From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1504C28B28 for ; Sat, 15 Mar 2025 12:36:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C7C2E280002; Sat, 15 Mar 2025 08:36:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C0388280001; Sat, 15 Mar 2025 08:36:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A888C280002; Sat, 15 Mar 2025 08:36:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 87DD4280001 for ; Sat, 15 Mar 2025 08:36:50 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 57392BA313 for ; Sat, 15 Mar 2025 12:36:50 +0000 (UTC) X-FDA: 83223734580.04.CD0CB41 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) by imf07.hostedemail.com (Postfix) with ESMTP id A9AAD40011 for ; Sat, 15 Mar 2025 12:36:47 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=alien8.de header.s=alien8 header.b=febno3Nf; spf=pass (imf07.hostedemail.com: domain of bp@alien8.de designates 65.109.113.108 as permitted sender) smtp.mailfrom=bp@alien8.de; dmarc=pass (policy=none) header.from=alien8.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742042208; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=no3h006TL8d+tZb6q5JHQ+7Etc+Dkicu7VnboW7pPiQ=; b=QHYwbX2xmbLxs+hnHtwVPF9zHXAAHfavVdsH9MHi9FfXbDfIer0DF7XevF/gYqjZfV0lD0 /I/c545wuiVmgsJQbvdI3PHFNnauoGhM1aJ9L+0yI6kS9du8VEPUn5gwTGv806BYxY0tpP 1L4ROzVjOdme1n31audYuz1ckBSk/fk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742042208; a=rsa-sha256; cv=none; b=q3tRnpDfIW5XH/NlRxs0Nj0VulYZ/+0tDQ6UMoznetCx5XCSPyrskw28TsPS0poeiZBcjh /dKKYObgmtOF3EXueDGFhdEYBXOzbLNy4H6YROMqm3D9vyxzjfjtuFi6HcUjkfPd1CmxZE xV2w/8Qwv+UzdECyVHiqOd//BfdSGSU= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=alien8.de header.s=alien8 header.b=febno3Nf; spf=pass (imf07.hostedemail.com: domain of bp@alien8.de designates 65.109.113.108 as permitted sender) smtp.mailfrom=bp@alien8.de; dmarc=pass (policy=none) header.from=alien8.de Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 2AB6740E023B; Sat, 15 Mar 2025 12:36:44 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oiQ0AIcHenPW; Sat, 15 Mar 2025 12:36:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1742042200; bh=no3h006TL8d+tZb6q5JHQ+7Etc+Dkicu7VnboW7pPiQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=febno3NfInG9kTLllv7hdm0+Z9EqW0/pQPleMXPOZIiYCzOZvIE+JmSsz9GJ1M0U3 IdPC9LBczQ/RwicKdYgROP1v0WkhskCgRIsHf8GLGKfMhp2YM4A0fYaf9h0vzF6PQ5 xTH8hqgOlJix7efCqcZac6hMQzFFop61gYILNc5G00CiMae/rEbgab1MFRzw0LPJHM Vh7WNDjW0vTsjx16G56RQmbf5cBQ9SNLvrEaQoN7hF/gU7QXxYd6+9f8FBRot67xw7 MNHaPUADBNU+afVjQhS/UHlM/w+H+xY+l+iWJU1XUsaFSTGsAdIIQZ/HeeU/LkQWJI ZO8EgMJuneWdb118m5cFcogUe6OczZZTKTDuu3fiLUaQQVaNSQEYY9f4CoBEIlSQ7L wuFvuCHmUglaAEhq1wWfvt/Y9HMKnB9okVuqIlnRlldj+EtAzjh6ok1T+t9lUO3KAg gadM+yA20p1hC5Pp+VKXV0HOjcIr7exPkGOB6ifz1Oq6wqInci3qKPIV9T+OGb7uFA Z1VSGm3gcSFt0NryxA7Fz/nlYgKFvfYCKsVqHg4G4cYKQrsp22Xc0c+9lgYhei26Ao PaIJJkQZ1eDb2F8Nt9JXlEnt6LnNyMlv50pWBvYyIMzYT1DzKe9Pj4ytwiQ1JJOCav 4nwQR/nKLcZ9aZkMxRl6ADX4= Received: from zn.tnic (pd95303ce.dip0.t-ipconnect.de [217.83.3.206]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 1B39E40E0196; Sat, 15 Mar 2025 12:36:28 +0000 (UTC) Date: Sat, 15 Mar 2025 13:36:21 +0100 From: Borislav Petkov To: Junaid Shahid Cc: Brendan Jackman , akpm@linux-foundation.org, dave.hansen@linux.intel.com, yosryahmed@google.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, peterz@infradead.org, seanjc@google.com, tglx@linutronix.de, x86@kernel.org Subject: Re: [PATCH RFC v2 03/29] mm: asi: Introduce ASI core API Message-ID: <20250315123621.GCZ9V0RWGFapbQNL1w@fat_crate.local> References: <20250227120607.GPZ8BVL2762we1j3uE@fat_crate.local> <20250228084355.2061899-1-jackmanb@google.com> <20250314131419.GJZ9Qrq8scAtDyBUcg@fat_crate.local> <5aa114f7-3efb-4dab-8579-cb9af4abd3c0@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <5aa114f7-3efb-4dab-8579-cb9af4abd3c0@google.com> X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: A9AAD40011 X-Stat-Signature: tjmhie439bjm51e7eqjmfbh83cey3iyi X-HE-Tag: 1742042207-684321 X-HE-Meta: U2FsdGVkX1+v1crbil3cAK40yKMStHo8qr4FXbgI2u62489XqpN8CQFAg9A3/pPRHm3ctSGdyYUlzW00AGsPyd2nv+BY/ulUy+rh1gGx7aeZfPAALCD1ChljjVkQ6nGPF2jQb4iQo6z/MYQ87CzKJlEvKyvzRgkLv/ruHQFILupWhlyuF5pSUMgVAcc10yxSEQ+QBKI9AWXKG4+fjp/iK1z85JTQWFjNdE0r/g0IN7/+sh8FPTq/wRPo9KArxRhLWlMrb7p3NK+q6MiUZC1kHsOODfpxh/Q0sjU26VpRF7J7g0uUdnBNLDOfRZXwVen60x4dQR7Fi2/ZTXIWi+QzZoFnuVhJm6U2UaOGvTaobnQNfw9bssfJIPvB9s+7P06ldPk+kT8UXv0Z57GEEVaW/inOGjQaK1Gq6qxp9cHe/F/+F945CY24wvCWlSES91bLV1WKEHH/f4a8WC3pOQ18BWBPx1OwCu5IjNJe1rw+IdBCZ7KlOaLvkxrYXvyVt0z1cirO8evly50jSTpNIGeoNOigUmdOzS5shgBTGaLkOuF982kexNyypF6TYFFfHSyjvSPXBygWppl2b0SCflR9BxC574OyeavJWEGqlRdr7ScdkG1eEnbwKwpFlSzIUmm25zf1aA+TiYWe6QYJTje0cQMSYdptihnNCZ0lr1OlHbwjSD5N4V5J7Anip/pQI0YB8ACCefZQH7F12hkay0rN8/oE/Dgg00649NhfxWUSxDiSRowTd+sitXvfsGIzL2LYPiiCGVq2beIX5nxyV+PMBetPTBj1gTzXi/cWo0EjRER2UJe7XtJBR8sfZRnHKWDbamCVxyVyhSkB/zue7uZcTR7YQWIVNDXMnmhic51mQ89rqa7QWqlO3/b+AS0WVPpjcaGkishY2I08wS3G65hn4MaIKmYJvr+amMbSEJv6nYepH6g/3uFa393Mtc4Mrw0rvM0B+rdLdX6CNIf9slo b+AMWI7g KJeMdrmSbq9e1GIuMO9ytiLMBWGPakESXMRV4P4HgfDAgtVoraUNo/4MBpa7sRLDshHITMK+zLMahBtWSApDDTF+A1WmZW+SNVNwqLmemB+ZC4lfSOmrZOjyJYX3bV7oePKq5E3EOZGnBK0GVg/cmhmeu0QCrc8TX7rc2GX7lcILwYBB5v9yvpVSVuWn8WepIjbFbt+DbSt7PkQjgUyLSfudqai0VQB6LAAMDIio3tK2el1qlqw1/uGzeEd47cG9ptxKXiSiM7RjqNQMW9WglnPNwkQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.012155, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Mar 14, 2025 at 06:34:32PM -0700, Junaid Shahid wrote: > The reason this isn't a problem with the current asi_enter() is because > there the equivalent of asi_start_critical() happens _before_ the address > space switch. That ensures that even if an NMI arrives in the middle of > asi_enter(), the NMI epilog will switch to the restricted address space and > there is no window where an NMI (or any other interrupt/exception for that > matter) would result in going into vmenter with an unrestricted address > space. Aha. > So > asi_enter(); > asi_start_critical(); > vmenter(); > asi_end_critical(); > > is broken as there is a problematic window between asi_enter() and > asi_start_critical() as Brendan pointed out. > > However, > asi_start_critical(); > asi_enter(); > vmenter(); > asi_end_critical(); > > would work perfectly fine. > > Perhaps that might be the way to refactor the API? Ok, let's see if I understand the API better now. And I'm using function names which say what they do: I guess the flow and needed ingredients should be: 1. asi_lock() or asi_start() or whatnot which does that atomic switch of asi target. That tells other code like the NMI glue where in the asi context the CPU is so that glue code can know what to do on return 2. asi_switch_address_space() - the expensive pagetables build and CR3 switch 3. asi_enter_critical_region() - this could be NOP but basically marks the beginning of the CPU executing "unsafe" code <... executes unsafe code... > 4. asi_exit_critical_region() - sets ASI target to NULL, i.e., what asi_relax) does now. This also atomic and tells other code, we're done with executing unsafe code but we're still running in the restricted address space. This here can go back to 3 as often as needed. 5. asi_switch_address_space() - this goes back to the unrestricted adddress space 6. asi_unlock() Close? Btw, I should probably continue reviewing the rest and then we can circle back to this as then I'll have a fuller big picture. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette