Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp148855ybl; Tue, 27 Aug 2019 17:32:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqxgF+nW0m0x3IH930+ogNkQNs+W6V3zyMovZqEPftz+oJqQPTbkhMaYWcZEqd//jZmtRkqz X-Received: by 2002:a63:460c:: with SMTP id t12mr1054876pga.69.1566952367580; Tue, 27 Aug 2019 17:32:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566952367; cv=none; d=google.com; s=arc-20160816; b=JlcmqGwwkofL325fuDijZWNugI0zhVM1Ko827dAHtQ57IyL8T1wem3lovSTGXH/bXL 8hmvel1yDa0Vr25htuKL7pvV6HKfERPTssIej3dm/hn235yAMFVZUEMrxIXf/rP7lHEi pVKM3FiY07/2eJE9DzKVjPJu8lGzyHA1vfGuRU8l0SJS/LJchB8jRHvKyFuW2lr4xMsA Sxk8ZBeI8ga6UX2G66NLnV9X8BIk63lPj0wHi7BM459FPazA4WKcA/biO9TZHpsF+M75 wKEf+LBI81GCGQiqX5zmpYnC6TGUye//1yYXXKv47KWQJ6NZTAcoTH2jHJ6grF3dKozQ dttw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=4KrS08eDw/UeB0+lMMHynL5s3yGwkNdIqJOB+SjI+Ms=; b=FFXrfLDAb/3EwcMIuJuymUjXbnBNgBb500K+ZeJpLXNzTK1JmDXzENx9GzeWp3s5vQ BGs0n0OYLbyYZrWxxCTW5zpF6XSRj2+Y68Y/FDGYWlo3su97hqZsSEIS6qH4t2nTtCYk n7jqJ+NRkx0XS2sBd1Y/RAVuT9ZCznbiYuegSsAJFT22RGqaNji8ztO6xVtWcZzi1EmE nVhRl7XV48mOZ7pad9iD3sydz/7SaAAn5RfD6N5oBg+XhoF2o4wO4zuluyz7GZ9udzwY h2HBgc12gEvdV5VO6zrcQr2OUfLv9R/hRnsp8d1tzpSzHOundw8HE2COM/toDurmfD4c 8ezQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Pj+j/LXJ"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id em2si493884pjb.89.2019.08.27.17.32.31; Tue, 27 Aug 2019 17:32:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Pj+j/LXJ"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726371AbfH1AbJ (ORCPT + 99 others); Tue, 27 Aug 2019 20:31:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:38522 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725992AbfH1AbJ (ORCPT ); Tue, 27 Aug 2019 20:31:09 -0400 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1A515217F5 for ; Wed, 28 Aug 2019 00:31:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1566952268; bh=BR0pZLbQIT1rTcthV11Ydo8XbtZWD3t67vobTnuBzu0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Pj+j/LXJ0tQcVtx3+fCSns1B/tDuOvyTNL03Vgwea46NOP8FvNR56N/O8gNQvGm6s LEyRZAW7UwYHiYpzzVC3lYqkiRAq44I8T1ZSgTZoY1dNIqRRcI6VpOGiuHWav5l7bl +vn/Vt5j0PSkGUe9VSPrSt174GYkwVFGWlTVJB3M= Received: by mail-wm1-f43.google.com with SMTP id o184so88270wme.3 for ; Tue, 27 Aug 2019 17:31:08 -0700 (PDT) X-Gm-Message-State: APjAAAVeiZaZLMkUptl7UTT0LJ3fap1TZOcltPyKvIfX6cfs8Syh4MMT UsBXJEhmGOrVEa//yNhaeYdJupslZjSj4JyGcygKmg== X-Received: by 2002:a05:600c:22d7:: with SMTP id 23mr1161014wmg.0.1566952266642; Tue, 27 Aug 2019 17:31:06 -0700 (PDT) MIME-Version: 1.0 References: <20190823225248.15597-1-namit@vmware.com> <20190823225248.15597-3-namit@vmware.com> <154B90AD-7EC3-4B86-8061-D737A948A77C@vmware.com> In-Reply-To: <154B90AD-7EC3-4B86-8061-D737A948A77C@vmware.com> From: Andy Lutomirski Date: Tue, 27 Aug 2019 17:30:55 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2 2/3] x86/mm/tlb: Defer PTI flushes To: Nadav Amit Cc: Andy Lutomirski , Dave Hansen , X86 ML , LKML , Peter Zijlstra , Thomas Gleixner , Ingo Molnar Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 27, 2019 at 4:55 PM Nadav Amit wrote: > > > On Aug 27, 2019, at 4:13 PM, Andy Lutomirski wrote: > > > > On Fri, Aug 23, 2019 at 11:13 PM Nadav Amit wrote: > >> INVPCID is considerably slower than INVLPG of a single PTE. Using it to > >> flush the user page-tables when PTI is enabled therefore introduces > >> significant overhead. > >> > >> Instead, unless page-tables are released, it is possible to defer the > >> flushing of the user page-tables until the time the code returns to > >> userspace. These page tables are not in use, so deferring them is not a > >> security hazard. > > > > I agree and, in fact, I argued against ever using INVPCID in the > > original PTI code. > > > > However, I don't see what freeing page tables has to do with this. If > > the CPU can actually do speculative page walks based on the contents > > of non-current-PCID TLB entries, then we have major problems, since we > > don't actively flush the TLB for non-running mms at all. > > That was not my concern. > > > > > I suppose that, if we free a page table, then we can't activate the > > PCID by writing to CR3 before flushing things. But we can still defer > > the flush and just set the flush bit when we write to CR3. > > This was my concern. I can change the behavior so the code would flush the > whole TLB instead. I just tried not to change the existing behavior too > much. > We do this anyway if we don't have INVPCID_SINGLE, so it doesn't seem so bad to also do it if there's a freed page table.