Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp521587imm; Mon, 2 Jul 2018 16:24:06 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcE1eIstKjZLrQaFqCJJUQNVYt7K6QNuCoWqjDzu3lMOfNYhxr9k41kJt4RU/G9CDWEb4FZ X-Received: by 2002:a63:f919:: with SMTP id h25-v6mr4366901pgi.401.1530573846619; Mon, 02 Jul 2018 16:24:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530573846; cv=none; d=google.com; s=arc-20160816; b=N2YFidoFv9Oh6npHlTjFCuV3LcRkJbZC7H//xB2n+/AmzxSGDRTfLMOnDa1gc6Xamv gMx9cUe/chTFpFaHO8+OjOTFFJH0jP+ZlolJugpt5nq8IzTQlWjAAntOh3Bc0r+LxC0R qXYeXqQnIxeDlAvTcppmMKUejD7lTuAtWusP1x+zQ6ywTIY3l6rJ8MncZMQZT9sD45Hu 6GCYwV5hOyUZxsxdSYY/TRur4TQq/QvTh7UIwyNp7iu4sKiaiajeRrrQTNIt6PDuK7/b mPNdRfEr6Xkysucpad5sArg4Qi9ubMt0So1A/u9EN6Lmf8gqcxT51weMBLUO7RFJNe5C SZ7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:dkim-signature:dkim-filter :arc-authentication-results; bh=mrk2eA3wNj0ODGObnH6ZLkJ3hhUHI9bPn/XAPu+95jM=; b=HZZLqATAG3R3juk/zrBU000L186VC7HpTW4I4hx+zLiBJIwnX0yOKAqClWB76suyVV iFR/UWBWpGuwAm5+jtNAoFfZkLhbF+y0js+Uh22oqawL9wCZyue3Oj1/35MvOOTiHmr2 tOi0ALapbDZwO5G58An1pfdcc7uQjC+gMB/TIHNwozutNx/h/kz2caLTJ8exf6J9UMwB JOJvgDfZvD/UH9S8xv6rihpDo59na7qU+Wr9Y+80nSOIcC8WXa+JvLEJ5Bahghli4UfA ptR+kThlSR5LFJrb01EfWMiFXI0qlGi34/yi+xIlqFa6qQch59P5M+nv3pFi2OwGEQ+k xGPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=IoTIICEQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w10-v6si17508185ply.482.2018.07.02.16.23.52; Mon, 02 Jul 2018 16:24:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=IoTIICEQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753560AbeGBXW0 (ORCPT + 99 others); Mon, 2 Jul 2018 19:22:26 -0400 Received: from mail.efficios.com ([167.114.142.138]:49138 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753342AbeGBXWX (ORCPT ); Mon, 2 Jul 2018 19:22:23 -0400 Received: from localhost (ip6-localhost [IPv6:::1]) by mail.efficios.com (Postfix) with ESMTP id 4ABD722FF81; Mon, 2 Jul 2018 19:22:23 -0400 (EDT) Received: from mail.efficios.com ([IPv6:::1]) by localhost (mail02.efficios.com [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id wGmD5gQuwi32; Mon, 2 Jul 2018 19:22:22 -0400 (EDT) Received: from localhost (ip6-localhost [IPv6:::1]) by mail.efficios.com (Postfix) with ESMTP id D8C0F22FF7E; Mon, 2 Jul 2018 19:22:22 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com D8C0F22FF7E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com; s=default; t=1530573742; bh=mrk2eA3wNj0ODGObnH6ZLkJ3hhUHI9bPn/XAPu+95jM=; h=Date:From:To:Message-ID:MIME-Version; b=IoTIICEQRBA6N3ybjsVAFCsdeSRCYFv6kn+UOrJqg8yjj3N2gRZd+Ipd/ewPk+lkK ursFH0I2AMINOD7bdZLwiY1SWJkma0Quk6Q1iqjQNQfMdIUM0m+SQB/vYCJNSUSb8U 4jDCgG/OSdDn9BNJWC5GYjpE0hLFemVXuNj73M47cxvMd7HkP+5Ksb9bGbZm3BrG/n RVe9wGHK5O36SdCl0JzjbGwA/a9lhF6OPnm0sk9FHDSnwDlgli9nt9t2ifmVNAWcBg ZLun4Y8ev6lqLxrOIes2zQ7Y/QkH+6oK+YbU6QwT7thRTeiLPnMN9YcPJKPCqLM8IU uml+3ZLkqsGAw== X-Virus-Scanned: amavisd-new at efficios.com Received: from mail.efficios.com ([IPv6:::1]) by localhost (mail02.efficios.com [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id cOmz9rW7b7vE; Mon, 2 Jul 2018 19:22:22 -0400 (EDT) Received: from mail02.efficios.com (mail02.efficios.com [167.114.142.138]) by mail.efficios.com (Postfix) with ESMTP id BC92322FF75; Mon, 2 Jul 2018 19:22:22 -0400 (EDT) Date: Mon, 2 Jul 2018 19:22:22 -0400 (EDT) From: Mathieu Desnoyers To: Linus Torvalds Cc: Thomas Gleixner , linux-kernel , linux-api , Peter Zijlstra , "Paul E. McKenney" , Boqun Feng , Andy Lutomirski , Dave Watson , Paul Turner , Andrew Morton , Russell King , Ingo Molnar , "H. Peter Anvin" , Andi Kleen , Chris Lameter , Ben Maurer , rostedt , Josh Triplett , Catalin Marinas , Will Deacon , Michael Kerrisk , Joel Fernandes Message-ID: <1959930320.10843.1530573742647.JavaMail.zimbra@efficios.com> In-Reply-To: <825871008.10839.1530573419561.JavaMail.zimbra@efficios.com> References: <20180702223143.4663-1-mathieu.desnoyers@efficios.com> <415287289.10831.1530572418907.JavaMail.zimbra@efficios.com> <825871008.10839.1530573419561.JavaMail.zimbra@efficios.com> Subject: Re: [RFC PATCH for 4.18] rseq: use __u64 for rseq_cs fields, validate user inputs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [167.114.142.138] X-Mailer: Zimbra 8.8.8_GA_2096 (ZimbraWebClient - FF52 (Linux)/8.8.8_GA_1703) Thread-Topic: rseq: use __u64 for rseq_cs fields, validate user inputs Thread-Index: SHiTQe7XPSOexphG2GWas6EadgayhV6KbVbs Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- On Jul 2, 2018, at 7:16 PM, Mathieu Desnoyers mathieu.desnoyers@efficios.com wrote: > ----- On Jul 2, 2018, at 7:06 PM, Linus Torvalds torvalds@linux-foundation.org > wrote: > >> On Mon, Jul 2, 2018 at 4:00 PM Mathieu Desnoyers >> wrote: >>> >>> Unfortunately, that rseq->rseq_cs field needs to be updated by user-space >>> with single-copy atomicity. Therefore, we want 32-bit user-space to initialize >>> the padding with 0, and only update the low bits with single-copy atomicity. >> >> Well... It's actually still single-copy atomicity as a 64-bit value. >> >> Why? Because it doesn't matter how you write the upper bits. You'll be >> writing the same value to them (zero) anyway. >> >> So who cares if the write ends up being two instructions, because the >> write to the upper bits doesn't actually *do* anything. >> >> Hmm? > > Are there any kind of guarantees that a __u64 update on a 32-bit architecture > won't be torn into something daft like byte-per-byte stores when performed > from C code ? > > I don't worry whether the upper bits get updated or how, but I really care > about not having store tearing of the low bits update. For the records, most updates of those low bits are done in assembly from critical sections, for which we control exactly how the update is performed. However, there is one helper function in user-space that updates that value from C through a volatile store, e.g.: static inline void rseq_prepare_unload(void) { __rseq_abi.rseq_cs = 0; } Thanks, Mathieu > > Thanks, > > Mathieu > > > -- > Mathieu Desnoyers > EfficiOS Inc. > http://www.efficios.com -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com