Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp1076382rdb; Fri, 16 Feb 2024 04:53:58 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW6BcVVFpHQQWft7TwllmGmay0io1KU/qEMV1xlCZ02xrq25RQzGv8UJdGl+Jwi95c5mcxzO62GrK+Xf56gnfXrqjzczL+Zx1whWK5lnQ== X-Google-Smtp-Source: AGHT+IFlFRBa3O5YRlDv1JzUZmzc0QniGfDT22wDVHhLOaDVEKiES9FuofxEX+Wo9DhzWG2IJeZS X-Received: by 2002:a17:90a:77c3:b0:298:c118:c3d1 with SMTP id e3-20020a17090a77c300b00298c118c3d1mr4627998pjs.22.1708088038440; Fri, 16 Feb 2024 04:53:58 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708088038; cv=pass; d=google.com; s=arc-20160816; b=mO/D8nlhRcTjW13vxt5vXtljxkqgmxCvB2tglTZfb5G5tnJbzXvQVI6VkMdnKiIiJz dbUBNfcrSFIeBxrrf+zb796hXlvh5CbzI9/w3jHgPBnPrAz8i8x/PHDw9U7MGQ96FOig Z5sDbg+a5bRDZ8I8subSrRefN7OnpJKnbvwbr7jiGYPpNIVhCnNvGbMADA3kt/L7AUzD ytFcw52SA2W2BJtj9X8vCiNF80GHCfk/xfOn+/g4DC0GrAnkScwpgO4Mb6aGpSDVGtNF 1wc+zxjPAmLg05GRbpQS0cBElGHeIuxqMZ29uNq8H8gEu2fHu0Y3SHxmwPZawP43Z++h ed3A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=BJXdNuzo8P7/zeszA33GbZT3/aKVRR8dUrhRaauc/g4=; fh=c/03A4aPz1gk/+3F0++83wBLTcimRvi6MJMJ4yXDK9I=; b=ap0dXUtJn/n+h5hb+B/uNBcnO5xjN1utVTWOn/PH/luo1wGyg13UByHXRMz0DsoMeq +9XtCgOuqyPP9iFeF6pu89V3wdFF9yweVs5wCgC9eEo+Aj44zilUiQnOJTC1Fz8iIBbc 3O88CH+gUUmRXRcbVvUOrbHfE6Yd5oJMmHPtqMjZew/wJKq/T3lE/bFVA3XAG7Sa3Xy8 6unHcM770Npsl9dspH8tJ/7CIz5YLbVM+KL3wlp2PGBJziusTvgihE2dsfDqqKWEgF6O JNcVYRNY5VFEl7mcyR4asGrYzD5rB72pa+CqWOD1E5TPiQSlRHWDcIWl+V8YbsyPrKzN vS6Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-68598-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-68598-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id se7-20020a17090b518700b00296a6604850si3080142pjb.169.2024.02.16.04.53.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Feb 2024 04:53:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-68598-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-68598-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-68598-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 262802863F7 for ; Fri, 16 Feb 2024 12:53:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A79DC1292CE; Fri, 16 Feb 2024 12:53:52 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 89BB1266D4 for ; Fri, 16 Feb 2024 12:53:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708088032; cv=none; b=d7VSqGPsDySiz44BZWrTDVQM+ElL/qEvMluUCxYAZZB0+CDnxtsSsjLlTcmtW1pDlG/K5EONZeSuFMdLMYZVtm0KNCBumkqkTSMEvEUIDMlHn+RcItwFn7vvHgoPW0sovgZ1f2s/ElAKvDHVP3IITnSog1Q9V5H4Ok4CHa1bnXQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708088032; c=relaxed/simple; bh=mV6JG5hlmFUbjPCFGu48elR++qZ+JbleSdHSN+R7JFg=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=RiGvn0fIB3TVsgkWzTufYjQc8u7Gv6yl2wPoPoaHg0s0HwmZzYHirlM0BlvsObKy0P2cP9NI2MmThUWCyaV+EVBpB1UXLSj2FilWD3ZoYsAq4qsTiqlCJOepZFVTX8o+vbsIk2d278xTeMAMJDUIbbOHePV49dOKAwYf4FA4wn0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 55182DA7; Fri, 16 Feb 2024 04:54:29 -0800 (PST) Received: from [192.168.68.110] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5AEF53F766; Fri, 16 Feb 2024 04:53:44 -0800 (PST) Message-ID: <892caa6a-e4fe-4009-aa33-0570526961c5@arm.com> Date: Fri, 16 Feb 2024 12:53:43 +0000 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v6 12/18] arm64/mm: Wire up PTE_CONT for user mappings Content-Language: en-GB To: Catalin Marinas Cc: Will Deacon , Ard Biesheuvel , Marc Zyngier , James Morse , Andrey Ryabinin , Andrew Morton , Matthew Wilcox , Mark Rutland , David Hildenbrand , Kefeng Wang , John Hubbard , Zi Yan , Barry Song <21cnbao@gmail.com>, Alistair Popple , Yang Shi , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , linux-arm-kernel@lists.infradead.org, x86@kernel.org, linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org References: <20240215103205.2607016-1-ryan.roberts@arm.com> <20240215103205.2607016-13-ryan.roberts@arm.com> From: Ryan Roberts In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi Catalin, Thanks for the review! Comments below... On 16/02/2024 12:25, Catalin Marinas wrote: > On Thu, Feb 15, 2024 at 10:31:59AM +0000, Ryan Roberts wrote: >> arch/arm64/mm/contpte.c | 285 +++++++++++++++++++++++++++++++ > > Nitpick: I think most symbols in contpte.c can be EXPORT_SYMBOL_GPL(). > We don't expect them to be used by random out of tree modules. In fact, > do we expect them to end up in modules at all? Most seem to be called > from the core mm code. The problem is that the contpte_* symbols are called from the ptep_* inline functions. So where those inlines are called from modules, we need to make sure the contpte_* symbols are available. John Hubbard originally reported this problem against v1 and I enumerated all the drivers that call into the ptep_* inlines here: https://lore.kernel.org/linux-arm-kernel/b994ff89-1a1f-26ca-9479-b08c77f94be8@arm.com/#t So they definitely need to be exported. Perhaps we can tighten it to EXPORT_SYMBOL_GPL(), but I was being cautious as I didn't want to break anything out-of-tree. I'm not sure what the normal policy is? arm64 seems to use ~equal amounts of both. > >> +#define ptep_get_lockless ptep_get_lockless >> +static inline pte_t ptep_get_lockless(pte_t *ptep) >> +{ >> + pte_t pte = __ptep_get(ptep); >> + >> + if (likely(!pte_valid_cont(pte))) >> + return pte; >> + >> + return contpte_ptep_get_lockless(ptep); >> +} > [...] >> +pte_t contpte_ptep_get_lockless(pte_t *orig_ptep) >> +{ >> + /* >> + * Gather access/dirty bits, which may be populated in any of the ptes >> + * of the contig range. We may not be holding the PTL, so any contiguous >> + * range may be unfolded/modified/refolded under our feet. Therefore we >> + * ensure we read a _consistent_ contpte range by checking that all ptes >> + * in the range are valid and have CONT_PTE set, that all pfns are >> + * contiguous and that all pgprots are the same (ignoring access/dirty). >> + * If we find a pte that is not consistent, then we must be racing with >> + * an update so start again. If the target pte does not have CONT_PTE >> + * set then that is considered consistent on its own because it is not >> + * part of a contpte range. >> +*/ > > I can't get my head around this lockless API. Maybe it works fine (and > may have been discussed already) but we should document what the races > are, why it works, what the memory ordering requirements are. For > example, the generic (well, x86 PAE) ptep_get_lockless() only needs to > ensure that the low/high 32 bits of a pte are consistent and there are > some ordering rules on how these are updated. > > Does the arm64 implementation only need to be correct w.r.t. the > access/dirty bits? Since we can read orig_ptep atomically, I assume the > only other updates from unfolding would set the dirty/access bits. > >> + >> + pgprot_t orig_prot; >> + unsigned long pfn; >> + pte_t orig_pte; >> + pgprot_t prot; >> + pte_t *ptep; >> + pte_t pte; >> + int i; >> + >> +retry: >> + orig_pte = __ptep_get(orig_ptep); >> + >> + if (!pte_valid_cont(orig_pte)) >> + return orig_pte; >> + >> + orig_prot = pte_pgprot(pte_mkold(pte_mkclean(orig_pte))); >> + ptep = contpte_align_down(orig_ptep); >> + pfn = pte_pfn(orig_pte) - (orig_ptep - ptep); >> + >> + for (i = 0; i < CONT_PTES; i++, ptep++, pfn++) { >> + pte = __ptep_get(ptep); >> + prot = pte_pgprot(pte_mkold(pte_mkclean(pte))); > > We don't have any ordering guarantees in how the ptes in this range are > read or written in the contpte_set_ptes() and the fold/unfold functions. > We might not need them given all the other checks below but it's worth > adding a comment. > >> + >> + if (!pte_valid_cont(pte) || >> + pte_pfn(pte) != pfn || >> + pgprot_val(prot) != pgprot_val(orig_prot)) >> + goto retry; > > I think this also needs some comment. I get the !pte_valid_cont() check > to attempt retrying when racing with unfolding. Are the other checks > needed to detect re-folding with different protection or pfn? > >> + >> + if (pte_dirty(pte)) >> + orig_pte = pte_mkdirty(orig_pte); >> + >> + if (pte_young(pte)) >> + orig_pte = pte_mkyoung(orig_pte); >> + } > > After writing the comments above, I think I figured out that the whole > point of this loop is to check that the ptes in the contig range are > still consistent and the only variation allowed is the dirty/young > state to be passed to the orig_pte returned. The original pte may have > been updated by the time this loop finishes but I don't think it > matters, it wouldn't be any different than reading a single pte and > returning it while it is being updated. Correct. The pte can be updated at any time, before after or during the reads. That was always the case. But now we have to cope with a whole contpte block being repainted while we are reading it. So we are just checking to make sure that all the ptes that we read from the contpte block are consistent with eachother and therefore we can trust that the access/dirty bits we gathered are consistent. > > If you can make this easier to parse (in a few years time) with an > additional patch adding some more comments, that would be great. For > this patch: I already have a big block comment at the top, which was trying to explain it. Clearly not well enough though. I'll add more comments as a follow up patch when I get back from holiday. > > Reviewed-by: Catalin Marinas Thanks! >