Received: by 10.223.164.202 with SMTP id h10csp611312wrb; Tue, 14 Nov 2017 06:55:34 -0800 (PST) X-Google-Smtp-Source: AGs4zMb8ULq6xroJU907ZqbIFFOAaMikMjOPMqiXhL0AA8gyy0hRi80aMjdv1J1q1fgMdqGCC8j2 X-Received: by 10.101.83.5 with SMTP id m5mr12363638pgq.350.1510671334436; Tue, 14 Nov 2017 06:55:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510671334; cv=none; d=google.com; s=arc-20160816; b=uxcVD0XApL/YU2nTbRb0J0Ma6eT4EuMG81gr17mJfUNO1MVMnsUCv+IsyoZOnIfmC/ 3LPpqbz9nFaoRq4+OvUjQMAnTmL73Tw2lfLd8zC0CyB249VGEyw0qd6Xq8XhQSXv76mY i54hpGARQcQBkJhq9qHUsRQroGy8pUKbvL42p+qJfLew2qtLzTx/vjDysqdx36SvfTMI s3isJm1LPKdhH117g2KLusQeZdTJljIO71B+KCbiGDHi2y9TrUKLV4uona0oPS6XJSBJ 9BYPXBf/Bs6IwRUCJTUw+h+aItw6VS66CEqt6gni5XAyMmZi/q8WelNbnLFPMBH87FJn VyAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :dkim-signature:arc-authentication-results; bh=kDEj57T/EV1tOyNuP1VYAD2W1AgeBXIuHPDQSxMLYdg=; b=ICsXABSiI3GSJy/IA+iRdQzkP3RF3X4/WSQfgCLJEGkZhqmq5xOy8eXmJRsuWXTa19 aBruXLudPBnfpB6y+tQ1gZ7tNBTZq9iamvaY7U8KYLGi5Xq6e80b9t+vC9uGshrQrSIh TGn2U/bBdWEu6MdZ3bwuq7fXan6NMT9MgWgrzdxG2t4TMazrRkxLKNBoTsBfWqZJms/e al85J399FLPAQLoVNqxrQGsbaa1nPC7KX6wwZ3AKz+IcjvuWoUR7Lwhmml4igZy7PjYz BYZOASxIdQzSz0E0N8aF51tjfQfGzWNeb3swHD3EOSHN9n77EyJLrtYybTgDBOh25w22 HQeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@scylladb-com.20150623.gappssmtp.com header.s=20150623 header.b=RQ3ze103; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p4si15966275pgc.227.2017.11.14.06.55.22; Tue, 14 Nov 2017 06:55:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@scylladb-com.20150623.gappssmtp.com header.s=20150623 header.b=RQ3ze103; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754683AbdKNOxu (ORCPT + 88 others); Tue, 14 Nov 2017 09:53:50 -0500 Received: from mail-wm0-f48.google.com ([74.125.82.48]:52493 "EHLO mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753869AbdKNOxl (ORCPT ); Tue, 14 Nov 2017 09:53:41 -0500 Received: by mail-wm0-f48.google.com with SMTP id t139so22594939wmt.1 for ; Tue, 14 Nov 2017 06:53:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=scylladb-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=kDEj57T/EV1tOyNuP1VYAD2W1AgeBXIuHPDQSxMLYdg=; b=RQ3ze103HWpvf5Z7npFakB+xnnEfvTQsC24zO6+YjwJ4O3WZpW/pEwo6+o7RGSgJti wjKDQ0yv4Nw1V0grNoTlMXIzOSMZUNAOArbd6M27eUhPAVWdcCFuQu2FsLIh+8rf1qeb N5FWdk4qzAFIzZoOvPfFWPhu+3wPP3qdLt9zTxtJjNrbONswO1lJqXszum0I4UA1jlTt ets/LEOTSlwPn5qP+MgIuHaRPZ5l6jg4R98U/RGmHKK8yfzydc5J90I1rLUL3KEQspXy mDfP7jbZbLqZeR6NLWvAVVYmc1IwEV+GSESmoexlkbPpcydF7WJHwg0EbFIC1jKm/4Ka Uj1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=kDEj57T/EV1tOyNuP1VYAD2W1AgeBXIuHPDQSxMLYdg=; b=W5+zKr423QYxkMmt9wniBdfWD7Y7l5Q6Ub87Fgs/FdpfHcy+ifdcW33mYNy4z7BRoM ZCND+kNNwYstz/J4w+hJZg5KCUYnypr+XZq/Rd0O1Tx2EmWoqxxK8Pzgjto4wbB+sA0s nO2MhU4MlIHlhLkRN+4rLib0RuKZkvhCxjOUvMRgXeqm+0mmO0ZQHAmNJmfd/71XMmPP +cZRPdlqC8aHmZDLgw6nedD7U1v72Z82ZbSB10SU7HyDsjr84I+qoI0vEu4AJAL6t/0M o05/+nSXQVmCT/0/hS1OtMdO3DlApCrO8U3dbWXhqRDVzUKEa6HEZPmPTePX2TZqN+5o PEJA== X-Gm-Message-State: AJaThX5jG7rZb8PmjvY4TZ6h2ax3AYXd0CG1Pz4fMpSyO93GzKvKiIT7 GjEDRkPjzTZ2LnWPmgphVOhPYw== X-Received: by 10.80.245.7 with SMTP id t7mr18083945edm.71.1510671220293; Tue, 14 Nov 2017 06:53:40 -0800 (PST) Received: from avi.cloudius-systems.com ([77.138.249.123]) by smtp.gmail.com with ESMTPSA id c5sm15902748edd.38.2017.11.14.06.53.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Nov 2017 06:53:38 -0800 (PST) Subject: Re: [RFC PATCH 0/2] x86: Fix missing core serialization on migration To: Mathieu Desnoyers , Linus Torvalds Cc: Andy Lutomirski , linux-kernel , linux-api , Peter Zijlstra , "Paul E. McKenney" , Boqun Feng , Andrew Hunter , maged michael , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , Dave Watson , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Andrea Parri , "Russell King, ARM Linux" , Greg Hackmann , Will Deacon , David Sehr , x86 References: <20171110211249.10742-1-mathieu.desnoyers@efficios.com> <885227610.13045.1510351034488.JavaMail.zimbra@efficios.com> <617343212.13932.1510592207202.JavaMail.zimbra@efficios.com> From: Avi Kivity Organization: ScyllaDB Message-ID: <4d47fbb8-8f99-19d3-a9cf-66841aeffac3@scylladb.com> Date: Tue, 14 Nov 2017 16:53:34 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <617343212.13932.1510592207202.JavaMail.zimbra@efficios.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/13/2017 06:56 PM, Mathieu Desnoyers wrote: > ----- On Nov 10, 2017, at 4:57 PM, Mathieu Desnoyers mathieu.desnoyers@efficios.com wrote: > >> ----- On Nov 10, 2017, at 4:36 PM, Linus Torvalds torvalds@linux-foundation.org >> wrote: >> >>> On Fri, Nov 10, 2017 at 1:12 PM, Mathieu Desnoyers >>> wrote: >>>> x86 can return to user-space through sysexit and sysretq, which are not >>>> core serializing. This breaks expectations from user-space about >>>> sequential consistency from a single-threaded self-modifying program >>>> point of view in specific migration patterns. >>>> >>>> Feedback is welcome, >>> We should check with Intel. I would actually be surprised if the I$ >>> can be out of sync with the D$ after a sysretq. It would actually >>> break things like "read code from disk" too in theory. >> That core serializing instruction is not that much about I$ vs D$ >> consistency, but rather about the processor speculatively executing code >> ahead of its retirement point. Ref. Intel Architecture Software Developer's >> Manual, Volume 3: System Programming. >> >> 7.1.3. "Handling Self- and Cross-Modifying Code": >> >> "The act of a processor writing data into a currently executing code segment >> with the intent of >> executing that data as code is called self-modifying code. Intel Architecture >> processors exhibit >> model-specific behavior when executing self-modified code, depending upon how >> far ahead of >> the current execution pointer the code has been modified. As processor >> architectures become >> more complex and start to speculatively execute code ahead of the retirement >> point (as in the P6 >> family processors), the rules regarding which code should execute, pre- or >> post-modification, >> become blurred. [...]" >> >> AFAIU, this core serializing instruction seems to be needed for use-cases of >> self-modifying code, but not for the initial load of a program from disk, >> as the processor has no way to have speculatively executed any of its >> instructions. > I figured out what you're pointing to: if exec() is executed by a previously > running thread, and there is no core serializing instruction between program > load and return to user-space, the kernel ends up acting like a JIT, indeed. I think that's safe. The kernel has to execute a MOV CR3 instruction before it can execute code loaded by exec, and that is a serializing instruction. Loading and unloading shared libraries is made safe by the IRET executed by page faults (loading) and TLB shootdown IPIs (unloading). Directly modifying code in userspace is unsafe if there is some non-coherent instruction cache. Instruction fetch and speculative execution are non-coherent, but they're probably too short (in current processors) to matter. Trace caches are probably large enough, but I don't know whether they are coherent or not. > > Therefore, we'd also need to invoke sync_core_before_usermode() after loading > the program. > > Let's wait to hear back from hpa, > > Thanks, > > Mathieu > > >> Hopefully hpa can tell us more about this, >> >> Thanks, >> >> Mathieu >> >> >> -- >> Mathieu Desnoyers >> EfficiOS Inc. >> http://www.efficios.com From 1583971920973624029@xxx Mon Nov 13 17:15:38 +0000 2017 X-GM-THRID: 1583715118317361483 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread