Received: by 2002:ab2:788f:0:b0:1ee:8f2e:70ae with SMTP id b15csp563126lqi; Thu, 7 Mar 2024 05:43:18 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUooYAVX+vwdDHDy90Xt4ecv3wShMiR1RWFZ5ZDRTZ0P6qwxyIewE9xBPd9a/3Tits7mXls+eeWuK/fRJe5NkzQPGMlgFs8IaKAC3v6sQ== X-Google-Smtp-Source: AGHT+IHcWdxdtjpKsglt+Zi4tti55mllumob/Jh1lkANPh6W0buglv7E4zPSnJdB8P93x5A6+ylZ X-Received: by 2002:a17:906:2b57:b0:a45:5dcc:bab with SMTP id b23-20020a1709062b5700b00a455dcc0babmr7262719ejg.73.1709818997893; Thu, 07 Mar 2024 05:43:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709818997; cv=pass; d=google.com; s=arc-20160816; b=gx12Jv8+NZLZd+wcteBBHsOHbzT5SCGypyDN8p6YJJxYEUvzGbTjWqsTL30NHSm79T guEBmhvhjpRvUCzUQYGA1QvyP8bXFkH9gOrd0ObAZJgOoP8zxXFzNu5YmpqVSSsbMv6p SyhvSO4ghrTAbcMog937eyOn3DtK/TqBREOLYqbD3G9IEy+OnGcKe7joUBPhfp3ta0s5 gB3moAULIO/mtgsvQkDFYNfnp63UStsVBnmSgEbq8mpe+PdQ9u6r5piqMjGjfY/h6oMJ 3G4wBjZEMfTB6aPZxX2MQ1vVaNibOl5jjlmKb5JzB2XR1HworHPhNCrsrI/Ids60yN5O t5VA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=MPmHpgEfpH39wv9P3N7+5I+Np9ZrrLnfHGs5cKPvN1A=; fh=aW47hHTEkknlq8o96VYeFlH3QH06SAV7gYWe2wCg00s=; b=MfAg3KqFxDl/TOE0ClbidQQpOjx+IntZBkcy04r0K0hGyMUb2mqP96gY3GwNYGifUJ 2b9MDaShR75U3XX8WZwleXpflauYu4RBQGEhAPNfNsxX7uKmf4aG3JcijtkwPirea51C 4RlqI1BCFypdcCjvaXGobKqNJYkWMSqBaCIBF6FEuUfggq9bjjFKWWuWS5gtV3weKEQ0 GgIdfjfl1AgBUzMcNLzKhkPdQ+vXVlr2RFoYXLF3a3DT/wz3dV03Z537uADS5NRypKfk IR+/yBOID/hq/9V6m4EcW+5G6o1yd09nTh3pAaBnZ7gRCYmluHrl1z4ofSpVnxeDDtax Z4Vw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=v2yoGAAJ; arc=pass (i=1 spf=pass spfdomain=flex--yosryahmed.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-95632-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-95632-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id r9-20020a170906c28900b00a4523024e1csi4116831ejz.476.2024.03.07.05.43.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 05:43:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-95632-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=v2yoGAAJ; arc=pass (i=1 spf=pass spfdomain=flex--yosryahmed.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-95632-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-95632-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3B1E71F214F8 for ; Thu, 7 Mar 2024 13:43:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 05050131E3C; Thu, 7 Mar 2024 13:39:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="v2yoGAAJ" Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F4E5130E2A for ; Thu, 7 Mar 2024 13:39:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709818764; cv=none; b=JtBt3y1TnWEvlFf1mVcjjLmnYRr9g9rhYuv+q9a/KiFJNlFSiYySFazHy2x93m0+ji+5xKfYKBqpXckN/sxzzLaSOWpBHInEOIZenIQtFco6JaOrGYvVlLa3IUmqgnrgDX09tfPDu0ES3K/iWGxKKWwRHZ5IZFthTFEzi4+nQ6s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709818764; c=relaxed/simple; bh=VPN+QZb9VZkKh5kItaUodUVreCEyz/HdCSJnkxIsnOo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MTpEPhqxM03zyyWFrRv2+x0Ljy8B71mdNM2O+0ANjmYHYxIgCFEmN4DcwyJwVTAymrHlFFOjZT9vBiGP7kAB2Zx7w35NE0SWremRXSNyKd6rIsXqkBQsSTThBq+iDmyQ9JpEE6qNDkLwyspSOWl5kr7zeldpJUWeeqks7MF57Wc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yosryahmed.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=v2yoGAAJ; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yosryahmed.bounces.google.com Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dc64e0fc7c8so1345041276.2 for ; Thu, 07 Mar 2024 05:39:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709818762; x=1710423562; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MPmHpgEfpH39wv9P3N7+5I+Np9ZrrLnfHGs5cKPvN1A=; b=v2yoGAAJ0qWegqFvuKBU3Ukuw0KMddfc2RLiiFghnSVF1e7kofSi+aRik/yaS+gS2H l2fbevK4Ux0VgzX7qiGxfgvFLDYE24mI4ACB92hLACB3XGDzofRa4FeG423kz2TVcKJN ZVI5I2sToySJEkygFFodB/g3sOcTzsTlg8FajcDfExbdK2uIi73MSQK/jdn0UA7WHq0l Pt0h9cBTjo8XmOlF8zeOr+dAHObsLORq95TLvX28J/Xsg7yxxQI/AFXXV37pf+jm+M2a rg9MjAJRLfZazr6a+yu4AhDa30NY+8IuaGwxt9DSqSrzc7iowtTPP/C6Xc2ztS8YvMq/ Qkug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709818762; x=1710423562; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MPmHpgEfpH39wv9P3N7+5I+Np9ZrrLnfHGs5cKPvN1A=; b=bQi9c1rWZDF89BNShRMh4s2JAVGk317DHkOhLGD0Xj6uF3kgpwVcXANMeCKeheA2ky TmIsBNiR8MAapI4kyPi2hJ93LIup27gNtLx1y229fCgP8+7vgiUaLA9jRlGXSBaol+Ub Yve8mMo5FuCoRx9RkH4kIphuwWJsyS22t1qPSHjUoYFKX2xLFVK7eQjvUjPYvDCLVq/0 DXPKSMjF3Ft2RAmM7HySfUJBDcUIjUBgxotoxDMigp6r/uMoe5hH5QqCLem0apqtCOeJ sBjumb+qYLafTgKb5ysXyBWUhPvsg/KhXnI/WC/hvSDmxSk49Hg+Tq7ycDu/W6ysDmxS nxbg== X-Forwarded-Encrypted: i=1; AJvYcCXiw2uFG8pWwRqiFqFQcFVIxi2N0Az7TO+BhSbKYPz/pAzYaP/7MG6EB/9e0h8icov6NdYuiySC7Kse0f+DYX5nd2cI1Xk8x83sBo5g X-Gm-Message-State: AOJu0YwIcPRJd09YJagvoG3m6uqz286DPLhyKVQzV/SlK5q7KUS5v/yO SUNpe3x1qejhTLYRmYHTqwmy0HsK1E6WD44N730kT5DB9eD1C2CJ63aVlfdNjgkff6Qm2SjD2M6 dD2cElJP8rvUsfmXCkg== X-Received: from yosry.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:29b4]) (user=yosryahmed job=sendgmr) by 2002:a05:6902:2183:b0:dcb:fb69:eadc with SMTP id dl3-20020a056902218300b00dcbfb69eadcmr781549ybb.6.1709818762290; Thu, 07 Mar 2024 05:39:22 -0800 (PST) Date: Thu, 7 Mar 2024 13:39:15 +0000 In-Reply-To: <20240307133916.3782068-1-yosryahmed@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240307133916.3782068-1-yosryahmed@google.com> X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240307133916.3782068-3-yosryahmed@google.com> Subject: [RFC PATCH 2/3] x86/mm: make sure LAM is up-to-date during context switching From: Yosry Ahmed To: Andrew Morton Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Peter Zijlstra , Andy Lutomirski , "Kirill A. Shutemov" , x86@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Yosry Ahmed Content-Type: text/plain; charset="UTF-8" During context switching, if we are not switching to new mm and no TLB flush is needed, we do not write CR3. However, it is possible that a user thread enables LAM while a kthread is running on a different CPU with the old LAM CR3 mask. If the kthread context switches into any thread of that user process, it may not write CR3 with the new LAM mask, which would cause the user thread to run with a misconfigured CR3 that disables LAM on the CPU. Fix this by making sure we write a new CR3 if LAM is not up-to-date. No problems were observed in practice, this was found by code inspection. Not that it is possible that mm->context.lam_cr3_mask changes throughout switch_mm_irqs_off(). But since LAM can only be enabled by a single-threaded process on its own behalf, in that case we cannot be switching to a user thread in that same process, we can only be switching to another kthread using the borrowed mm or a different user process, which should be fine. Fixes: 82721d8b25d7 ("x86/mm: Handle LAM on context switch") Signed-off-by: Yosry Ahmed --- arch/x86/mm/tlb.c | 50 ++++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 2975d3f89a5de..3610c23499085 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -503,11 +503,12 @@ void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next, { struct mm_struct *prev = this_cpu_read(cpu_tlbstate.loaded_mm); u16 prev_asid = this_cpu_read(cpu_tlbstate.loaded_mm_asid); + u64 cpu_tlb_gen = this_cpu_read(cpu_tlbstate.ctxs[prev_asid].tlb_gen); bool was_lazy = this_cpu_read(cpu_tlbstate_shared.is_lazy); + bool need_flush = false, need_lam_update = false; unsigned cpu = smp_processor_id(); unsigned long new_lam; u64 next_tlb_gen; - bool need_flush; u16 new_asid; /* We don't want flush_tlb_func() to run concurrently with us. */ @@ -570,32 +571,41 @@ void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next, !cpumask_test_cpu(cpu, mm_cpumask(next)))) cpumask_set_cpu(cpu, mm_cpumask(next)); + /* + * tlbstate_lam_cr3_mask() may be outdated if a different thread + * has enabled LAM while we were borrowing its mm on this CPU. + * Make sure we update CR3 in case we are switching to another + * thread in that process. + */ + if (tlbstate_lam_cr3_mask() != mm_lam_cr3_mask(next)) + need_lam_update = true; + /* * If the CPU is not in lazy TLB mode, we are just switching * from one thread in a process to another thread in the same * process. No TLB flush required. */ - if (!was_lazy) - return; + if (was_lazy) { + /* + * Read the tlb_gen to check whether a flush is needed. + * If the TLB is up to date, just use it. The barrier + * synchronizes with the tlb_gen increment in the TLB + * shootdown code. + */ + smp_mb(); + next_tlb_gen = atomic64_read(&next->context.tlb_gen); + if (cpu_tlb_gen < next_tlb_gen) { + /* + * TLB contents went out of date while we were + * in lazy mode. + */ + new_asid = prev_asid; + need_flush = true; + } + } - /* - * Read the tlb_gen to check whether a flush is needed. - * If the TLB is up to date, just use it. - * The barrier synchronizes with the tlb_gen increment in - * the TLB shootdown code. - */ - smp_mb(); - next_tlb_gen = atomic64_read(&next->context.tlb_gen); - if (this_cpu_read(cpu_tlbstate.ctxs[prev_asid].tlb_gen) == - next_tlb_gen) + if (!need_flush && !need_lam_update) return; - - /* - * TLB contents went out of date while we were in lazy - * mode. Fall through to the TLB switching code below. - */ - new_asid = prev_asid; - need_flush = true; } else { /* * Apply process to process speculation vulnerability -- 2.44.0.278.ge034bb2e1d-goog