Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1121299ybi; Fri, 31 May 2019 14:17:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqwnLiTZiQFp2DRBOaOl602VUR9cWitudHzjsZioBe10ntp+kOzYUqC0/hvRe2nb3YZiwjod X-Received: by 2002:a17:90a:a616:: with SMTP id c22mr11969313pjq.46.1559337452682; Fri, 31 May 2019 14:17:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559337452; cv=none; d=google.com; s=arc-20160816; b=jx7Ff3+LLxeMR/eokILVFfcG3LqGfLUWhdyqkGyBUNrnqhiqs4sI8bQ8p30L4FVufM gYNritLQ7jy2g4ze9H49g9NziKloJQEoRZLTnKOloFDEFJP/TmaFS6QoALjZp+97nQOy X0DIM1V0cEnGE3zRBnwYTVok0SKr+4jku/EzEzThBzndPxguRYpESJQLlDgzN5bItqhc vRJ4IWDL+KgyFilMmKKcQvZAVx84WmHkjtWf2GsbhjzJrjei2xntOlu17KNKagLopx5Z MHilQ/Eq1QR7cCb9bucYhHUBmBvK2XsUdYj39nBZ0HkC61/AwMeB+00KiQnjLUd5AmJc YtDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=dlgKvOFFDqKUVwwhBYDTvEwCMRlm+Mvl5LlzBtNztfk=; b=TH2cV1s185nMT7hmA9mvOA8vz6MBHwxyY21CHwTuo11BHFbfS/lWnWBDrUHloCZKIj eWJ0I3YB/29Nbh4ntD/spe8BGbxeLZ4vZW2hP1m7I6rhDh5cq8sFKSBMUAcwsXea3Oup DbAZXWkaYiRZELEM+lZVzvjzVZRKGL8NeWODoo6M2IAmJ55+cys1vsYEvT/pReOuWySo hmB5oeIFL9KsK47C7m94fwmqHofE2gXIUiAQOk/wP64BcaOnrYQdjxjVPbK10nACBDfG We8oYpC/zkPCDVYYkcK+jl8M8oO6vwojZwGt25Dfbin+P8clmKtqOGr2tiShmRo4rLf+ OfAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=W9h3Qmtx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w18si7403909plq.297.2019.05.31.14.17.16; Fri, 31 May 2019 14:17:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=W9h3Qmtx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727685AbfEaVPC (ORCPT + 99 others); Fri, 31 May 2019 17:15:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:57938 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727605AbfEaVPC (ORCPT ); Fri, 31 May 2019 17:15:02 -0400 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C092D26F3A for ; Fri, 31 May 2019 21:15:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559337302; bh=gKgYNLBpeOOMUpEUJl708y2vi02Rzrqk2Rf+7SqGFoQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=W9h3QmtxYVFfKyGjxKV1kw7bQbisE5CwjZlEyxDo29IaBbYLLEUapXI/8I4VE/BbX rDO5MuObKn3SLMgQghdhuq6N3Fdjs/xtVteJnJL64uWlkOVwQ/mT2rez3marqg4WR9 Patymlv2TB0sF5Jbj4IY3c20acNrlTdqppRb0N7A= Received: by mail-wr1-f50.google.com with SMTP id h1so7360736wro.4 for ; Fri, 31 May 2019 14:15:01 -0700 (PDT) X-Gm-Message-State: APjAAAXq5gogHDp9E/mVKGOsDv45vRdZ8xgo556XyOPFrSJT6X0eKTbA nTXVtqPZXCN8X2TGO33NHpAa3nKx1bEAeqPZteGDhQ== X-Received: by 2002:adf:e9ca:: with SMTP id l10mr7529012wrn.47.1559337300326; Fri, 31 May 2019 14:15:00 -0700 (PDT) MIME-Version: 1.0 References: <20190531063645.4697-1-namit@vmware.com> <20190531063645.4697-12-namit@vmware.com> In-Reply-To: <20190531063645.4697-12-namit@vmware.com> From: Andy Lutomirski Date: Fri, 31 May 2019 14:14:49 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2 11/12] x86/mm/tlb: Use async and inline messages for flushing To: Nadav Amit Cc: Peter Zijlstra , Andy Lutomirski , Borislav Petkov , Dave Hansen , Ingo Molnar , Thomas Gleixner , X86 ML , LKML , Dave Hansen Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 30, 2019 at 11:37 PM Nadav Amit wrote: > > When we flush userspace mappings, we can defer the TLB flushes, as long > the following conditions are met: > > 1. No tables are freed, since otherwise speculative page walks might > cause machine-checks. > > 2. No one would access userspace before flush takes place. Specifically, > NMI handlers and kprobes would avoid accessing userspace. > I think I need to ask the big picture question. When someone calls flush_tlb_mm_range() (or the other entry points), if no page tables were freed, they want the guarantee that future accesses (initiated observably after the flush returns) will not use paging entries that were replaced by stores ordered before flush_tlb_mm_range(). We also need the guarantee that any effects from any memory access using the old paging entries will become globally visible before flush_tlb_mm_range(). I'm wondering if receipt of an IPI is enough to guarantee any of this. If CPU 1 sets a dirty bit and CPU 2 writes to the APIC to send an IPI to CPU 1, at what point is CPU 2 guaranteed to be able to observe the dirty bit? An interrupt entry today is fully serializing by the time it finishes, but interrupt entries are epicly slow, and I don't know if the APIC waits long enough. Heck, what if IRQs are off on the remote CPU? There are a handful of places where we touch user memory with IRQs off, and it's (sadly) possible for user code to turn off IRQs with iopl(). I *think* that Intel has stated recently that SMT siblings are guaranteed to stop speculating when you write to the APIC ICR to poke them, but SMT is very special. My general conclusion is that I think the code needs to document what is guaranteed and why. --Andy