Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2695560rdb; Wed, 4 Oct 2023 08:45:54 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHsPuO22NzCvSk2oXgRASustGbPEZlYXwilMmPTTLj/Mbxxm7EkLkKBBd1M4AYQ9L7QoNGu X-Received: by 2002:a05:6358:3182:b0:143:1063:d1eb with SMTP id q2-20020a056358318200b001431063d1ebmr3217699rwd.17.1696434354614; Wed, 04 Oct 2023 08:45:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696434354; cv=none; d=google.com; s=arc-20160816; b=d1CZ2rHy/lNVFXITBLgjoF4AO90/aKv0Fm2u1TNpB9vfMr4iOw9DQDsNXtNF6BW8sp K1wMy7oaKA7WIGmWICnudj0/cFJKNzprrarK796JbDkVjaK1a/FelLbknbELXj6wXmIj NUJyr+opf3U2ETlPHSzA+qfCsOMhtwokXOdCQ4xCk2eZFYU1eEVwLfc2vJSY9NPBp00/ spJsAg+JHwU3E5diX5jLjpWMecaNvy79WbpHGV9jaGNvyiFYyIxey3fxXM4mx8DLBGkN NdcADKkk69Kyfml3q9czghwe591KtvcE+X1XvV/Y/2gsJCSa5VSe53Cbb4DZohMUbirc Q7/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:message-id:organization :from:content-transfer-encoding:mime-version:date:references:subject :cc:to:dkim-signature; bh=+dExistAMo7LbnEA7WsJpwviSe6qzr8cDWePGZZqr5k=; fh=PyDTOu7I5kONiQp8h3+sBxf/BVglOAAFgWhURZ1sb+w=; b=ZcJ4gdwWgUDoknAJU5JmFkTO7AudqCgtj/uWTYf9mPtJvuheuQQAQqsC1Ibz9Ei++n TlW3W+jPq2DjxqSeOrGTWnQZxSYyU8B4TeLhBXk+33I4VpRJcEveKs0POm+/AJNCknRd OVutwkEvYBwSqj342tGYwlRDy0e3/1sTuFnLVVOy9jN+mL93J2xwr4r7Y9ZsZeyUEzzs etewJuElYQbq3hXBAglRd7TdPQRpTmEAyStA/jbtz4kGYyMawWa1e/hTHo6UsXMkl1cL etmNTgTg1sp56O0E5Z16z0aCD+dIOzBA8ndebAA1buAP9zysUxnwCW7uypmaLMCBm7Fl EqpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ffFJ1VyY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id z16-20020a656650000000b0054ff717395dsi3927147pgv.691.2023.10.04.08.45.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 08:45:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ffFJ1VyY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 65A9480740C5; Wed, 4 Oct 2023 08:45:44 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242973AbjJDPpS (ORCPT + 99 others); Wed, 4 Oct 2023 11:45:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233600AbjJDPpQ (ORCPT ); Wed, 4 Oct 2023 11:45:16 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5BF1ABF; Wed, 4 Oct 2023 08:45:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1696434312; x=1727970312; h=to:cc:subject:references:date:mime-version: content-transfer-encoding:from:message-id:in-reply-to; bh=R3WnGCcHkT1lyLmM5v4NwuNwkg5B7PuvL34RS8utXYc=; b=ffFJ1VyY30iJgxlT6itISvEMkhgihPIM4wW2ZOXqMmTc5wjdCA/gRERP YkjiZWruDmm1ZkCynPE99SjaY1MkJu2rLc5QqbRqRv/X/NCT94IweMPXU a5JwwC4n/6m3wYh20WjMK9L9rqKK/3n+znhJbtXaMkYIyvO9P71RRjZdM 8NgfOtHqx6zXy6rcXxRoskN/TOGLcJ0YrzouFcAK8qdttKAAU+MqWSCs1 IulwbNig9y0TtlKyFaUgB9EbojSGv4OorIyRXiNfwsP5KP/B+qgPQRjv8 Gji+TDwXfzq2r5QghyYHSRA4dAJydIVNljOcGn2y/KlDUpHLDQzEc4sP8 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10853"; a="382068935" X-IronPort-AV: E=Sophos;i="6.03,200,1694761200"; d="scan'208";a="382068935" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Oct 2023 08:45:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10853"; a="745027765" X-IronPort-AV: E=Sophos;i="6.03,200,1694761200"; d="scan'208";a="745027765" Received: from hhuan26-mobl.amr.corp.intel.com ([10.92.96.100]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA; 04 Oct 2023 08:45:09 -0700 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: "Jarkko Sakkinen" , dave.hansen@linux.intel.com, tj@kernel.org, linux-kernel@vger.kernel.org, linux-sgx@vger.kernel.org, x86@kernel.org, cgroups@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, sohil.mehta@intel.com Cc: zhiquan1.li@intel.com, kristen@linux.intel.com, seanjc@google.com, zhanb@microsoft.com, anakrish@microsoft.com, mikko.ylinen@linux.intel.com, yangjie@microsoft.com Subject: Re: [PATCH v5 01/18] cgroup/misc: Add per resource callbacks for CSS events References: <20230923030657.16148-1-haitao.huang@linux.intel.com> <20230923030657.16148-2-haitao.huang@linux.intel.com> Date: Wed, 04 Oct 2023 10:45:08 -0500 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Haitao Huang" Organization: Intel Message-ID: In-Reply-To: User-Agent: Opera Mail/1.0 (Win32) X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 04 Oct 2023 08:45:44 -0700 (PDT) Hi Jarkko On Mon, 02 Oct 2023 17:55:14 -0500, Jarkko Sakkinen wrote: ... >> > >> I noticed this one later: >> > >> >> > >> It would better to create a separate ops struct and declare the >> instance >> > >> as const at minimum. >> > >> >> > >> Then there is no need for dynamic assigment of ops and all that is >> in >> > >> rodata. This is improves both security and also allows static >> analysis >> > >> bit better. >> > >> >> > >> Now you have to dynamically trace the struct instance, e.g. in >> case of >> > >> a bug. If this one done, it would be already in the vmlinux. >> > >I.e. then in the driver you can have static const struct declaration >> > > with *all* pointers pre-assigned. >> > > >> > > Not sure if cgroups follows this or not but it is *objectively* >> > > better. Previous work is not always best possible work... >> > > >> > >> > IIUC, like vm_ops field in vma structs. Although function pointers in >> > vm_ops are assigned statically, but you still need dynamically assign >> > vm_ops for each instance of vma. >> > >> > So the code will look like this: >> > >> > if (parent_cg->res[i].misc_ops && parent_cg->res[i].misc_ops->alloc) >> > { >> > ... >> > } >> > >> > I don't see this is the pattern used in cgroups and no strong opinion >> > either way. >> > >> > TJ, do you have preference on this? >> >> I do have strong opinion on this. In the client side we want as much >> things declared statically as we can because it gives more tools for >> statical analysis. >> >> I don't want to see dynamic assignments in the SGX driver, when they >> are not actually needed, no matter things are done in cgroups. > > I.e. I don't really even care what crazy things cgroups subsystem > might do or not do. It's not my problem. > > All I care is that we *do not* have any use for assigning those > pointers at run-time. So do whatever you want with cgroups side > as long as this is not the case. > So I will update to something like following. Let me know if that's correct understanding. @tj, I'd appreciate for your input on whether this is acceptable from cgroups side. --- a/include/linux/misc_cgroup.h +++ b/include/linux/misc_cgroup.h @@ -31,22 +31,26 @@ struct misc_cg; #include +/* per resource callback ops */ +struct misc_operations_struct { + int (*alloc)(struct misc_cg *cg); + void (*free)(struct misc_cg *cg); + void (*max_write)(struct misc_cg *cg); +}; /** * struct misc_res: Per cgroup per misc type resource * @max: Maximum limit on the resource. * @usage: Current usage of the resource. * @events: Number of times, the resource limit exceeded. + * @priv: resource specific data. + * @misc_ops: resource specific operations. */ struct misc_res { u64 max; atomic64_t usage; atomic64_t events; void *priv; - - /* per resource callback ops */ - int (*alloc)(struct misc_cg *cg); - void (*free)(struct misc_cg *cg); - void (*max_write)(struct misc_cg *cg); + const struct misc_operations_struct *misc_ops; }; ... diff --git a/kernel/cgroup/misc.c b/kernel/cgroup/misc.c index 4633b8629e63..500415087643 100644 --- a/kernel/cgroup/misc.c +++ b/kernel/cgroup/misc.c @@ -277,8 +277,8 @@ static ssize_t misc_cg_max_write(struct kernfs_open_file *of, char *buf, if (READ_ONCE(misc_res_capacity[type])) { WRITE_ONCE(cg->res[type].max, max); - if (cg->res[type].max_write) - cg->res[type].max_write(cg); + if (cg->res[type].misc_ops && cg->res[type].misc_ops->max_write) + cg->res[type].misc_ops->max_write(cg); [skip other similar changes in misc.c] And on SGX side, it'll be updated like this: --- a/arch/x86/kernel/cpu/sgx/epc_cgroup.c +++ b/arch/x86/kernel/cpu/sgx/epc_cgroup.c @@ -376,6 +376,14 @@ static void sgx_epc_cgroup_max_write(struct misc_cg *cg) queue_work(sgx_epc_cg_wq, &rc.epc_cg->reclaim_work); } +static int sgx_epc_cgroup_alloc(struct misc_cg *cg); + +const struct misc_operations_struct sgx_epc_cgroup_ops = { + .alloc = sgx_epc_cgroup_alloc, + .free = sgx_epc_cgroup_free, + .max_write = sgx_epc_cgroup_max_write, +}; + static int sgx_epc_cgroup_alloc(struct misc_cg *cg) { struct sgx_epc_cgroup *epc_cg; @@ -386,12 +394,7 @@ static int sgx_epc_cgroup_alloc(struct misc_cg *cg) sgx_lru_init(&epc_cg->lru); INIT_WORK(&epc_cg->reclaim_work, sgx_epc_cgroup_reclaim_work_func); - cg->res[MISC_CG_RES_SGX_EPC].alloc = sgx_epc_cgroup_alloc; - cg->res[MISC_CG_RES_SGX_EPC].free = sgx_epc_cgroup_free; - cg->res[MISC_CG_RES_SGX_EPC].max_write = sgx_epc_cgroup_max_write; - cg->res[MISC_CG_RES_SGX_EPC].priv = epc_cg; - epc_cg->cg = cg; - + cg->res[MISC_CG_RES_SGX_EPC].misc_ops = &sgx_epc_cgroup_ops; return 0; } Thanks again to all of you for feedback. Haitao