Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp10654699rwr; Fri, 12 May 2023 10:57:34 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7bByYU/f1UFFfui3aDTkcF7SIEO9CoeGDQ8Fg8nD8okfGDYVeVjRLEVQsoCCO72GPUKbq6 X-Received: by 2002:a17:902:c453:b0:1a7:a541:742a with SMTP id m19-20020a170902c45300b001a7a541742amr22101559plm.28.1683914254116; Fri, 12 May 2023 10:57:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683914254; cv=none; d=google.com; s=arc-20160816; b=vl5fymHh2U456m4wJ72XtxE+OauuLzDxQLkP6+Hq7kJ9ZBKg1awH9UEDbXNB40niwl wpul8PRwlqk1ZtQxfr+iiRcI3oYJus5dD85QYs4YTEqjjKcJlirARn+uGJCaploH3W/7 +egfTPWmg/YUIPQQFswF8Vsx3S0K6RxBJ5BlrdjV2J+Mpvklj4u9B720kj9qQ3eAi/S4 ejxsWIFh+/xXeCJ7VBxoaShB/C5QzpbsxTypxLT+0NLewl0hKWnGW0LO3WM5pgc/wgAo FB0OBVhCLCupLUEVi3z2v4ZuNUT2H8QBYjxAaJTdR+cudLF8nfXFLzyXBiGez+9KXeT3 id0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=d5M4G3x6pjn9gA22nZR1bGC5zDusbtDuWgpYlJ4OAUs=; b=Hsgn0gt9NC+An+dN/ntyhyv39m7Ctq9r6n6aHWvQlUaWd+Z9n9CXiKZjlVcGq2VDwx GhVVrAsi7UxidBe5MLRja7Fez+l8ZcEMr3o0xvisnvICkFjM2wzRRj+sqSy2kfvndqPb t9lc7xLbGOJIsow/nHsKTA38lVFYV4WoAna0hYWSXHTwji24jo2BDSY+SwnnTVYPG9mG KbhybW+NpwFOSjDeZYNdxpq453s66vSzMahvhiHvqhnljzb5xha0PxiZARzuD5Cdj7YB gwlxj80fn5GKVhc5lCP9E2abCvSkoTXrXbY+cQeFo5DrO2lCvVSzPlnU9Xfyyx3ac/63 Fb+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VaUl620n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k16-20020a170902ba9000b0019931c82e24si9419326pls.195.2023.05.12.10.57.22; Fri, 12 May 2023 10:57:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=VaUl620n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230443AbjELRet (ORCPT + 99 others); Fri, 12 May 2023 13:34:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231327AbjELRer (ORCPT ); Fri, 12 May 2023 13:34:47 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C7921B8 for ; Fri, 12 May 2023 10:34:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683912885; x=1715448885; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=X6PrQLh97GJM1/yvM4EvcbXGQcLYtbEvKbYtw8xZHHg=; b=VaUl620neakE/BJM8ETxbFPlnjOu/9TMKM9DHRF6Zl+ZHcNh1itZc2Td 3z+H3tJ8cwVBcFfZP36p5JO233LcAh23M9C5aCjl2nzA1+ILDiRKWfqjt 8fa2NJ2H4IDYkf195d5dgqjtbyN/zZ84UeWXThsKY57z+O1orCAGnd1/b UdEn5TezFOX1B+lp+l08+N7KqhibkyOERfAx/vF09Ou6NN7pWAanrHL8J k2F/R0M55/B2dB/mrnGclqmuhMCq0CDFnowXZJgDPf+EEUmRlDVQNh0Uo GPc1/k7ccIq+wc/r9j3VYwWXGIBF7O3WdSpRlyfR0+BFNEhiHfhVqbh0o w==; X-IronPort-AV: E=McAfee;i="6600,9927,10708"; a="353096932" X-IronPort-AV: E=Sophos;i="5.99,269,1677571200"; d="scan'208";a="353096932" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2023 10:34:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10708"; a="874467402" X-IronPort-AV: E=Sophos;i="5.99,269,1677571200"; d="scan'208";a="874467402" Received: from ohibbert-mobl1.amr.corp.intel.com (HELO [10.209.120.219]) ([10.209.120.219]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2023 10:34:17 -0700 Message-ID: <95c2e669-bce9-3dd5-e197-3faf816c4b45@intel.com> Date: Fri, 12 May 2023 10:34:17 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [GIT PULL] x86/shstk for 6.4 Content-Language: en-US To: Linus Torvalds Cc: "Edgecombe, Rick P" , "dave.hansen@linux.intel.com" , "keescook@chromium.org" , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "akpm@linux-foundation.org" References: <20230424212130.590684-1-dave.hansen@linux.intel.com> <4433c3595db23f7c779b69b222958151b69ddd70.camel@intel.com> <148b3edb-b056-11a0-1684-6273a4a2d39a@intel.com> <4171c4b0-e24b-a7e2-9928-030cc14f1d8d@intel.com> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/8/23 16:47, Linus Torvalds wrote: > - we would probably be *much* better off with a "if (mm->count == 1)" > test that goes off and does *not* do the atomic case (which also > doesn't have any worries about dirty bits). I'll take a well-predicted > conditional branch over an atomic op any day of the week Were you really thinking of mm->count==1, or did you mean mm->mm_users==1? I _think_ the only clue that things like ptrace() and kthread_use_mm() are poking around in the page tables is when mm->mm_users>1. They don't bump mm->count. Most mmget() (or get_task_mm()->atomic_inc(&mm->mm_users)) callers are obviously harmless for our purposes, like proc_pid_statm(). There are others like idxd_copy_cr()->copy_to_user() that are less obviously OK. They're OK if they fault during a fork() because the fault will end up stuck on mmap_read(mm) waiting for fork() to release its write. But the worry is if those kthread_use_mm() users *don't* fault: CPU-1 CPU-2 fork() // mm->mm_users==1 ptep_set_wrprotect() ^ non-atomic kthread_use_mm() // mm->mm_users==2 copy_to_user() // page walker sets Dirty=1 There's always a race there because mm->mm_users can always get bumped after the fork()er checks it. Is there something that fixes this race that I'm missing? We can probably do something more comprehensive to make sure that mm->mm_users isn't bumped during fork(), but it'll be a bit more complicated than just checking mm->mm_users in fork().