > + } > > Why are you hooking into do_error_trap()? Shouldn't you just be > installing do_split_lock_exception() as *the* #AC handler and put it in > the IDT? > Split lock is not the only reason that causes #AC. #AC can be caused by user turning on AC bit in EFLAGS, which is just cache line misalignment and is different from split lock. So split lock is sharing the handler with another #AC case and can't be installed seperately from previous #AC handler, right? Thanks. -Fenghua