Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp2641041pxb; Mon, 6 Sep 2021 01:48:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwuBo6N5S1kRI83MH/LFTBxJBoWrtc0P2vX0p9sDN4r8eudfm9Q3GqpU/Xdm98TdtmrgkUm X-Received: by 2002:a05:6638:cd5:: with SMTP id e21mr9902041jak.97.1630918130384; Mon, 06 Sep 2021 01:48:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630918130; cv=none; d=google.com; s=arc-20160816; b=zuuk9OAs/OZDyLmSvgxGvIHNg0PIgTf2pnVDvM2nR6c/li3Txl289br5snOv+sC9Yk aoHcyC3Cwocibp17EElk4nIhi7ZzeGcXpDlPnzVXu/KzszTVxAap42bLUsy+U9PRjAbX mO7851dGp88s9YQcmNYyAsBRncEXAbmEWLdu0RmoUd1k+dCCkHk/cfrk+XBLtA85Ah4j xAt+1k5nXI4vmHNGpXBhBhu9FiUvJZGh17s1/QKDSCo22815y76hIQPIKY7H5Je4l+EU eZkyMASQASppx8fBzJlpavh7MHJByW/Hf4oKi4QLearp+xnBpV8esuz4RUX04UmNozap QccQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=e8m2bC8yMUjSy3yiHhbWSzwYDQSjkQB5ZzaG0ThcTIA=; b=xez1C9wKavkYiW5a4+cw+Vzk65iA305Lt+Xpd5YQO3Bmnl1vNk/+jxg/LBZeMNZHgO 9L8yveAmZjAaSF4qlPFUNlMwgmsfcjrGrDnCwOQxgWSN092xUc8acfrRtOPDRzlnLys+ SVFjMkUJCTPcVo4f3NwijesUZ4shDNK0mzSDAHvuItgYftojBRxC+62cnL9zFrMX7rZU c02Uc2ZUKJA04dWgkplelbXTQkZQZ+z3NBGTIsCW+rPXtZNaNDGBa5SieObjV6/3Qc3l 8OkMDWT8YLXjInYASdFErs9b1Z2C4LoyZ2tpeqWoh6B6qmXcB8R7m1lAyXi/JL13u5DP 8jlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JqP03wy8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q2si6324979jae.22.2021.09.06.01.48.37; Mon, 06 Sep 2021 01:48:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JqP03wy8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240251AbhIFHuv (ORCPT + 99 others); Mon, 6 Sep 2021 03:50:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:36980 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240232AbhIFHuu (ORCPT ); Mon, 6 Sep 2021 03:50:50 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id BFAF260F43 for ; Mon, 6 Sep 2021 07:49:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1630914585; bh=Gc0lprsv7w/okSpJYAt55fjl1xzEXuErDUTeV6+8RZ4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=JqP03wy8XTp7qDt1TgdOCzYKiph2r9C8s08SL+DZr0/Ssf56d7gjsvNFoitU8FIcK ttUIED0qi0nr1tE6fzWtStAVsAQWfNlJdz4nWl7DqJ88ywAtzWVL1qK6CN8USnVLRS GziyBcDGCB9M8SDb6JErMmJjd8tSrUuqsIcO+MAo+HSkukbC9s9WrvesnwYM1eJguB UBkgBTeOU8H3sWLkx3goAhleGOunGjpstAM0ahnBpny5xrdHeN3YBb24AI6i87J2Nq PPvMTXedZIq/TlgW5ZO3QxzPlD+i0BJ4wWtRHIBlcFQ1AookCd2DfJzU20lfktVpEm UIc8s7yxyCXEQ== Received: by mail-ot1-f54.google.com with SMTP id g66-20020a9d12c8000000b0051aeba607f1so7790950otg.11 for ; Mon, 06 Sep 2021 00:49:45 -0700 (PDT) X-Gm-Message-State: AOAM530LIx8Zisq64dQTEjlfkCWAv/0MPO3WONXKu9zAJdWMd+KkMh4Y s5kOnQyfjcc2ZBODp0Q2LJnKeUizZWLfsXpzAqI= X-Received: by 2002:a9d:12e2:: with SMTP id g89mr10172221otg.112.1630914585091; Mon, 06 Sep 2021 00:49:45 -0700 (PDT) MIME-Version: 1.0 References: <20210902155429.3987201-1-keithp@keithp.com> <20210904060908.1310204-1-keithp@keithp.com> <20210904060908.1310204-3-keithp@keithp.com> <8735qifcy6.fsf@keithp.com> In-Reply-To: <8735qifcy6.fsf@keithp.com> From: Ard Biesheuvel Date: Mon, 6 Sep 2021 09:49:33 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/3] ARM: Move thread_info into task_struct (v7 only) To: Keith Packard Cc: Linux Kernel Mailing List , Abbott Liu , Alexander Sverdlin , Andrew Morton , Anshuman Khandual , Arnd Bergmann , Bjorn Andersson , Florian Fainelli , Geert Uytterhoeven , Hartley Sweeten , Jens Axboe , Jian Cai , Joe Perches , Kees Cook , Krzysztof Kozlowski , Linus Walleij , Linux ARM , Manivannan Sadhasivam , Marc Zyngier , Masahiro Yamada , Miguel Ojeda , Mike Rapoport , Nathan Chancellor , Nick Desaulniers , Nicolas Pitre , Rob Herring , Russell King , Thomas Gleixner , =?UTF-8?Q?Uwe_Kleine=2DK=C3=B6nig?= , Valentin Schneider , Viresh Kumar , "Wolfram Sang (Renesas)" , YiFei Zhu Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 6 Sept 2021 at 08:14, Keith Packard wrote: > > Ard Biesheuvel writes: > > > c13 is not a register, it is a value in one of the dimensions of the > > ARM sysreg space, and probably covers other system registers that > > pre-v7 cores do implement. > > > Better to use its architectural name (TPIDRPRW) and clarify that > > pre-v6k/v7 cores simply don't implement it. > > Thanks, I'll reword the commit message > > > Could we split this up? > > I could split up the assembler macro changes which add a temporary > register to the calls getting the current thread_info/task_struct value? > If that would help get this reviewed, I'd be happy to do > that. Otherwise, it's pretty much all-or-nothing as enabling > THREAD_INFO_IN_TASK requires a bunch of synchronized changes. > Sure, so it is precisely for that reason that it is better to isolate changes that can be isolated. ... > >> +DECLARE_PER_CPU(struct task_struct *, current_task); > >> + > >> +static __always_inline struct task_struct *get_current(void) > >> +{ > >> + return raw_cpu_read(current_task); > > > > This needs to run with preemption disabled, or we might get migrated > > to another CPU halfway through, and produce the wrong result (i.e., > > the current task of the CPU we migrated from). However, it appears > > that manipulating the preempt count will create a circular dependency > > here. > > Yeah, I really don't understand the restrictions of this API well. Any > code fetching the current task pointer better not be subject to > preemption or that value will be stale at some point after it was > computed. Do you know if it could ever be run in a context allowing > preemption? All the time. 'current' essentially never changes value from the POV of code running in task context, so there is usually no reason to care about preemption/migration when referring to it. Using per-CPU variables is what creates the problem here. > > > > Instead of using a per-CPU variable for current, I think it might be > > better to borrow another system register (TPIDRURO or TPIDRURW) to > > carry 'current' when THREAD_INFO_IN_TASK is in effect, similar to how > > arm64 uses SP_EL0 - those registers could be preserved/restored in the > > entry/exit from/to user space paths rather than in the context switch > > path, and then be used any way we like while running in the kernel. > > Making sure these values don't leak through to user space somehow? I'm > not excited by that prospect at all. Moving the code that pokes the right user space value into these registers from the context switch patch to the user space exit path should be rather straight-forward, so I am not too concerned about security issues here (famous last words) > But, perhaps someone can help me > understand the conditions under which the current task value can be > computed where preemption was enabled and have that not be a problem for > the enclosing code? > In principle, it should be sufficient to run the per-CPU variable load sequence with preemption disabled. For instance, your asm version movw \dst, #:lower16:\sym movt \dst, #:upper16:\sym this_cpu_offset \tmp ldr \dst, [\dst, \tmp] must not be preempted and migrated right before the ldr instruction, because that would end up accessing another CPU's value for 'current'. However, the preempt_count itself is stored in thread_info as well, so I'm not sure there is a way we can safely disable preemption for this sequence to begin with, unless we run the above with interrupts disabled. Given that we are already relying on the MP extensions for this anyway, I personally think that using another thread ID register to carry 'current' is a reasonable approach as well, since it would also allow us to get per-task stack protector support into the compiler. But I would like to hear from some other folks on cc as well.