Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp1691176pxb; Fri, 18 Feb 2022 13:16:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJxqDKSs/amR+nJ3klpomNUNmLc5D/Efw7KqVRVJQxvJAbPXBTsFkTL8FMZE+LIYHJLc+boL X-Received: by 2002:a17:902:6902:b0:14d:6aa4:f3f5 with SMTP id j2-20020a170902690200b0014d6aa4f3f5mr9248675plk.20.1645218974120; Fri, 18 Feb 2022 13:16:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645218974; cv=none; d=google.com; s=arc-20160816; b=Q2gGKyAJz5eZrBWFcEAsWJLc2dOTxuDwl+JGXxvuTfMjcMcUd6c+uthnSGpvEoU1mU fGvD0jR9ycxfuQwbom4m7VyyFS6288lxVVkCnfeXAsxC0l2Oo3KY63laKVbui/PpZEd1 fXSBomuBDL3b0tHCjAV0goauN2MBW1CpBecvgRtBMuLU2700x8V6eZuVLE6+O5MzgYDG ewA7T+ooM39meZXffdw4W3RKBi+5kHIiA33J+sp73IDxSJ1AfQeVxlHW8RC6oNZShRCm Mz3xWsO7d85HTsAXsD2FyPg3seH7B6KwomZ82WvoGTvIyVwpUEwJkdXo+eYg/8EyBu8P HjFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=EUjCGT2Up1ODyGLuzGSHlfNL4k2MqdOPfxbLK1XJDk0=; b=s8U/AZw/PlJs9jBXeSuLNhvFg6Qus/YcO5L47suQ9f+eoTc3cVlMW7Y9kjAbbFmYZG 9RI9+OgLYUtGF3X/xKvv4S5YYXx836zwwz+bNfVIa24T0YHNULcdcSWAVvgKDl6BTVYm pnntcqfV7axsz1OnMsGhRQq7D/HMyAVZTHriAnQ0Mcz3VqdcgLG0Q6Z1R3nDYG0iQu0+ d4DUpp09CANLR/E3w8V5AEKbGPdinbuFiFbUwUVZcxwNXkrVyaAe5lemsc9xfT9AS0UL D1Je2r+QCBNHFnoMh/WcUou+HupsQWKdClsqlouB8Ib8i3KeoDn8Y+oNlqjzUKoJqs1+ pV6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Cr3ZQ2wU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bc15si13371426pgb.604.2022.02.18.13.15.57; Fri, 18 Feb 2022 13:16:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Cr3ZQ2wU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238528AbiBRRZe (ORCPT + 99 others); Fri, 18 Feb 2022 12:25:34 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:49954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238526AbiBRRZa (ORCPT ); Fri, 18 Feb 2022 12:25:30 -0500 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62F022B6222 for ; Fri, 18 Feb 2022 09:25:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645205112; x=1676741112; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=5f5JDzLplFmvvlqdfeuY85FDd5GMFEphOULZXgLWA20=; b=Cr3ZQ2wUHaQmMGOb9mZHgBamIbODRpmb7PdZl48J07hhrRYgGhiJ7avf qAQsY/fU3hfAFUv3Ijb5BgVVZ+H6hYTAlLr6tY1sMBh1Uat8WJbtqrc/+ 2fmtKGM9nYscIxealgESfAcOweNgxWtn0CVTnh5G0CrpA6Od3Dghu6x7c 0E5GCL6LFVL37qJc2yWgQxQgvCRE7QS+cI4KWtCDc45bHIBxSBjXC8PBE aaeZB0+1m6/NohD7ttY67P7oaoNwEgvkvVjCcZwlc4XAG/L9UYyqajDyU x9vrfkJVnwVYGE0eeTMt30t28J/STUDUD67FzWEMY3gA39Fj6d8SmxZQA w==; X-IronPort-AV: E=McAfee;i="6200,9189,10262"; a="238574048" X-IronPort-AV: E=Sophos;i="5.88,379,1635231600"; d="scan'208";a="238574048" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2022 09:25:12 -0800 X-IronPort-AV: E=Sophos;i="5.88,379,1635231600"; d="scan'208";a="504067766" Received: from rabecker-mobl.amr.corp.intel.com (HELO localhost) ([10.212.87.237]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2022 09:25:11 -0800 Date: Fri, 18 Feb 2022 09:25:11 -0800 From: Ira Weiny To: Dave Hansen Cc: Dave Hansen , "H. Peter Anvin" , Dan Williams , Fenghua Yu , Rick Edgecombe , linux-kernel@vger.kernel.org Subject: Re: [PATCH V8 19/44] mm/pkeys: PKS Testing, add pks_mk_*() tests Message-ID: References: <20220127175505.851391-1-ira.weiny@intel.com> <20220127175505.851391-20-ira.weiny@intel.com> <00b87c5f-b4ed-7593-827c-0e1114b8b456@intel.com> <311ef2df-dd49-0711-aa8b-fa88a87ff196@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <311ef2df-dd49-0711-aa8b-fa88a87ff196@intel.com> X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 18, 2022 at 07:28:04AM -0800, Dave Hansen wrote: > On 2/17/22 21:34, Ira Weiny wrote: > > On Tue, Feb 01, 2022 at 09:45:03AM -0800, Dave Hansen wrote: > >> On 1/27/22 09:54, ira.weiny@intel.com wrote: > >>> bool pks_test_callback(void) > >>> { > >>> - return false; > >>> + bool armed = (test_armed_key != 0); > >>> + > >>> + if (armed) { > >>> + pks_mk_readwrite(test_armed_key); > >>> + fault_cnt++; > >>> + } > >>> + > >>> + return armed; > >>> +} > >> > >> Where's the locking for all this? I don't think we need anything fancy, > >> but is there anything preventing the test from being started from > >> multiple threads at the same time? I think a simple global test mutex > >> would probably suffice. > > > > Good idea. Generally I don't see that happening but it is good to be safe. > > I'm not sure what you mean. > > In the kernel, we always program as if userspace is out to get us. If > userspace can possibly do something to confuse the kernel, it will. It > might be malicious or incompetent, but it will happen. > > This isn't really a "good to be safe" kind of thing. Kernel code must > *be* safe. Yes > > >> Also, pks_test_callback() needs at least a comment or two about what > >> it's doing. > > > > The previous patch which adds this call in the fault handler contains the > > following comment which is in the final code: > > > > /* > > * pks_test_callback() is called by the fault handler to indicate it saw a pkey > > * fault. > > * > > * NOTE: The callback is responsible for clearing any condition which would > > * cause the fault to re-trigger. > > */ > > > > Would you like more comments within the function? > > Ahh, it just wasn't in the context. > > Looking at this again, I don't really like the name "callback" is almost > always a waste of bytes. Imagine this was named something like: > > pks_test_induced_fault(); > > ... and had a comment like: > > /* > * Ensure that the fault handler does not treat > * test-induced faults as actual errors. > */ Ok. At this point this may go away depending on how I resolve the ability to test all the keys. pks_test_callback() was critical for that feature without introducing a bunch of ugly test code in pks-keys.h and pkeys.c. > > >> Does this work if you have a test armed and then you get an unrelated > >> PKS fault on another CPU? I think this will disarm the test from the > >> unrelated thread. > > > > This code will detect a false fault. > > That's a bug that's going to get fixed, right? ;) Yep. Not sure how at the moment. Ira