Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp921999imm;
        Tue, 3 Jul 2018 02:19:22 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLtU13YDAT7lel2iKg1InijmazPMS/7XP3OCWAKumQecjPwGmGUlSvLqKPvtWsqeKZf4c1s
X-Received: by 2002:a65:4a42:: with SMTP id a2-v6mr24970802pgu.367.1530609562863;
        Tue, 03 Jul 2018 02:19:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530609562; cv=none;
        d=google.com; s=arc-20160816;
        b=c0z9GcZ8AYpkA06j18dhqx1R0RdcTsAXy+CzSV5lOQfp06OgKvbZRUkF0Q+M/lnwUu
         YdQQYSu1z9z10+oewv/1D1JR4WFdA4xbVqsogkE2yJGxVliIzV3R0l9oPOQXfRtXgEjq
         pHSlnBpqyWyGYECo0mO8+gSrqRHXvhXzaAmc3jPpakkP5xGG3SYDpajEz3bVRD6CtYgO
         esfmS7ien3sFigCdBgvw8fO0rjYczP+nTRe4f2p2narFotFzfmYQJbVBAjIpEmxoKXlF
         08v/qUTmz/8AmSBIbxnFUcT9MUdwwDs59bfD4qigY8p9OrXgUWhGKuSTAS34Smoo0yks
         M2qg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-disposition
         :content-transfer-encoding:message-id:in-reply-to:mime-version
         :references:subject:to:from:date:arc-authentication-results;
        bh=2qtPLURKfKTJBVYsrrrZQcGDPkF57o+X+Q9M+2eGzJg=;
        b=AuNL65SGtIJ62N8H+tO3lm9zjagBNdopUPVcBKnVCqIc4zsSHrH0uo9V4j0RWjDqe0
         miP1hEOMjmz8kA/4uamHYf38GpAHy8BeVGT3KQ6auAVJkjwrgvxUZ07Lw4ozraeUJ10h
         zxwTNvkCOFnXGP82XJFnAb3S1pFPuedkGVUCIAA8rkdl5MFLr/rW+uifemIifGTjHTdJ
         WLjS0/VB0N2TkCf6MVeIcTp8NOIkwDOtfntlSvFYmMRVSvTgmB84/EbmT76JtiCkDQmE
         T3uJPTWfOuskTmu/x0zpkG6M4cbTy1uQ1mCgCE6eLIoaCa3GK3DRJbcrtmEGepJt0bAQ
         hNBQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c4-v6si742436pfk.361.2018.07.03.02.19.08;
        Tue, 03 Jul 2018 02:19:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754706AbeGCJRb (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 99 others); Tue, 3 Jul 2018 05:17:31 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:34892 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1754606AbeGCJR3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 3 Jul 2018 05:17:29 -0400
Received: from pps.filterd (m0098421.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w639EBgQ113897
        for <linux-kernel@vger.kernel.org>; Tue, 3 Jul 2018 05:17:29 -0400
Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2k02ec9mfe-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Tue, 03 Jul 2018 05:17:28 -0400
Received: from localhost
        by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <heiko.carstens@de.ibm.com>;
        Tue, 3 Jul 2018 10:17:26 +0100
Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198)
        by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Tue, 3 Jul 2018 10:17:21 +0100
Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59])
        by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w639HKxB27852902
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Tue, 3 Jul 2018 09:17:20 GMT
Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id A2321A404D;
        Tue,  3 Jul 2018 12:17:45 +0100 (BST)
Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id EEA83A4040;
        Tue,  3 Jul 2018 12:17:44 +0100 (BST)
Received: from osiris (unknown [9.152.212.90])
        by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTPS;
        Tue,  3 Jul 2018 12:17:44 +0100 (BST)
Date:   Tue, 3 Jul 2018 11:17:17 +0200
From:   Heiko Carstens <heiko.carstens@de.ibm.com>
To:     Peter Zijlstra <peterz@infradead.org>,
        Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Thomas Gleixner <tglx@linutronix.de>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        linux-api <linux-api@vger.kernel.org>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
        Boqun Feng <boqun.feng@gmail.com>,
        Dave Watson <davejwatson@fb.com>, Paul Turner <pjt@google.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Russell King <linux@arm.linux.org.uk>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Andi Kleen <andi@firstfloor.org>,
        Chris Lameter <cl@linux.com>, Ben Maurer <bmaurer@fb.com>,
        rostedt <rostedt@goodmis.org>,
        Josh Triplett <josh@joshtriplett.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Joel Fernandes <joelaf@google.com>, michal.simek@xilinx.com,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Vasily Gorbik <gor@linux.ibm.com>
Subject: Re: [RFC PATCH for 4.18] rseq: use __u64 for rseq_cs fields,
 validate user inputs
References: <1959930320.10843.1530573742647.JavaMail.zimbra@efficios.com>
 <8B2E4CEB-3080-4602-8B62-774E400892EB@amacapital.net>
 <459661281.10865.1530580742205.JavaMail.zimbra@efficios.com>
 <858886246.10882.1530583291379.JavaMail.zimbra@efficios.com>
 <CA+55aFxWMjwx-4TGBHt0H6bh6FXC3NKMsjp=eKGw5cgA4wMBUA@mail.gmail.com>
 <1776351430.10902.1530585009519.JavaMail.zimbra@efficios.com>
 <20180703081449.GT2494@hirez.programming.kicks-ass.net>
 <20180703082955.GH3704@osiris>
 <20180703084312.GU2494@hirez.programming.kicks-ass.net>
 <20180703085546.GJ3704@osiris>
MIME-Version: 1.0
In-Reply-To: <20180703085546.GJ3704@osiris>
X-TM-AS-GCONF: 00
x-cbid: 18070309-0016-0000-0000-000001E2D1FA
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18070309-0017-0000-0000-000032372EB2
Message-Id: <20180703091717.GK3704@osiris>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-07-03_03:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=425 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1806210000 definitions=main-1807030105
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jul 03, 2018 at 10:55:46AM +0200, Heiko Carstens wrote:
> > > > We're piece-wise enabling rseq across architectures anyway, and when the
> > > > relevant maintains do this, they can have a look at their
> > > > {get,put}_user() implementations and fix them.
> > > > 
> > > > If you rely on get_user(u64) working, that means microblaze is already
> > > > broken, but I suppose it already was, since their rseq enablement patch
> > > > is extremely dodgy. Michal?
> > > 
> > > s390 uses the mvcos instruction to implement get_user(). That instruction
> > > is not defined to be atomic, but may copy bytes piecemeal.. I had the
> > > impression that the rseq fields are supposed to be updated within the
> > > context of a single thread (user + kernel space).
> > > 
> > > However if another user space thread is allowed to do this as well, then
> > > the get_user() approach won't fly on s390.
> > > 
> > > That leaves the question: does it even make sense for a thread to update
> > > the rseq structure of a different thread?
> > 
> > The problem is interrupts; we need interrupts on the CPU doing the store
> > to observe either the old or the new value, not a mix.
> > 
> > If mvcos does not guarantee that, we're having problems. Is there a
> > reason get_user() cannot use a 'regular' load?
> 
> Well, that's single instruction semantics. This is something we actually
> can guarantee, since the mvcos instruction itself won't be interrupted and
> copies all 1/2/4/8 bytes in a row.
> 
> So we are talking about that single instructions are required and not
> atomic accesses?

And to answer also your question: we don't use a regular load, since we
would have to use 'sacf' construct surrounding the load instruction which
would be much slower.
We have something like that implemented for the futex atomic ops, and we
could also implement something like that for this use case
(e.g. get_user_atomic()), if really needed.