Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5432477imm;
        Sun, 26 Aug 2018 20:05:11 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdbolMNpDriePZ7oDNOke8wIc9qvo1X3LNumuML3jCZgikdzmoU+/UUpI6DDccL52Yn8rmsU
X-Received: by 2002:a63:d002:: with SMTP id z2-v6mr10709098pgf.262.1535339111642;
        Sun, 26 Aug 2018 20:05:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535339111; cv=none;
        d=google.com; s=arc-20160816;
        b=smm/fq/2oGPgb65nSFxctBK27O71FZ9rA6+bD+ZH26Q1Jtaq1pEZ5deixDSH+yuOdJ
         BikWVbLO/dVHKd/bVM6MWP7RMomEUzaJ74OIGX8VShs6aQa1bKA2tKS+H1/sV9Dl14Fl
         +LVA2Rt6VM46guUT40wJa3kbQsfW5kF+oOEcriSOvZ5lqsW9JXCKH+7TAlk2bIbegz6Y
         PwLHwC6I9IUleRoTvZeeXPY3lxzmSddU8zm5uFYEmnsSY/WQ3bIrHXtRqAiX6WwDBinO
         WvxN7P/TOk8Gesu/M6JdRBusZv3IpQGFUtwk2hx7kphP9HxrGI8yccBqCt+gZRxLtb6A
         GyzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature:arc-authentication-results;
        bh=wiznortXNd3JT7XfxKOu4b/ZwmReZR7A8xMUgc4q/qw=;
        b=UiK+cJ+EIV5fp+WpEhyzf/fJHCcOlU1wTpuYLKPi/ns4JL9L49Qmn42HHDVhnEUNmn
         8PMc8TWHioL5JkeWZjeYIqt6s2UQ8zvnJx61OGouVaJRIrClSn94daPf9ZqrwwkEqe1e
         ec3p02KjjkJa+sUwEnCjXUNhYS83xJ3eia8VERS8/uFmi2GpQFS94g2U3Sm70W2tYXgf
         viyVfhkP9UOCwXL+MEvN1h14LxBZZunygSla94L9f64p4RkR15Cg/yv0Lx8qjocq/DAb
         XTU/Rae5F2ikAqeNNeUL3L4mmivRAuAgmzGv8+rh6MIOTy/CoCWwsP52qkcyCVt/PA9h
         FVzQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=XOC4mHle;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a140-v6si15108265pfa.61.2018.08.26.20.04.56;
        Sun, 26 Aug 2018 20:05:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=XOC4mHle;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727291AbeH0Gru (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Mon, 27 Aug 2018 02:47:50 -0400
Received: from mail.kernel.org ([198.145.29.99]:47120 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727159AbeH0Grt (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Aug 2018 02:47:49 -0400
Received: from devbox (NE2965lan1.rev.em-net.ne.jp [210.141.244.193])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 816852152E;
        Mon, 27 Aug 2018 03:03:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1535338990;
        bh=ShMbFmWOmVvi4yAlw0lZ4RGLcxW7rf7sQjTXwk2T2TM=;
        h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
        b=XOC4mHleS01JD6pskysSAPqmtxSZdFmP5Q+KHSi7GklJRDpF/bxmaGz+d/bcCqm+E
         NRssxpxD+7asCHHb5VIyBoKi/BPx/VlTkaMEiBKakT3tdPPOHYMNTv3riRTg9mM6jd
         WMwfbxitGjz8XPoXRNgfPd8iFrgZsMZVPoj9MkvE=
Date:   Mon, 27 Aug 2018 12:03:05 +0900
From:   Masami Hiramatsu <mhiramat@kernel.org>
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     Andy Lutomirski <luto@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Nadav Amit <nadav.amit@gmail.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Jiri Kosina <jkosina@suse.cz>,
        Will Deacon <will.deacon@arm.com>,
        Benjamin Herrenschmidt <benh@au1.ibm.com>,
        Nick Piggin <npiggin@gmail.com>,
        the arch/x86 maintainers <x86@kernel.org>,
        Borislav Petkov <bp@alien8.de>,
        Rik van Riel <riel@surriel.com>,
        Jann Horn <jannh@google.com>,
        Adin Scannell <ascannell@google.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-mm <linux-mm@kvack.org>,
        David Miller <davem@davemloft.net>,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Michael Ellerman <mpe@ellerman.id.au>
Subject: Re: TLB flushes on fixmap changes
Message-Id: <20180827120305.01a6f26267c64610cadec5d8@kernel.org>
In-Reply-To: <20180826090958.GT24124@hirez.programming.kicks-ass.net>
References: <D74A89DF-0D89-4AB6-8A6B-93BEC9A83595@gmail.com>
        <20180824180438.GS24124@hirez.programming.kicks-ass.net>
        <56A9902F-44BE-4520-A17C-26650FCC3A11@gmail.com>
        <CA+55aFzerzTPm94jugheVmWg8dJre94yu+GyZGT9NNZanNx_qw@mail.gmail.com>
        <9A38D3F4-2F75-401D-8B4D-83A844C9061B@gmail.com>
        <CA+55aFz1KYT7fRRG98wei24spiVg7u1Ec66piWY5359ykFmezw@mail.gmail.com>
        <8E0D8C66-6F21-4890-8984-B6B3082D4CC5@gmail.com>
        <CALCETrWdeKBcEs7zAbpEM1YdYiT2UBXwPtF0mMTvcDX_KRpz1A@mail.gmail.com>
        <20180826112341.f77a528763e297cbc36058fa@kernel.org>
        <CALCETrXPaX-+R6Z9LqZp0uOVmq-TUX_ksPbUL7mnfbdqo6z2AA@mail.gmail.com>
        <20180826090958.GT24124@hirez.programming.kicks-ass.net>
X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, 26 Aug 2018 11:09:58 +0200
Peter Zijlstra <peterz@infradead.org> wrote:

> On Sat, Aug 25, 2018 at 09:21:22PM -0700, Andy Lutomirski wrote:
> > I just re-read text_poke().  It's, um, horrible.  Not only is the
> > implementation overcomplicated and probably buggy, but it's SLOOOOOW.
> > It's totally the wrong API -- poking one instruction at a time
> > basically can't be efficient on x86.  The API should either poke lots
> > of instructions at once or should be text_poke_begin(); ...;
> > text_poke_end();.
> 
> I don't think anybody ever cared about performance here. Only
> correctness. That whole text_poke_bp() thing is entirely tricky.

Agreed. Self modification is a special event.

> FWIW, before text_poke_bp(), text_poke() would only be used from
> stop_machine, so all the other CPUs would be stuck busy-waiting with
> IRQs disabled. These days, yeah, that's lots more dodgy, but yes
> text_mutex should be serializing all that.

I'm still not sure that speculative page-table walk can be done
over the mutex. Also, if the fixmap area is for aliasing
pages (which always mapped to memory), what kind of
security issue can happen?

Anyway, from the viewpoint of kprobes, either per-cpu fixmap or
changing CR3 sounds good to me. I think we don't even need per-cpu,
it can call a thread/function on a dedicated core (like the first
boot processor) and wait :) This may prevent leakage of pte change
to other cores.

> And on that, I so hate comments like: "must be called under foo_mutex",
> we have lockdep_assert_held() for that.

Indeed. I also think that text_poke() should not call BUG_ON, but
its caller should decide it is recoverable or not.

Thank you,

-- 
Masami Hiramatsu <mhiramat@kernel.org>