Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2131019pxa; Mon, 3 Aug 2020 08:13:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzzjpYnBN8L9jgJk/T485zCwUOV/jt0us9XEwt6Ir6B0LtD5PsCQIlWXqqsd012jRr3V7vJ X-Received: by 2002:a17:906:b104:: with SMTP id u4mr17678697ejy.114.1596467611225; Mon, 03 Aug 2020 08:13:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596467611; cv=none; d=google.com; s=arc-20160816; b=CKfYMzIUJj+KANCeOyi0B1TNpv9IAeyjlwlB7txbiaErC5zhTVfLaJx1sY37X2/HHx UkHrdyEYK+XTQckKeLRZFumi5p42fsVU00bC4XLGDZM8PnBE5pB0bDx/DQcUp4WpXFMH 005LmZ4xc4aE7OXpYSxV6xCTxom7mO5w24W4pQkg+fUeH3IP1ZJsRvUdyiaEfYCy5760 Bk3jZi2MbKeSXNGpNlDdi24M0vpj9XcGhiUEOToOXFkMguiwsbaSGJk3dEhiOfg4z/nM cV9RPaOtSHlW1dsa6NUGq7uFeKcsc1CQPXux4jThJe25qtHUB8ylviCp2lG7WaI+VsJl 7Erw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=jwxDMl7PmDSjr83Si49DajOPQxtXFFnD3fHdNOcuimI=; b=Mk0UMyUZ+ogD1NNYbmooESQp3c9EcIRzGR/Mv2/yjgrdTtoG0vkEeHEUqU5Zk4KuSz t1i7CzkO97Os4Ssw6ZTf2PurfUDDsAD8WSkYy1Km4T9LnQMyOyrZjpc1rttZxhiJ25PG htnOEOu8+hGgx9QTeWmzJ+qvHIhS7uORd3RAZYCmmvn2R9Ec5Toj44pppxuE33AOsDgJ 5OHupXaRFbBjaJ7IWPzqRq7dbMXHWIIdxiAZeWJNyZ5nNNyX5fwijBj358JtPxg4Qs8n PpJsNwu++vETDdkZViig9B5nm/5oEO0PssVLetWJ3iISyLnDoAKdoWTFOVMM+StQCfiw FXXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="0/f4b8/0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h8si10786108ejd.623.2020.08.03.08.13.08; Mon, 03 Aug 2020 08:13:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="0/f4b8/0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726864AbgHCPMd (ORCPT + 99 others); Mon, 3 Aug 2020 11:12:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:51164 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725933AbgHCPMc (ORCPT ); Mon, 3 Aug 2020 11:12:32 -0400 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DE97722B40 for ; Mon, 3 Aug 2020 15:12:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596467551; bh=+PZ/awBxxRTMw2BeBwqmtU59rWiDwd7Tyrz4gbzxrPI=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=0/f4b8/09auXonUnapsGzATJEFpuQt2ckgRpCmNzlIVMXQHi1eCxGLxYavFmhfKvv C2kxNDkhIOpg/osZuSwpo2ywTRfz6bkY3OJF5UvfhxkmNadk37TFmqVfdZP/JvTFFM /K7KIaULvc0BVWY+ZzLoEBa6FS6F3JWY0TYN39T0= Received: by mail-wm1-f49.google.com with SMTP id q76so14564500wme.4 for ; Mon, 03 Aug 2020 08:12:31 -0700 (PDT) X-Gm-Message-State: AOAM5324jyo/DEeGK0SlU2/tL33fdmB41XcHQNJ/qJlWs2j4AnjfYv5L byFFkcn1dEKcnQNG8awxx4FStdQB67rmubGXgH4mXA== X-Received: by 2002:a1c:7e02:: with SMTP id z2mr436874wmc.138.1596467549637; Mon, 03 Aug 2020 08:12:29 -0700 (PDT) MIME-Version: 1.0 References: <1594684087-61184-1-git-send-email-fenghua.yu@intel.com> <1594684087-61184-13-git-send-email-fenghua.yu@intel.com> In-Reply-To: From: Andy Lutomirski Date: Mon, 3 Aug 2020 08:12:18 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v6 12/12] x86/traps: Fix up invalid PASID To: Dave Hansen Cc: Andy Lutomirski , Fenghua Yu , Thomas Gleixner , Joerg Roedel , Ingo Molnar , Borislav Petkov , Peter Zijlstra , H Peter Anvin , David Woodhouse , Lu Baolu , Felix Kuehling , Tony Luck , Jean-Philippe Brucker , Christoph Hellwig , Ashok Raj , Jacob Jun Pan , Dave Jiang , Sohil Mehta , Ravi V Shankar , linux-kernel , x86 , iommu , amd-gfx Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 3, 2020 at 8:03 AM Dave Hansen wrote: > > On 7/31/20 4:34 PM, Andy Lutomirski wrote: > >> Thomas suggested to provide a reason for the #GP caused by executing ENQCMD > >> without a valid PASID value programmed. #GP error codes are 16 bits and all > >> 16 bits are taken. Refer to SDM Vol 3, Chapter 16.13 for details. The other > >> choice was to reflect the error code in an MSR. ENQCMD can also cause #GP > >> when loading from the source operand, so its not fully comprehending all > >> the reasons. Rather than special case the ENQCMD, in future Intel may > >> choose a different fault mechanism for such cases if recovery is needed on > >> #GP. > > Decoding the user instruction is ugly and sets a bad architecture > > precedent, but we already do it in #GP for UMIP. So I'm unconvinced. > > I'll try to do one more bit of convincing. :) > > In the end, we need a way to figure out if the #GP was from a known "OK" > source that we can fix up. You're right that we could fire up the > instruction decoder to help answer that question. But, it (also) > doesn't easily yield a perfect answer as to the source of the #GP, it > always involves a user copy, and it's a larger code impact than what > we've got. > > I think I went and looked at fixup_umip_exception(), and compared it to > the alternative which is essentially just these three lines of code: > > > + /* > > + * If the current task already has a valid PASID in the MSR, > > + * the #GP must be for some other reason. > > + */ > > + if (current->has_valid_pasid) > > + return false; > ...> + /* Now the current task has a valid PASID in the MSR. */ > > + current->has_valid_pasid = 1; > > and *I* was convinced that instruction decoding wasn't worth it. > > There's a lot of stuff that fixup_umip_exception() does which we don't > have to duplicate, but it's going to be really hard to get it anywhere > near as compact as what we've got. > I could easily be convinced that the PASID fixup is so trivial and so obviously free of misfiring in a way that causes an infinite loop that this code is fine. But I think we first need to answer the bigger question of why we're doing a lazy fixup in the first place. --Andy