From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2578C433EF for ; Thu, 27 Jan 2022 09:56:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 77C3D6B0071; Thu, 27 Jan 2022 04:56:04 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 72C906B0072; Thu, 27 Jan 2022 04:56:04 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 61B0E6B0075; Thu, 27 Jan 2022 04:56:04 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay028.a.hostedemail.com [64.99.140.28]) by kanga.kvack.org (Postfix) with ESMTP id 53DF76B0071 for ; Thu, 27 Jan 2022 04:56:04 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay11.hostedemail.com (Postfix) with ESMTP id 0F763802C0 for ; Thu, 27 Jan 2022 09:56:04 +0000 (UTC) X-FDA: 79075611048.03.F22906D Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf23.hostedemail.com (Postfix) with ESMTP id 47BC4140012 for ; Thu, 27 Jan 2022 09:56:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=O7zyVgxDozFmiHZoQV61cl7uW6jv9z1Nnl4RX0PNNzM=; b=CAZDyEIW1beCFmtp9vTAGjG23w I1BMY3znM1JmhUDKsZRiJt7P4EDeb/Pzk/wctVebbdbyemtqNVn9kmyBoo1SUTxfn0DM45Ni+OonS 4wfH9dx8n+vVYSJ6eMwizu9iMttVPZ75afuYoONShWJCgomCYRMGwIni4XsIKItrUIv9KwrNizQnx 4T3616drr9+fo36yGJeSFugQFjRHJA/pUPw1W4f5rHxRaiwkbw6xVH8xdVqFEQYNaUsg7nV2NLtG+ AXQPjw8/2vjonsvwh81dxVaCli1gedkyu3iItLEO9MHqgj1efdAPkgcESZR3rSypPjzbwkMejIRg+ kWZKb+cQ==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1nD1VL-0052ap-Rp; Thu, 27 Jan 2022 09:55:48 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 007EA3002C5; Thu, 27 Jan 2022 10:55:44 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id AA9392B383F57; Thu, 27 Jan 2022 10:55:44 +0100 (CET) Date: Thu, 27 Jan 2022 10:55:44 +0100 From: Peter Zijlstra To: Sean Christopherson Cc: mingo@redhat.com, tglx@linutronix.de, juri.lelli@redhat.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, bristot@redhat.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-api@vger.kernel.org, x86@kernel.org, pjt@google.com, posk@google.com, avagin@google.com, jannh@google.com, tdelisle@uwaterloo.ca, mark.rutland@arm.com, posk@posk.io Subject: Re: [RFC][PATCH v2 4/5] x86/uaccess: Implement unsafe_try_cmpxchg_user() Message-ID: References: <20220120155517.066795336@infradead.org> <20220120160822.852009966@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Stat-Signature: 8q1pq1w3aydywo7awqd1ubpfuypfp5c4 X-Rspam-User: nil Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=CAZDyEIW; spf=none (imf23.hostedemail.com: domain of peterz@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=peterz@infradead.org; dmarc=none X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 47BC4140012 X-HE-Tag: 1643277362-134529 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jan 27, 2022 at 02:17:20AM +0000, Sean Christopherson wrote: > On Thu, Jan 20, 2022, Peter Zijlstra wrote: > > Do try_cmpxchg() loops on userspace addresses. > > > > Cc: Sean Christopherson > > Signed-off-by: Peter Zijlstra (Intel) > > --- > > arch/x86/include/asm/uaccess.h | 67 +++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 67 insertions(+) > > > > --- a/arch/x86/include/asm/uaccess.h > > +++ b/arch/x86/include/asm/uaccess.h > > @@ -342,6 +342,24 @@ do { \ > > : [umem] "m" (__m(addr)) \ > > : : label) > > > > +#define __try_cmpxchg_user_asm(itype, ltype, _ptr, _pold, _new, label) ({ \ > > + bool success; \ > > + __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \ > > + __typeof__(*(_ptr)) __old = *_old; \ > > + __typeof__(*(_ptr)) __new = (_new); \ > > + asm_volatile_goto("\n" \ > > + "1: " LOCK_PREFIX "cmpxchg"itype" %[new], %[ptr]\n"\ > > + _ASM_EXTABLE_UA(1b, %l[label]) \ > > + : CC_OUT(z) (success), \ > > + [ptr] "+m" (*_ptr), \ > > + [old] "+a" (__old) \ > > + : [new] ltype (__new) \ > > + : "memory", "cc" \ > > IIUC, the "cc" clobber is unnecessary as CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y implies > __GCC_ASM_FLAG_OUTPUTS__=y, i.e. CC_OUT() will resolve to "=@cc". Yeah, even without that GCC always assumes 'cc' is clobbered due to hysterical raisins. > > + : label); \ > > + if (unlikely(!success)) \ > > + *_old = __old; \ > > + likely(success); }) > > + > > #else // !CONFIG_CC_HAS_ASM_GOTO_OUTPUT > > ... > > > +extern void __try_cmpxchg_user_wrong_size(void); > > + > > +#define unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label) ({ \ > > + __typeof__(*(_ptr)) __ret; \ > > This should probably be a bool, the return from the lower level helpers is a bool > that's true if the exchange succeed. Declaring the type of the target implies > that they return the raw result, which is confusing. Fair enough. > > + switch (sizeof(__ret)) { \ > > + case 1: __ret = __try_cmpxchg_user_asm("b", "q", \ > > + (_ptr), (_oldp), \ > > + (_nval), _label); \ > > + break; \ > > + case 2: __ret = __try_cmpxchg_user_asm("w", "r", \ > > + (_ptr), (_oldp), \ > > + (_nval), _label); \ > > + break; \ > > + case 4: __ret = __try_cmpxchg_user_asm("l", "r", \ > > + (_ptr), (_oldp), \ > > + (_nval), _label); \ > > + break; \ > > + case 8: __ret = __try_cmpxchg_user_asm("q", "r", \ > > + (_ptr), (_oldp), \ > > + (_nval), _label); \ > > Doh, I should have specified that KVM needs 8-byte CMPXCHG on 32-bit kernels due > to using it to atomically update guest PAE PTEs and LTR descriptors (yay). :-) I'm so trying to de-feature 32bit. > Also, KVM's use case isn't a tight loop, how gross would it be to add a slightly > less unsafe version that does __uaccess_begin_nospec()? KVM pre-checks the address > way ahead of time, so the access_ok() check can be omitted. Alternatively, KVM > could add its own macro, but that seems a little silly. E.g. somethign like this, > though I don't think this is correct (something is getting inverted somewhere and > the assembly output is a nightmare): > > /* "Returns" 0 on success, 1 on failure, -EFAULT if the access faults. */ > #define ___try_cmpxchg_user(_ptr, _oldp, _nval, _label) ({ \ > int ____ret = -EFAULT; \ > __uaccess_begin_nospec(); \ > ____ret = !unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label); \ > _label: \ > __uaccess_end(); \ > ____ret; \ > }) Works for me I suppose, but we really ought to keep usage of that in arch code. > Lastly, assuming I get my crap working, mind if I post a variant (Cc'd to stable@) in > the context of KVM series? Not at all.