Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5432477imm; Sun, 26 Aug 2018 20:05:11 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbolMNpDriePZ7oDNOke8wIc9qvo1X3LNumuML3jCZgikdzmoU+/UUpI6DDccL52Yn8rmsU X-Received: by 2002:a63:d002:: with SMTP id z2-v6mr10709098pgf.262.1535339111642; Sun, 26 Aug 2018 20:05:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535339111; cv=none; d=google.com; s=arc-20160816; b=smm/fq/2oGPgb65nSFxctBK27O71FZ9rA6+bD+ZH26Q1Jtaq1pEZ5deixDSH+yuOdJ BikWVbLO/dVHKd/bVM6MWP7RMomEUzaJ74OIGX8VShs6aQa1bKA2tKS+H1/sV9Dl14Fl +LVA2Rt6VM46guUT40wJa3kbQsfW5kF+oOEcriSOvZ5lqsW9JXCKH+7TAlk2bIbegz6Y PwLHwC6I9IUleRoTvZeeXPY3lxzmSddU8zm5uFYEmnsSY/WQ3bIrHXtRqAiX6WwDBinO WvxN7P/TOk8Gesu/M6JdRBusZv3IpQGFUtwk2hx7kphP9HxrGI8yccBqCt+gZRxLtb6A GyzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature:arc-authentication-results; bh=wiznortXNd3JT7XfxKOu4b/ZwmReZR7A8xMUgc4q/qw=; b=UiK+cJ+EIV5fp+WpEhyzf/fJHCcOlU1wTpuYLKPi/ns4JL9L49Qmn42HHDVhnEUNmn 8PMc8TWHioL5JkeWZjeYIqt6s2UQ8zvnJx61OGouVaJRIrClSn94daPf9ZqrwwkEqe1e ec3p02KjjkJa+sUwEnCjXUNhYS83xJ3eia8VERS8/uFmi2GpQFS94g2U3Sm70W2tYXgf viyVfhkP9UOCwXL+MEvN1h14LxBZZunygSla94L9f64p4RkR15Cg/yv0Lx8qjocq/DAb XTU/Rae5F2ikAqeNNeUL3L4mmivRAuAgmzGv8+rh6MIOTy/CoCWwsP52qkcyCVt/PA9h FVzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XOC4mHle; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a140-v6si15108265pfa.61.2018.08.26.20.04.56; Sun, 26 Aug 2018 20:05:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XOC4mHle; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727291AbeH0Gru (ORCPT + 99 others); Mon, 27 Aug 2018 02:47:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:47120 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727159AbeH0Grt (ORCPT ); Mon, 27 Aug 2018 02:47:49 -0400 Received: from devbox (NE2965lan1.rev.em-net.ne.jp [210.141.244.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 816852152E; Mon, 27 Aug 2018 03:03:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1535338990; bh=ShMbFmWOmVvi4yAlw0lZ4RGLcxW7rf7sQjTXwk2T2TM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=XOC4mHleS01JD6pskysSAPqmtxSZdFmP5Q+KHSi7GklJRDpF/bxmaGz+d/bcCqm+E NRssxpxD+7asCHHb5VIyBoKi/BPx/VlTkaMEiBKakT3tdPPOHYMNTv3riRTg9mM6jd WMwfbxitGjz8XPoXRNgfPd8iFrgZsMZVPoj9MkvE= Date: Mon, 27 Aug 2018 12:03:05 +0900 From: Masami Hiramatsu To: Peter Zijlstra Cc: Andy Lutomirski , Masami Hiramatsu , Kees Cook , Nadav Amit , Linus Torvalds , Paolo Bonzini , Jiri Kosina , Will Deacon , Benjamin Herrenschmidt , Nick Piggin , the arch/x86 maintainers , Borislav Petkov , Rik van Riel , Jann Horn , Adin Scannell , Dave Hansen , Linux Kernel Mailing List , linux-mm , David Miller , Martin Schwidefsky , Michael Ellerman Subject: Re: TLB flushes on fixmap changes Message-Id: <20180827120305.01a6f26267c64610cadec5d8@kernel.org> In-Reply-To: <20180826090958.GT24124@hirez.programming.kicks-ass.net> References: <20180824180438.GS24124@hirez.programming.kicks-ass.net> <56A9902F-44BE-4520-A17C-26650FCC3A11@gmail.com> <9A38D3F4-2F75-401D-8B4D-83A844C9061B@gmail.com> <8E0D8C66-6F21-4890-8984-B6B3082D4CC5@gmail.com> <20180826112341.f77a528763e297cbc36058fa@kernel.org> <20180826090958.GT24124@hirez.programming.kicks-ass.net> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 26 Aug 2018 11:09:58 +0200 Peter Zijlstra wrote: > On Sat, Aug 25, 2018 at 09:21:22PM -0700, Andy Lutomirski wrote: > > I just re-read text_poke(). It's, um, horrible. Not only is the > > implementation overcomplicated and probably buggy, but it's SLOOOOOW. > > It's totally the wrong API -- poking one instruction at a time > > basically can't be efficient on x86. The API should either poke lots > > of instructions at once or should be text_poke_begin(); ...; > > text_poke_end();. > > I don't think anybody ever cared about performance here. Only > correctness. That whole text_poke_bp() thing is entirely tricky. Agreed. Self modification is a special event. > FWIW, before text_poke_bp(), text_poke() would only be used from > stop_machine, so all the other CPUs would be stuck busy-waiting with > IRQs disabled. These days, yeah, that's lots more dodgy, but yes > text_mutex should be serializing all that. I'm still not sure that speculative page-table walk can be done over the mutex. Also, if the fixmap area is for aliasing pages (which always mapped to memory), what kind of security issue can happen? Anyway, from the viewpoint of kprobes, either per-cpu fixmap or changing CR3 sounds good to me. I think we don't even need per-cpu, it can call a thread/function on a dedicated core (like the first boot processor) and wait :) This may prevent leakage of pte change to other cores. > And on that, I so hate comments like: "must be called under foo_mutex", > we have lockdep_assert_held() for that. Indeed. I also think that text_poke() should not call BUG_ON, but its caller should decide it is recoverable or not. Thank you, -- Masami Hiramatsu