Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3506233imm; Fri, 24 Aug 2018 19:30:52 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYzXHIHUBvEJ9O3wpmlqJe364KSxZZ4ZawiWbTW+hKXYJSnRm6KZqlSTaYXo28GGD49X+Ek X-Received: by 2002:a63:e14a:: with SMTP id h10-v6mr3970827pgk.358.1535164251958; Fri, 24 Aug 2018 19:30:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535164251; cv=none; d=google.com; s=arc-20160816; b=o8qhf/9hQa2Gu/a7rxSMEz7kkDBE54qbetpHgLJ1X0s7cKN539JM1lpnAiF8riqmoM uqLFkBzXq4swlyGlFHwKjNCDlgGfRTzJilqYDP32kiSDw1k7CHzvKxYvmvlsS1hP8ZY/ 4Ri/EkIs3hSt6J5RieTiPtg2rccTyKU+LkyM76UiGt+kWzvN+Uo/VUoZUyIFjsl20Da3 LeUgPbz3gt2Ga1CbXO4ehrSYZNKwDJjZWGXZcsaxFqEUK1WbEeu0re8Iz9Lnvx1ZFxwu EHUKUD26aoYYE6DCyS7fsp2iGbMTxnzQRhb1hgjCDnCbeHYNIk1Bm5sIA2yoBS5XEB03 Wzaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date:dkim-signature:arc-authentication-results; bh=l/2s2t3rtE37tt0LycqUWsfX9GphsseHJOzzA5vuQTI=; b=J/viVJaGlIjOrun0i8XkqoyuEOm2/qvjUmM/WfFo2xN1jwX2ha6tWPrKssNz8jwi4y TpbgZ17lYB3ps9bCzJoCs0bpdnLP40EdcMj8Qa5k8TPCJEJiNloPjRBakhmeoCrWB9bj BZqM0wiDU3W03kXRA1CmOCdbxW3Bpb1Heqy0VJhN8VK+qSXRdwgMthtsurGMZtoxMWMr a8xqISOHtrXBXnoEbhfSDZUVQ01UsRTsr1Et513gxr85NKuT9sUBsgT5GTW30IucBkmD E/o7JQjqZgLXrp8RHjGy6ILUwPm2WyZxJHHQ3V0KhYEDqU07vWWywTUGAgBIXg6B5MAA XzOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=VhepF3+J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q132-v6si5170881pfc.159.2018.08.24.19.30.34; Fri, 24 Aug 2018 19:30:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=VhepF3+J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726358AbeHYGGg (ORCPT + 99 others); Sat, 25 Aug 2018 02:06:36 -0400 Received: from mail-pl1-f174.google.com ([209.85.214.174]:33380 "EHLO mail-pl1-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725881AbeHYGGg (ORCPT ); Sat, 25 Aug 2018 02:06:36 -0400 Received: by mail-pl1-f174.google.com with SMTP id 60-v6so1813704ple.0 for ; Fri, 24 Aug 2018 19:29:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:cc:from:message-id; bh=l/2s2t3rtE37tt0LycqUWsfX9GphsseHJOzzA5vuQTI=; b=VhepF3+J3OGjX2UZpFCg9Di4y8D4puOcyIFnZFOa6a1S9FzBxZ639SIRp9ApbtNJEs hf5ScEMm8SYJpcjB2j+t5rLTigjOxsPgCuZH4nI0XZzbA6D1+aEFg79ZMzZ2mu8MI615 UH1jve9Jxc6gVX7Ta1LsvhKf9NYxHNDPVTb2ACuP55HdcetKlQ9GU5c29QtaON364MXw VXbFCOh892F9RLnJLEuojK5QF4LM3a0Qsbhee31GWCH+t/33/ZKt8tfMj7ENrLrXc2eX gObvozue0U0VaVgULaxEpKjg13cEHO/gRspM+jpx45IdZkSQYXcfA+dIxpADVEx64G0V KvSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:user-agent:in-reply-to:references :mime-version:content-transfer-encoding:subject:to:cc:from :message-id; bh=l/2s2t3rtE37tt0LycqUWsfX9GphsseHJOzzA5vuQTI=; b=r3T/6ws7mlAlDsm/smjAsO4ydLEFeLHrDLzcl5OPqdOLWCTtPDAo+P4QZs/7U7dfQY Y4pg5MU/jMu6eIuyKIBSjLfAcidTeiT2K7HgF+fQ9vgh4u2c156gRpw18oSt5HDBFmXm 3DsvvZtQqfOtsesDvTfK6KCrggOCFt0e081L1acuBcJTC/C68o2Xsc5Y+PxMiH9BL3M6 mel20qL3VWoU5mAe9hEZBj5QVqdBBm0NUwzCduMw3Dg+rGan63aNwgsDjmSFTStsqxt4 P0Qtj6ShxiMTTI17HyuO2c+061FUbC/l2y/UYm7HEZ/CocbS6TldQpC0xvE3OAC/vAu5 eEnw== X-Gm-Message-State: APzg51AsDhkpb9Rzp2xSDSaSVMXw3lv3pccyLGZkoNl8nwNVWfbpOLfZ 2ufYHgR4Ac30tkYhSACaeW0= X-Received: by 2002:a17:902:7613:: with SMTP id k19-v6mr3997897pll.317.1535164161098; Fri, 24 Aug 2018 19:29:21 -0700 (PDT) Received: from [10.64.111.8] (c-98-234-136-180.hsd1.ca.comcast.net. [98.234.136.180]) by smtp.gmail.com with ESMTPSA id l27-v6sm17346388pfi.180.2018.08.24.19.29.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Aug 2018 19:29:20 -0700 (PDT) Date: Fri, 24 Aug 2018 19:29:02 -0700 User-Agent: K-9 Mail for Android In-Reply-To: References: <20180822153012.173508681@infradead.org> <20180822154046.823850812@infradead.org> <20180822155527.GF24124@hirez.programming.kicks-ass.net> <20180823134525.5f12b0d3@roar.ozlabs.ibm.com> <776104d4c8e4fc680004d69e3a4c2594b638b6d1.camel@au1.ibm.com> <20180823133958.GA1496@brain-police> <20180824084717.GK24124@hirez.programming.kicks-ass.net> <20180824180438.GS24124@hirez.programming.kicks-ass.net> <56A9902F-44BE-4520-A17C-26650FCC3A11@gmail.com> <9A38D3F4-2F75-401D-8B4D-83A844C9061B@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: TLB flushes on fixmap changes To: Linus Torvalds , Paolo Bonzini , Jiri Kosina , Masami Hiramatsu CC: Peter Zijlstra , Will Deacon , Benjamin Herrenschmidt , Nick Piggin , Andrew Lutomirski , the arch/x86 maintainers , Borislav Petkov , Rik van Riel , Jann Horn , Adin Scannell , Dave Hansen , Linux Kernel Mailing List , linux-mm , David Miller , Martin Schwidefsky , Michael Ellerman From: nadav.amit@gmail.com Message-ID: <8E0D8C66-6F21-4890-8984-B6B3082D4CC5@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On August 24, 2018 5:58:43 PM PDT, Linus Torvalds wrote: >Adding a few people to the cc=2E > >On Fri, Aug 24, 2018 at 1:24 PM Nadav Amit >wrote: >> > >> > Can you actually find something that changes the fixmaps after boot >> > (again, ignoring kmap)? >> >> At least the alternatives mechanism appears to do so=2E >> >> IIUC the following path is possible when adding a module: >> >> jump_label_add_module() >> ->__jump_label_update() >> ->arch_jump_label_transform() >> ->__jump_label_transform() >> ->text_poke_bp() >> ->text_poke() >> ->set_fixmap() > >Yeah, that looks a bit iffy=2E > >But making the tlb flush global wouldn't help=2E This is running on a >local core, and if there are other CPU's that can do this at the same >time, then they'd just fight about the same mapping=2E > >Honestly, I think it's ok just because I *hope* this is all serialized >anyway (jump_label_lock? But what about other users of text_poke?)=2E The users should hold text_mutex=2E > >But I'd be a lot happier about it if it either used an explicit lock >to make sure, or used per-cpu fixmap entries=2E My concern is that despite the lock, one core would do a speculative page = walk and cache a translation that soon after would become stale=2E > >And the tlb flush is done *after* the address is used, which is bogus >anyway=2E It seems to me that it is intended to remove the mapping that might be a s= ecurity issue=2E=C2=A0 But anyhow, set_fixmap and clear_fixmap perform a local TLB flush, (in __s= et_pte_vaddr()) so locally things should be fine=2E > >> And a similar path can happen when static_key_enable/disable() is >called=2E > >Same comments=2E > >How about replacing that > > local_irq_save(flags); > =2E=2E=2E do critical things here =2E=2E=2E > local_irq_restore(flags); > >in text_poke() with > > static DEFINE_SPINLOCK(poke_lock); > > spin_lock_irqsave(&poke_lock, flags); > =2E=2E=2E do critical things here =2E=2E=2E > spin_unlock_irqrestore(&poke_lock, flags); > >and moving the local_flush_tlb() to after the set_fixmaps, but before >the access through the virtual address=2E > >But changing things to do a global tlb flush would just be wrong=2E As I noted, I think that locking and local flushes as they are right now a= re fine (besides the redundant flush)=2E My concern is merely that speculative page walks on other cores would cach= e stale entries=2E --=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E