Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp5811610imd; Wed, 31 Oct 2018 02:21:29 -0700 (PDT) X-Google-Smtp-Source: AJdET5dlB/EH9f3orDcGSycLSDP5Rxi1Gtr4DeTMo3OzCx4IPjGgqxGa3X4csbx/GlP51M9dv4Kf X-Received: by 2002:a17:902:8bc7:: with SMTP id r7-v6mr2410683plo.249.1540977689144; Wed, 31 Oct 2018 02:21:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540977689; cv=none; d=google.com; s=arc-20160816; b=BqZr21a+KsKlYuMHiIBW6NEJ6dzKa+5xeGsTsCaUjS2zXks7BSdxU1eqP6o5VmMkQl ssFJlq8BLdBPacUedqGQA7F8UGo4+fO6/14dXXHLS2bLL07bJ1dS/LFKWES51zthTM4E OpCIcZ6oXSUIhwXo1CI2NEw3KhUJxwm9Qxxka7NTp1Wf6g+KAg9gyGn/sYFAvS6Sr6+s JFBFuFkGwGia+PAduTaK4rh8vryAMoiMh19j6fm65zSpuXFnq3wWRunuhWLLmtkkMR9y RGfezlL/VRJI+7EYWXnlC9+NX/PT06Gv5spsKMEXfaEXN0yqt6CC+LeWUkNzhPnFKFdO C09Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=fVhXZWXj81sT/c2mZE0H4mJ1k8z+LPDjNU9EBM9zVvU=; b=AnXHKj3e+OgRn3qgyoBfQsGmspaS9ekUA2MSqTortP5T+u8EMymSy2qD/9OLHtBZHj f65IcunEs8Dtz6JEN843d9Yq6WjOVALyedm1vLdjeAzwCq/6JXSTHQifuRticxBQgyq2 hdog/SKAmUUp3W+wTHXMHKqaT5i17AdWLBgbBbXnM6tqGhoyz6D4Lye+pY+iem08ybab 17DfQ5epg4neFWTsAZbG7zczH8UqumN9YNhcCDvQWF/OsKm6fgLlJSb/S1Y7kQeZT/J4 BJk/XK+wq/cpfGoVCw0qKFI5GmQdLxetNO1nMMFrwXlK7+xy8GZhiyew70AmFOXNyMeY AA8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="kzi+2D/u"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b35-v6si19358273pgb.183.2018.10.31.02.21.13; Wed, 31 Oct 2018 02:21:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="kzi+2D/u"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727986AbeJaSQv (ORCPT + 99 others); Wed, 31 Oct 2018 14:16:51 -0400 Received: from merlin.infradead.org ([205.233.59.134]:34784 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726054AbeJaSQv (ORCPT ); Wed, 31 Oct 2018 14:16:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=fVhXZWXj81sT/c2mZE0H4mJ1k8z+LPDjNU9EBM9zVvU=; b=kzi+2D/uyQhcVvTbEufaP92gn nyDe5p2eDCiO4FJ1nv9mXiBFr4+Vhifg605AxkPfkblc1H1mSQoK8vMeruUP3pWZLoFjCdV2D5r3C 6Z/4WYmD74tckX8XvozBI0epdKJ27Tg1xvCKwI4iEE61plq+4eJf27iO8jL13jAt9IEPEw1ZxbBpo KtPV3DmNlIHr8ZzdiYrXjL1GwYHfUUalZEV2bpe/59qZx/IV4gr6XuvQyTWvWRB6eyZVIYjolcQwq 33QzbBQh58hAxV5a/L2T8iLrfKE31Vqabllhz9w0kI8SVNmuNLKamKfs21WjbcyJP7y7dYRyApjHi jVfTTfo/Q==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux)) id 1gHmeS-0002R2-PK; Wed, 31 Oct 2018 09:19:01 +0000 Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 4A63A2029FA14; Wed, 31 Oct 2018 10:18:59 +0100 (CET) Date: Wed, 31 Oct 2018 10:18:59 +0100 From: Peter Zijlstra To: Dave Hansen Cc: Matthew Wilcox , Andy Lutomirski , Kees Cook , Igor Stoppa , Mimi Zohar , Dave Chinner , James Morris , Michal Hocko , Kernel Hardening , linux-integrity , linux-security-module , Igor Stoppa , Dave Hansen , Jonathan Corbet , Laura Abbott , Randy Dunlap , Mike Rapoport , "open list:DOCUMENTATION" , LKML , Thomas Gleixner Subject: Re: [PATCH 10/17] prmem: documentation Message-ID: <20181031091859.GI744@hirez.programming.kicks-ass.net> References: <20181023213504.28905-11-igor.stoppa@huawei.com> <20181026092609.GB3159@worktop.c.hoisthospitality.com> <20181028183126.GB744@hirez.programming.kicks-ass.net> <40cd77ce-f234-3213-f3cb-0c3137c5e201@gmail.com> <20181030152641.GE8177@hirez.programming.kicks-ass.net> <0A7AFB50-9ADE-4E12-B541-EC7839223B65@amacapital.net> <20181030175814.GB10491@bombadil.infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 30, 2018 at 11:03:51AM -0700, Dave Hansen wrote: > On 10/30/18 10:58 AM, Matthew Wilcox wrote: > > Does this satisfy Igor's requirements? We wouldn't be able to > > copy_to/from_user() while rare_mm was active. I think that's a feature > > though! It certainly satisfies my interests (kernel code be able to > > mark things as dynamically-allocated-and-read-only-after-initialisation) > > It has to be more than copy_to/from_user(), though, I think. > > rare_modify(q) either has to preempt_disable(), or we need to teach the > context-switching code when and how to switch in/out of the rare_mm. > preempt_disable() would also keep us from sleeping. Yes, I think we want to have preempt disable at the very least. We could indeed make the context switch code smart and teach is about this state, but I think allowing preemption in such section is a bad idea. We want to keep these sections short and simple (and bounded), such that they can be analyzed for correctness. Once you allow preemption, things tend to grow large and complex. Ideally we'd even disabled interrupts over this, to further limit what code runs in the rare_mm context. NMIs need special care anyway.