Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp427911lqr; Wed, 5 Jun 2024 09:54:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXMIl5W5wffcwEmSkR+HRY1uHlR8ZD/AWAdSPrSpcYGXY4EmwVL0x1JTBmSBJYINwI1dGBKR9ffKbUz6wTqwe7fiUJDmmXZBVqBdEkGVQ== X-Google-Smtp-Source: AGHT+IHwojbA8iJddgIfVQ/cKcj1bYI5pTMN0HdC9yNPBZeHEivkVyHOi0UvYFnH971hN1XmJ9GS X-Received: by 2002:a17:902:e54f:b0:1f6:7fa4:e064 with SMTP id d9443c01a7336-1f6a5a83917mr37751055ad.61.1717606460589; Wed, 05 Jun 2024 09:54:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717606460; cv=pass; d=google.com; s=arc-20160816; b=CTN9rb2Rhup6UAjszDREPK/kKSB4MDcH37V0WinMmmo/z40ihvx44Nkp6FaDXJAgnV 2NyE1F089SMwsj/0HIvBT/9fO1gn+08JfaBnUPcB7/p4BR478t3R6weDVFp5KQxbZC6E KKl9XUojzXaCo4VZG3kHYE9JYd2X9PdW6L5rP3HPQP8BepfdFzWAJMgvowjVX5HyiLYL Yo/CyOzALZp9XasXmOdSQVtPWMMiOw08PyUIFXBaD/D6bxRtvJ/x8yfgKc1znKG7Aqzh entnMA4v5fRlcgGxqzpItuS/kXe7pWqy1ar+yQ5lH+slp9cJgSw1T7MsnkjV6nJ2Bbyn sEIg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=1oCaTbkgsSS0IoO1XktmcWesjJ6PAMp98u7gfXFr9L4=; fh=JzT/ol0Ox6RyaTPDQZgxdQTwhqWQI6QsAkqhm+cwAfc=; b=sUza+Tq0jY9xAiLoN0pM5N5HhxjQ++kjB75Z4TSpCxLv0LbLygbwotMAFoTM+bC6d0 nlQ2j4xqjBc27qWGdk84xmbK497gd9NDTYrr5/e6Pzn9mwSSWoh9PPDi5BiPUdwiGdML PLDsu4NgIz2VPuFdYsBeOQpm48QFPqFewoupPd9qKcZEOuRRE+Kt38GSmgAoxH9LFC1f eFxjT/W+XNrfS0laGPC/GbaLczTmJjPC703414422P+rsJHFHof9vOhsmAcik7ngdQKn J0zRCaK6b+4en8JwsvPxYdBH4y3sSPFm/vMsbqVoI6Wnt6EKqgSKKeRW/M+FV5qmtXzJ oV4w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-202933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-202933-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f6323de640si43069875ad.216.2024.06.05.09.54.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 09:54:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-202933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-202933-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-202933-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6FD08284C43 for ; Wed, 5 Jun 2024 16:54:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3E66618F2DD; Wed, 5 Jun 2024 16:54:11 +0000 (UTC) Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD6947345F for ; Wed, 5 Jun 2024 16:54:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717606450; cv=none; b=DffK0QJ1L8KO9mr1fxu4rsZDjj46LuK6h/ec47lwR37NBKGl85ypXbm4Ok3Gl3WBg8XlG7JRzaMQz6+5d7lUpH4LO5vbV82CzllOiDTxgp/yPcBu4y1y0OLWaSzVyRQxOIb8zVy3gZ7CCvtbtw50yr1ga7Lc5x9VsyNBwze1rLM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717606450; c=relaxed/simple; bh=5NmN1f2AEJh0LktXBNeCrn4tGKM2lNuoyxqsJBurtgE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=M/2dycl6dBbat4HimVNmwQcbFzlc8YyxrmrygIZsG8NjilbQW4ziItAQqq+ORvpwrRXqSQ7GEtujiz9JMWyMAHFIqslTe1JmP5d4CbS89nInhoex9HrN8E2LytsvyjhlI0GXZJEXwaYrzzpYszOLFCFDIGvuSZX0JrFg2iX5SuI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id EDA3DC2BD11; Wed, 5 Jun 2024 16:54:08 +0000 (UTC) Date: Wed, 5 Jun 2024 17:54:06 +0100 From: Catalin Marinas To: Yang Shi Cc: will@kernel.org, anshuman.khandual@arm.com, scott@os.amperecomputing.com, cl@gentwo.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [v3 PATCH] arm64: mm: force write fault for atomic RMW instructions Message-ID: References: <20240604171516.2361853-1-yang@os.amperecomputing.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240604171516.2361853-1-yang@os.amperecomputing.com> X-TUID: XjFmVvSYx6v7 On Tue, Jun 04, 2024 at 10:15:16AM -0700, Yang Shi wrote: > diff --git a/arch/arm64/include/asm/insn.h b/arch/arm64/include/asm/insn.h > index 8c0a36f72d6f..4e0aa6738579 100644 > --- a/arch/arm64/include/asm/insn.h > +++ b/arch/arm64/include/asm/insn.h > @@ -325,6 +325,7 @@ static __always_inline u32 aarch64_insn_get_##abbr##_value(void) \ > * "-" means "don't care" > */ > __AARCH64_INSN_FUNCS(class_branch_sys, 0x1c000000, 0x14000000) > +__AARCH64_INSN_FUNCS(class_atomic, 0x3b200c00, 0x38200000) > > __AARCH64_INSN_FUNCS(adr, 0x9F000000, 0x10000000) > __AARCH64_INSN_FUNCS(adrp, 0x9F000000, 0x90000000) > @@ -345,6 +346,7 @@ __AARCH64_INSN_FUNCS(ldeor, 0x3F20FC00, 0x38202000) > __AARCH64_INSN_FUNCS(ldset, 0x3F20FC00, 0x38203000) > __AARCH64_INSN_FUNCS(swp, 0x3F20FC00, 0x38208000) > __AARCH64_INSN_FUNCS(cas, 0x3FA07C00, 0x08A07C00) > +__AARCH64_INSN_FUNCS(casp, 0xBFA07C00, 0x08207C00) > __AARCH64_INSN_FUNCS(ldr_reg, 0x3FE0EC00, 0x38606800) > __AARCH64_INSN_FUNCS(signed_ldr_reg, 0X3FE0FC00, 0x38A0E800) > __AARCH64_INSN_FUNCS(ldr_imm, 0x3FC00000, 0x39400000) > @@ -549,6 +551,21 @@ static __always_inline bool aarch64_insn_uses_literal(u32 insn) > aarch64_insn_is_prfm_lit(insn); > } > > +static __always_inline bool aarch64_insn_is_class_cas(u32 insn) > +{ > + return aarch64_insn_is_cas(insn) || > + aarch64_insn_is_casp(insn); > +} > + > +/* Exclude unallocated atomic instructions and LD64B/LDAPR */ > +static __always_inline bool aarch64_atomic_insn_has_wr_perm(u32 insn) > +{ > + return (((insn & 0x3f207c00) == 0x38200000) | > + ((insn & 0x3f208c00) == 0x38200000) | > + ((insn & 0x7fe06c00) == 0x78202000) | > + ((insn & 0xbf204c00) == 0x38200000)); Please use the logical || instead of the bitwise operator. You can also remove the outer brackets. That said, the above is pretty opaque if we want to update it in the future. I have no idea how it was generated or whether it's correct. At least maybe add a comment on how you got to these masks and values. > diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c > index 8251e2fea9c7..1ed1b061ee8f 100644 > --- a/arch/arm64/mm/fault.c > +++ b/arch/arm64/mm/fault.c > @@ -519,6 +519,35 @@ static bool is_write_abort(unsigned long esr) > return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); > } > > +static bool is_el0_atomic_instr(struct pt_regs *regs) > +{ > + u32 insn; > + __le32 insn_le; > + unsigned long pc = instruction_pointer(regs); > + > + if (!user_mode(regs) || compat_user_mode(regs)) > + return false; > + > + pagefault_disable(); > + if (get_user(insn_le, (__le32 __user *)pc)) { > + pagefault_enable(); > + return false; > + } > + pagefault_enable(); > + > + insn = le32_to_cpu(insn_le); > + > + if (aarch64_insn_is_class_atomic(insn)) { > + if (aarch64_atomic_insn_has_wr_perm(insn)) > + return true; > + } Nitpick: if (aarch64_insn_is_class_atomic(insn) && aarch64_atomic_insn_has_wr_perm(insn)) return true; (less indentation) > @@ -557,6 +587,11 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, > /* It was write fault */ > vm_flags = VM_WRITE; > mm_flags |= FAULT_FLAG_WRITE; > + } else if (is_el0_atomic_instr(regs)) { > + /* Force write fault */ > + vm_flags = VM_WRITE; > + mm_flags |= FAULT_FLAG_WRITE; > + force_write = true; > } else { > /* It was read fault */ > vm_flags = VM_READ; > @@ -586,6 +621,14 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, > if (!vma) > goto lock_mmap; > > + /* vma flags don't allow write, undo force write */ > + if (force_write && !(vma->vm_flags & VM_WRITE)) { > + vm_flags |= VM_READ; > + if (!alternative_has_cap_unlikely(ARM64_HAS_EPAN)) > + vm_flags |= VM_EXEC; > + mm_flags &= ~FAULT_FLAG_WRITE; > + } Ah, this revert to the non-write flags doesn't look great as we basically duplicate the 'else' block in the original check. So, it probably look better as per your earlier patch to just do the instruction read just before the !(vma->vm_flags & flags) check, something like: if ((vma->vm_flags & VM_WRITE) && is_el0_atomic_instr(regs)) { vm_flags = VM_WRITE; mm_flags |= FAULT_FLAG_WRITE; } This way we also only read the instruction if the vma is writeable. I think it's fine to do this under the vma lock since we have pagefault_disable() for the insn read. -- Catalin