Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp267099ybi; Mon, 15 Jul 2019 20:32:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqxQ4/6FuhKiGCrh+5CRHHiJ18yBDS3uqYrA010nAhiCeDb5vG7kTnnpsAWEn7At/xKcoHM/ X-Received: by 2002:a65:5c0a:: with SMTP id u10mr31427500pgr.412.1563247938053; Mon, 15 Jul 2019 20:32:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563247938; cv=none; d=google.com; s=arc-20160816; b=dQMMyF8qvt1ySU7nbstN+xKvQXuufj4NAQMDViiFjYYM+STKiB+mYfZpR/HZys4xK5 +YopKzsuYPEe1mg3PY1JMbnWA0p0glr2ZJgcL88FCoL3wF3ChhRcR20/XyjMdobmUcNr SDznSPsQFEJZHw1uEDcnYMXcanLeD5GQs4knI/rmRMQ0+4SG1mvcK7dJ3ySAojHP/Kax uRJKQ9S4eklsMMqVFoLs8xIFv9PCcBoO/44+j/iFS8No0ghAmOwttDTjDUx6p1Ne19+2 RzNTLpMDt9ecogHTr0MBIxQ2qmdrSagHsRn47xecW7RLk4x16kbGXZDe7xOltxjHL/cO PiWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=O5MSebHC1DauN4bJDQI6shJlWNyy5WxsJ8yKk+Kbnzc=; b=bvLvAHdU0Sr2Zze0lKgqXQdsOslmxGGn08NXManRw0uB+RJkFSac3tgP0H9fUNIBVX MT2hek6HlS9asCgYdwF4yQFK4pora06ZI10mo7Ys+gkLatfbPiidiwUHoi1nQI1MzVyY aA1tm+96P6ioH6/fXkRvSZ3pi0b87k0dy2j8qpAus7zBaj05WGzfYwGuwwipRMB24S8C jGXBSsCW3WYbGN3vTwdj27krhI0hC1J9v9G9HcijcKhN81fETOGYkm6CCj70BHfRM3k7 U4a2IPqh4+64bucSmMY6nrhGZNJ+jXQootaQ18Rw7DIhr6df90bXfwJFFe14Gk4+vfQk bwAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bOmSYmFw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j17si18906588pfn.278.2019.07.15.20.32.01; Mon, 15 Jul 2019 20:32:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bOmSYmFw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730443AbfGPDbn (ORCPT + 99 others); Mon, 15 Jul 2019 23:31:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:35964 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728256AbfGPDbm (ORCPT ); Mon, 15 Jul 2019 23:31:42 -0400 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 27CB02173C; Tue, 16 Jul 2019 03:31:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563247901; bh=nkLC7Do/0/ASx+htK3W0deCY/L7u52YvatK3PThzs1o=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=bOmSYmFwgJoFlxLXY0jcxork4cP46Hw0+GSfRe0St3ZR0NPWSU7OH04NHQzXB8AVq xC5enZlHYqatS/fVlSf/0vI5R8YiIYDxKt7mnew6O4KX/QKodKFpVFFPEwBC7jUGlV iUvYO2H5sEaclssF++r91+dLjJklm/J0ax/BT9Ms= Received: by mail-wm1-f49.google.com with SMTP id f17so17082235wme.2; Mon, 15 Jul 2019 20:31:41 -0700 (PDT) X-Gm-Message-State: APjAAAXliKszmJ6hJ/9tVDbjAKXJ1xkLVHVAGqCAj3j9UUCdGTQkB2Kp ZwdL2n8GtSsL3WuSpuZN7ovYbJKVA7EmSYY1Jlo= X-Received: by 2002:a7b:c212:: with SMTP id x18mr26821859wmi.77.1563247899662; Mon, 15 Jul 2019 20:31:39 -0700 (PDT) MIME-Version: 1.0 References: <20190321163623.20219-1-julien.grall@arm.com> <20190321163623.20219-12-julien.grall@arm.com> <0dfe120b-066a-2ac8-13bc-3f5a29e2caa3@arm.com> <20190621141606.GF18954@arrakis.emea.arm.com> <20190624153820.GH29120@arrakis.emea.arm.com> <20190701091711.GA21774@arrakis.emea.arm.com> In-Reply-To: <20190701091711.GA21774@arrakis.emea.arm.com> From: Guo Ren Date: Tue, 16 Jul 2019 11:31:27 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RFC 11/14] arm64: Move the ASID allocator code in a separate file To: Catalin Marinas Cc: Julien Grall , Linux Kernel Mailing List , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, aou@eecs.berkeley.edu, gary@garyguo.net, Atish Patra , hch@infradead.org, paul.walmsley@sifive.com, rppt@linux.ibm.com, linux-riscv@lists.infradead.org, Anup Patel , Palmer Dabbelt , suzuki.poulose@arm.com, Marc Zyngier , julien.thierry@arm.com, Will Deacon , christoffer.dall@arm.com, james.morse@arm.com, linux-csky@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Catalin, Thanks for sharing about CnP assid experience. See my comment below. On Mon, Jul 1, 2019 at 5:17 PM Catalin Marinas > From the ASID reservation/allocation perspective, the mechanism is the > same between multi-threaded with a shared TLB and multi-core. On arm64, > a local_flush_tlb_all() on a thread invalidates the TLB for the other > threads of the same core. > > The actual problem with multi-threaded CPUs is a lot more subtle. > Digging some internal email from 1.5 years ago and pasting it below > (where "current ASID algorithm" refers to the one prior to the fix and > CnP - Common Not Private - means shared TLBs on a multi-threaded CPU): > > > The current ASID roll-over algorithm allows for a small window where > active_asids for a CPU (P1) is different from the actual ASID in TTBR0. > This can lead to a roll-over on a different CPU (P2) allocating an ASID > (for a different task) which is still hardware-active on P1. > > A TLBI on a CPU (or a peer CPU with CnP) does not guarantee that all the > entries corresponding to a valid TTBRx are removed as they can still be > speculatively loaded immediately after TLBI. > > While having two different page tables with the same ASID on different > CPUs should be fine without CnP, it becomes problematic when CnP is > enabled: > > P1 P2 > -- -- > TTBR0.BADDR = T1 > TTBR0.ASID = A1 > check_and_switch_context(T2,A2) > asid_maps[P1] = A2 > goto fastpath > check_and_switch_context(T3,A0) > new_context > ASID roll-over allocates A1 > since it is not active > TLBI ALL > speculate TTBR0.ASID = A1 entry > TTBR0.BADDR = T3 > TTBR0.ASID = A1 > TTBR0.BADDR = T2 > TTBR0.ASID = A2 > > After this, the common TLB on P1 and P2 (CnP) contains entries > corresponding to the old T1 and A1. Task T3 using the same ASID A1 can > hit such entries. (T1,A1) will eventually be removed from the TLB on the > next context switch on P1 since tlb_flush_pending was set but this is > not guaranteed to happen. > > > The fix on arm64 (as part of 5ffdfaedfa0a - "arm64: mm: Support Common > Not Private translations") was to set the reserved TTBR0 in > check_and_switch_context(), preventing speculative loads into the TLB > being tagged with the wrong ASID. So this is specific to the ARM CPUs > behaviour w.r.t. speculative TLB loads, it may not be the case (yet) for > your architecture. The most important thing is that TLBI ALL occurs between "asid_maps[P1] = A2" and "TTBR0.BADDR = T2", then speculative execution after TLBI which access to user space code/data will result in a valid asid entry which re-filled into the TLB by PTW. A similar problem should exist if C-SKY ISA supports SMT. Although the C-SKY kernel prohibits the kernel from speculating on user space code directly, ld/st can access user space memory in csky kernel mode. Therefore, a similar problem occurs when it speculatively executes copy_from / to_user codes in that window. RISC-V ISA has a SUM setting bit that prevents the kernel from speculating access to user space. So this problem has been bypassed from the design. I saw arm64 to prevent speculation by temporarily setting TTBR0.el1 to a zero page table. Is that used to prevent speculative execution user space code or just prevent ld/st in copy_use_* ? -- Best Regards Guo Ren ML: https://lore.kernel.org/linux-csky/