Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp548948rwb;
        Thu, 10 Nov 2022 04:35:30 -0800 (PST)
X-Google-Smtp-Source: AMsMyM6PPJy61FXaqdFMaHxS0wghM0B5RtDhhUJcc00o7FFDVeIJN016fqjTQLH5Au/LH3sEFVEK
X-Received: by 2002:a63:1058:0:b0:44f:a1cb:7eec with SMTP id 24-20020a631058000000b0044fa1cb7eecmr56304261pgq.117.1668083730352;
        Thu, 10 Nov 2022 04:35:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668083730; cv=none;
        d=google.com; s=arc-20160816;
        b=WKuXCSVqLF5fnd1hZuVIoZH2J1yj3JasZtOZutZtU3RGKUyKoymuKW8gkS2ezYvA98
         8G7akMAYK5U/QSyjSiKrscJPs+Tu9QcZ5VGMWJziCz8DnGNu5uGfC7uD92LMvSfdAnHj
         efB7CrUxfZ5I0FqwV5akjhMvTcyers+SJ+Jj0EKqijtL6rFybbo3/dXiB3gj1HCJmw0t
         soXkpVzPZjnCMSdjosDIDajfMa58JsSH6OXtSAXWy/thTgrLtVFCmiENpebUuX0xR+hr
         G73j12AAxSOQK36VZNI8w017jTtAIpMWK4QVQ5Kd4opJ/uPsubcip0KVHjRgERs4wpjT
         FsCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=eaj60XhHksiQ9AM7iHspuz5S2uvSkZsAYfL7U8i1Qm0=;
        b=iROZHK2LdUleEXrmmULSlra6a7MEUTTeT6ROEfvyaexH7QkovSp969J8E/0F/y643E
         0Euz8nUPztAsnDzuLO0Wi1YFM/mRUlVzF8kwNITCzYQZt5N6icwCkMRG5sUCug+fvPr5
         ITpuGpkovLKL1DEx75IXWv7UBeSYICAVoW+OA3BCTQy5CE+k34b2hyg4se5lFl+pi6tw
         UOK83cxt9tyNew1QazFl4FugNqA8nb4DGKuq+Sa9/R9OQhMAP1+bASxkJPkPhU5uQZy2
         c36UZAm0WvqCpCoJQ5+Q1k016V4FrfgAqqGRL1Gsd4JY6cAajrjGwNRsjG0RaxFXxWPa
         9DWg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id lx16-20020a17090b4b1000b00213cdfa8abasi4516773pjb.173.2022.11.10.04.35.17;
        Thu, 10 Nov 2022 04:35:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230469AbiKJMSk (ORCPT <rfc822;smith.dustin2017@gmail.com>
        + 93 others); Thu, 10 Nov 2022 07:18:40 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35832 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229560AbiKJMSi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Nov 2022 07:18:38 -0500
Received: from outbound-smtp27.blacknight.com (outbound-smtp27.blacknight.com [81.17.249.195])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42BCCBF5A
        for <linux-kernel@vger.kernel.org>; Thu, 10 Nov 2022 04:18:36 -0800 (PST)
Received: from mail.blacknight.com (pemlinmail02.blacknight.ie [81.17.254.11])
        by outbound-smtp27.blacknight.com (Postfix) with ESMTPS id ED845CAD79
        for <linux-kernel@vger.kernel.org>; Thu, 10 Nov 2022 12:18:33 +0000 (GMT)
Received: (qmail 18955 invoked from network); 10 Nov 2022 12:18:33 -0000
Received: from unknown (HELO techsingularity.net) (mgorman@techsingularity.net@[84.203.198.246])
  by 81.17.254.9 with ESMTPSA (AES256-SHA encrypted, authenticated); 10 Nov 2022 12:18:33 -0000
Date:   Thu, 10 Nov 2022 12:18:31 +0000
From:   Mel Gorman <mgorman@techsingularity.net>
To:     Thomas Gleixner <tglx@linutronix.de>
Cc:     "Chang S. Bae" <chang.seok.bae@intel.com>,
        Borislav Petkov <bp@suse.de>, Mike Galbraith <efault@gmx.de>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux-RT <linux-rt-users@vger.kernel.org>
Subject: Re: [RFC PATCH] x86: Drop fpregs lock before inheriting FPU
 permissions during clone
Message-ID: <20221110121831.ehke4sxsmlpl454e@techsingularity.net>
References: <20221109113044.7ncdw6263o3msycl@techsingularity.net>
 <87o7tg8584.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
In-Reply-To: <87o7tg8584.ffs@tglx>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Nov 09, 2022 at 05:25:47PM +0100, Thomas Gleixner wrote:
> On Wed, Nov 09 2022 at 11:30, Mel Gorman wrote:
> >    BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
> ...
> >   The splat comes from fpu_inherit_perms() being called under fpregs_lock(),
> >   and us reaching the spin_lock_irq() therein due to fpu_state_size_dynamic()
> >   returning true despite static key __fpu_state_size_dynamic having never
> >   been enabled.
> >
> > Mike's assessment looks correct. fpregs_lock on PREEMPT_RT disables
> > preemption only so the spin_lock_irq() in fpu_inherit_perms is unsafe
> > and converting siglock to raw spinlock would be an unwelcome change.
> > This problem exists since commit 9e798e9aa14c ("x86/fpu: Prepare fpu_clone()
> > for dynamically enabled features"). While the bug triggering is probably a
> > mistake for the affected machine and due to a bug that is not in mainline,
> > spin_lock_irq within a preempt_disable section on PREEMPT_RT is problematic.
> >
> > In this specific context, it may not be necessary to hold fpregs_lock at
> > all. The lock is necessary when editing the FPU registers or a tasks fpstate
> > but in this case, the only write of any FP state in fpu_inherit_perms is
> > for the new child which is not running yet so it cannot context switch or
> > be borrowed by a kernel thread yet. Hence, fpregs_lock is not protecting
> > anything in the new child until clone() completes. The siglock still needs
> > to be acquired by fpu_inherit_perms as the read of the parents permissions
> > has to be serialised.
> 
> That's correct and siglock is the real protection for the permissions.
> 
> > This is not tested as I did not access to a machine with Intel's
> > eXtended Feature Disable (XFD) feature that enables the relevant path
> > in fpu_inherit_perms and the bug is against a non-mainline kernel.
> 
> It's still entirely correct on mainline as there is no requirement to
> hold fpregs_lock in this case
> 
> > Reported-by: Mike Galbraith <efault@gmx.de>
> > Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
> 
> Reviewed-by: Thomas Gleixner <tglx@linutronix.de>

Perfect, I'll rephase the changelog slightly and resend without RFC and
all the x86 maintainers cc'd. Thanks Thomas!


-- 
Mel Gorman
SUSE Labs