Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1967791ybh; Tue, 14 Jul 2020 11:55:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw4SSqubzlevBNb7Lzy7HZAbdF/sq9chXsO9oy//wpsO1Vq6q2eI9DgDSOnd0eWgEA6cPjq X-Received: by 2002:a17:907:100a:: with SMTP id ox10mr5633214ejb.351.1594752914940; Tue, 14 Jul 2020 11:55:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594752914; cv=none; d=google.com; s=arc-20160816; b=qSzo7XSZAG1qywfux9c8rbOm68XdcJC/ONeLwzyoOjF2wnGmLPetZSF9vesTb7wkw+ K7GcxqHO5Cr7LhkfyZZPggFnOE+Ull9XeXtVRc9uLmeaf8b/X9PITaN1JEuTpTPsglDP +JE/EfdsasvwWCZh69k0xtewW3LSdiqkrHM76qBt8PlWFXIbbrJ7oBvFhKAteIOJCH3Q C/0zeuo0F8OzSz+3l2rEj164nrjjWnallMAlyl00FK8N9aqgNwbgWjx56zuTX9GZHw+d YEJZc8l/ElIvyRTPOGzFbu9UxnA/vsKJFgizQTzIcDMY+83iaTc7UN96YTLnsSUwgXDs ywDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=OI+9uQtVQWHJO/xFnxPayFVzvTKJBwHxD+3vWPtZ2OE=; b=sehwidiGF3Cc1BUaGG3WXQ9JzL9dDqNpf1KVauSORrd0wR8MDaEBjJrph9LgSZZrrG J333yKNow3hHBxYj9/L+d05xdLh5NXx3/D29EXlhrL/NibMvVCP5axHMJYSkln5reqzw zvrspNbdzxj3kHgtb/LXxkfqzFpnQger275llytx9qffqxMXXHxyl2v/pR01g4r/fwlB jy9P7K1UcBw5Mg44y4pJ8SYlZuQXL1aOcuP7MeuUxiiwpfH038K0RNOu2zOuRVeCsBgx f8olllmiUunwxDN0J5qOSu3L+FWxfadC3uSsikK9dsvVuoucZHVj0pElQqXqZgUnPVwq O6Ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e9si9874388ejj.498.2020.07.14.11.54.51; Tue, 14 Jul 2020 11:55:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730643AbgGNSxb (ORCPT + 99 others); Tue, 14 Jul 2020 14:53:31 -0400 Received: from mga14.intel.com ([192.55.52.115]:43539 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730626AbgGNSxY (ORCPT ); Tue, 14 Jul 2020 14:53:24 -0400 IronPort-SDR: 1fV2sjGxhfIIrmYdRIGsuPzZPRGWZ8Q7/l9/XE9GhF22y4AbDkhq/zODkTmJnsLY8r8J+dCiYr 7M4lYHM7d5Mg== X-IronPort-AV: E=McAfee;i="6000,8403,9682"; a="148142821" X-IronPort-AV: E=Sophos;i="5.75,352,1589266800"; d="scan'208";a="148142821" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2020 11:53:23 -0700 IronPort-SDR: K8KPclbMvzgCpNFSFhz9Nn0YwCcdCbQhJi73NeRnxAdxCClsbyjKHY02fk6MDlf/UteP15gYg8 6LDggwpzlYUQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,352,1589266800"; d="scan'208";a="307978346" Received: from iweiny-desk2.sc.intel.com ([10.3.52.147]) by fmsmga004.fm.intel.com with ESMTP; 14 Jul 2020 11:53:23 -0700 Date: Tue, 14 Jul 2020 11:53:22 -0700 From: Ira Weiny To: Peter Zijlstra Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Andy Lutomirski , Fenghua Yu , x86@kernel.org, Dave Hansen , Dan Williams , Vishal Verma , Andrew Morton , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: Re: [RFC PATCH 04/15] x86/pks: Preserve the PKRS MSR on context switch Message-ID: <20200714185322.GB3008823@iweiny-DESK2.sc.intel.com> References: <20200714070220.3500839-1-ira.weiny@intel.com> <20200714070220.3500839-5-ira.weiny@intel.com> <20200714082701.GO10769@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200714082701.GO10769@hirez.programming.kicks-ass.net> User-Agent: Mutt/1.11.1 (2018-12-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 14, 2020 at 10:27:01AM +0200, Peter Zijlstra wrote: > On Tue, Jul 14, 2020 at 12:02:09AM -0700, ira.weiny@intel.com wrote: > > From: Ira Weiny > > > > The PKRS MSR is defined as a per-core register. This isolates memory > > access by CPU. Unfortunately, the MSR is not preserved by XSAVE. > > Therefore, We must preserve the protections for individual tasks even if > > they are context switched out and placed on another cpu later. > > This is a contradiction and utter trainwreck. I don't understand where there is a contradiction? Perhaps I should have said the MSR is not XSAVE managed vs 'preserved'? > We're not going to do more > per-core MSRs and pretend they make sense per-task. I don't understand how this does not make sense. The PKRS register is controlling the task's access to kernel memory and is designed to be restricted to that task. Put another way, this is similar to CR3 which ultimately controls tasks memory access. Per-process mm is inherent to memory access control and is per-task. So how is this any different? Many MSRs are like this. I suppose an alternative might be to disallow a context switch while the PKRS value is not the default but I don't see this being very desirable at all. Ira