Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1892756ybi; Mon, 1 Jul 2019 02:17:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqxvIny8/Pc9xamRpw1JNI7ls5jHl99P09yN7avlmlsqBCUn1Llg+n+CZblcW89D+dP29ezD X-Received: by 2002:a17:902:e211:: with SMTP id ce17mr27695118plb.193.1561972670196; Mon, 01 Jul 2019 02:17:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561972670; cv=none; d=google.com; s=arc-20160816; b=Dm3okx39tIImzjCb38DJuP961H3BoJQoNTtaEsBierdNYkmwPNkuDc+8Ru18APniAK rsi2ue7HsUtt4V2fP0haAgvouw2TGfznAprpN1XXmg914bSDxCyTn/kz0J5w1TyDKEmg 8sgKVaX97PTbj5He09nGWPS5yFIp84dwU2LiCO7e49CkEQmbJvysEW2JxYd+28rch1+k IYGs0ADnztpf9EaUYyp8G5lt2mbEYRQil3Vcx3OnvZwwCPK/ADDm0Eq8oP9SYOrth9y1 Ph/NXaBBA81QSmWHgYL8IEyxLDG+ni9sJWnO5mUTtQWJHw6yoXUq6MZmclLhfaGpQ+sT l/cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=xGDsMjp/fxCwMeoghwY/qJ/TWkABlNHEimUZUOoRRw4=; b=sMAZMl+wQ0r1NZL7lhBwZXbRrYooj9r8EFcqE0uvjYIHXGRizd/20zXacuXNh3xffH H4Dn3VegXFAJa3SGuIbGftY1nXMfbHlbC9mbavZJ03PEdoRlGIjs5EUSJpOYbga2aDoW c1GJ47nkKrrQfwQs5TtZ6K2q52ljTIUBB6Zh0yaD6fJsQQWTkW1a03hvfbUDil1wF2zf 23eWeJiw2Nhspt6saoDSMPUp6S0gvTSZPhvqDSvbpaWBRT11bJXwLTI+cb5D1/c+XNhm vTflhQ3sIffPOFaQH1rlRdBSY3MApWmKeUH9qLbNjzLbga0+oXwUhNt4n9H4eThpmRcE +W6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x12si7601334plo.64.2019.07.01.02.17.34; Mon, 01 Jul 2019 02:17:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728339AbfGAJRS (ORCPT + 99 others); Mon, 1 Jul 2019 05:17:18 -0400 Received: from foss.arm.com ([217.140.110.172]:58256 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728073AbfGAJRR (ORCPT ); Mon, 1 Jul 2019 05:17:17 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D1A8BCFC; Mon, 1 Jul 2019 02:17:16 -0700 (PDT) Received: from arrakis.emea.arm.com (arrakis.cambridge.arm.com [10.1.196.78]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 62CC23F718; Mon, 1 Jul 2019 02:17:14 -0700 (PDT) Date: Mon, 1 Jul 2019 10:17:12 +0100 From: Catalin Marinas To: Guo Ren Cc: Julien Grall , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, aou@eecs.berkeley.edu, gary@garyguo.net, Atish Patra , hch@infradead.org, paul.walmsley@sifive.com, rppt@linux.ibm.com, linux-riscv@lists.infradead.org, Anup Patel , Palmer Dabbelt , suzuki.poulose@arm.com, Marc Zyngier , julien.thierry@arm.com, Will Deacon , christoffer.dall@arm.com, james.morse@arm.com Subject: Re: [PATCH RFC 11/14] arm64: Move the ASID allocator code in a separate file Message-ID: <20190701091711.GA21774@arrakis.emea.arm.com> References: <20190321163623.20219-1-julien.grall@arm.com> <20190321163623.20219-12-julien.grall@arm.com> <0dfe120b-066a-2ac8-13bc-3f5a29e2caa3@arm.com> <20190621141606.GF18954@arrakis.emea.arm.com> <20190624153820.GH29120@arrakis.emea.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jun 30, 2019 at 12:29:46PM +0800, Guo Ren wrote: > On Mon, Jun 24, 2019 at 11:38 PM Catalin Marinas > wrote: > > On Mon, Jun 24, 2019 at 12:35:35AM +0800, Guo Ren wrote: > > > On Fri, Jun 21, 2019 at 10:16 PM Catalin Marinas > > > wrote: > > > > BTW, if you find the algorithm fairly straightforward ;), see this > > > > bug-fix which took a formal model to identify: a8ffaaa060b8 ("arm64: > > > > asid: Do not replace active_asids if already 0"). > > [...] > > > Btw, Is this detected by arm's aisd allocator TLA+ model ? Or a real > > > bug report ? > > > > This specific bug was found by the TLA+ model checker (at the time we > > were actually tracking down another bug with multi-threaded CPU sharing > > the TLB, bug also confirmed by the formal model). > > Could you tell me the ref-link about "another bug with multi-threaded > CPU sharing the TLB" ? > > In my concept, the multi-core asid mechanism is also applicable to > multi-thread shared TLB, but it will generate redundant tlbflush. From > the software design logic, multi-threaded is treated as multi-cores > without error, but performance is not optimized. From the ASID reservation/allocation perspective, the mechanism is the same between multi-threaded with a shared TLB and multi-core. On arm64, a local_flush_tlb_all() on a thread invalidates the TLB for the other threads of the same core. The actual problem with multi-threaded CPUs is a lot more subtle. Digging some internal email from 1.5 years ago and pasting it below (where "current ASID algorithm" refers to the one prior to the fix and CnP - Common Not Private - means shared TLBs on a multi-threaded CPU): The current ASID roll-over algorithm allows for a small window where active_asids for a CPU (P1) is different from the actual ASID in TTBR0. This can lead to a roll-over on a different CPU (P2) allocating an ASID (for a different task) which is still hardware-active on P1. A TLBI on a CPU (or a peer CPU with CnP) does not guarantee that all the entries corresponding to a valid TTBRx are removed as they can still be speculatively loaded immediately after TLBI. While having two different page tables with the same ASID on different CPUs should be fine without CnP, it becomes problematic when CnP is enabled: P1 P2 -- -- TTBR0.BADDR = T1 TTBR0.ASID = A1 check_and_switch_context(T2,A2) asid_maps[P1] = A2 goto fastpath check_and_switch_context(T3,A0) new_context ASID roll-over allocates A1 since it is not active TLBI ALL speculate TTBR0.ASID = A1 entry TTBR0.BADDR = T3 TTBR0.ASID = A1 TTBR0.BADDR = T2 TTBR0.ASID = A2 After this, the common TLB on P1 and P2 (CnP) contains entries corresponding to the old T1 and A1. Task T3 using the same ASID A1 can hit such entries. (T1,A1) will eventually be removed from the TLB on the next context switch on P1 since tlb_flush_pending was set but this is not guaranteed to happen. The fix on arm64 (as part of 5ffdfaedfa0a - "arm64: mm: Support Common Not Private translations") was to set the reserved TTBR0 in check_and_switch_context(), preventing speculative loads into the TLB being tagged with the wrong ASID. So this is specific to the ARM CPUs behaviour w.r.t. speculative TLB loads, it may not be the case (yet) for your architecture. -- Catalin