From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36395C02183 for ; Fri, 17 Jan 2025 09:48:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 90FF16B0082; Fri, 17 Jan 2025 04:48:00 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 898F96B0088; Fri, 17 Jan 2025 04:48:00 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6EAB66B0089; Fri, 17 Jan 2025 04:48:00 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 4E5F56B0082 for ; Fri, 17 Jan 2025 04:48:00 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 082A3B1377 for ; Fri, 17 Jan 2025 09:48:00 +0000 (UTC) X-FDA: 83016467520.18.F03F2DA Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf23.hostedemail.com (Postfix) with ESMTP id A42DA140015 for ; Fri, 17 Jan 2025 09:47:57 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=DHBRYnQc; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf23.hostedemail.com: domain of vschneid@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=vschneid@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737107277; a=rsa-sha256; cv=none; b=lLos6Sc6bq2EzGyqn3wEyfR/Gw6oiihY9V+8tD9oTi6topyM/C1k82tx1NWtYkZofdMGEe ZbAE5bGi324v3TD7iJCNf0Fkl2goZB4S+xWNja/S/dVdt9dvswRIlEJOg5UMa3V+MvhPqu otGu9/Tv5oK27Rf7bXjjKDYzSJuA740= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=DHBRYnQc; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf23.hostedemail.com: domain of vschneid@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=vschneid@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1737107277; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VvR9KfuLK5jT/0k1YGBwcApH+9cF5PsvBxGMV+DYi4c=; b=RzJl0QfoYQa09dGJdCaBga6zVhRqWXzNw/n4dbvfVoktiiXI411t7w1nvZkPU0GTq0qlf0 nYmW/YWwJRu+lql1Hj7JGGYv1rmkpcfJZfUpn/nTC/jn9kWKSEBNaPdF9U/tWqmmY+X8/v YbmogCB6JztsQvZnsprrZsMCLxtpqVU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1737107277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=VvR9KfuLK5jT/0k1YGBwcApH+9cF5PsvBxGMV+DYi4c=; b=DHBRYnQclWBz29AczmtdH2psrHQWNAp2LDJjwl32uDPBUSGvi1VCdiDO7Zu95RYG4y3OpB 9Tebjf3WoGAbLJ64WOQ9vzSA4BycUOWy/bKAHOHksNptStG7BmNFug3JbEo5RGgIFyw1yE ZQ5x15X5d61OUrj/+AN5FwVAZ+jtRyE= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-22-rcxAmAILN7u6ZfitqgggMw-1; Fri, 17 Jan 2025 04:47:55 -0500 X-MC-Unique: rcxAmAILN7u6ZfitqgggMw-1 X-Mimecast-MFC-AGG-ID: rcxAmAILN7u6ZfitqgggMw Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-43623bf2a83so13472415e9.0 for ; Fri, 17 Jan 2025 01:47:54 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737107274; x=1737712074; h=mime-version:message-id:date:references:in-reply-to:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VvR9KfuLK5jT/0k1YGBwcApH+9cF5PsvBxGMV+DYi4c=; b=YHQVJbXr4EhLsKic5/FC8bw06LBNgoHIwj5hs0QGG/pbJpR5aBI1pDlmoBvqNUX1u+ BlF9FTEWQ8P5nl0qQgZWzm4ytBa1BEJEF3LWcb2hSyCI6DFPrdeltXz2vOS6Ni/Y8Pb7 SPM7vrs/nj30eO1BQOC5U0Xjz9nBuY0IpnS5tTNnKZpOBCQ2zXve8mAIIhok2/wXazHW hWzsPZXcXmaJNnVCSHPzGnlx0YzG+rDmx0XgzGpkhdSnEQffcYeRtk1INvdCp6Bje71X qNXuE1fXHA+cj+6XeA3Wf8LTBGMvLJL/FUIAaKEp3hg72WGCA5ojd1UCn040qoscNu5j g/hw== X-Forwarded-Encrypted: i=1; AJvYcCXX/mcgB2KDjIc7akG7jfHggxQ0XcD+4zrJdwS2Q9H5KuoO9ELnARpFfXYWRrGzVNXRGVXYaTXERQ==@kvack.org X-Gm-Message-State: AOJu0Ywt+6nFhocA0OmI1luF2xHxmGlmarSmETVeAHruSqDbjM/Z3+4e WKUejQkZNiUb4T2+Aqf2IEaCWyNBwNbP+djEjsvlUzJvwvYiMCiZPWtA+CAGNEpWTU+O5MTkJfi jHCgj/IP8xU06e/AdXfiVtzNIH4tevhU1vP0lpnV9ZZrnaeoD X-Gm-Gg: ASbGncsQmMFHxZh8WvgiXKpfYOV+IWiU2S5ue1nI5mF+04H+fMFVXfpNkZulzLvaSud 7kVW4E78AHIqy5iQzeVvdzdfo5GaV0bWFg6tu917BvcKF9PnbgG+S1M17yGGuBWGlzKSkf69bR6 hUBmFPUTiCMJLaSWS4yJYwDqaXstf/6DgrdysFmxzJpWABgdFVWOY8OPkC4Qh/nxfJh8AsvAsIe XvYmYoK3QNzLs3Z43HDjv1PLl1AIQ2t8OG7VV5mydzEG6kB9i4m42uD9C23ZP4Z1Nu4PP3Dwdv+ rWmyyFLgCNUwuvQnKWcYSdmB9AcENLmyZBQ46S9cTA== X-Received: by 2002:a05:600c:9a3:b0:434:fa73:a907 with SMTP id 5b1f17b1804b1-4389191b819mr16313635e9.13.1737107273762; Fri, 17 Jan 2025 01:47:53 -0800 (PST) X-Google-Smtp-Source: AGHT+IHToHDxXT5KMOIEW1byUZUSn/LchRidR5pJg2ZFHbUxu07B2Q/njknWrWkjTXhDYHkp8NfwWQ== X-Received: by 2002:a05:600c:9a3:b0:434:fa73:a907 with SMTP id 5b1f17b1804b1-4389191b819mr16313255e9.13.1737107273291; Fri, 17 Jan 2025 01:47:53 -0800 (PST) Received: from vschneid-thinkpadt14sgen2i.remote.csb (213-44-141-166.abo.bbox.fr. [213.44.141.166]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-438904131f5sm27135155e9.11.2025.01.17.01.47.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Jan 2025 01:47:52 -0800 (PST) From: Valentin Schneider To: Sean Christopherson Cc: linux-kernel@vger.kernel.org, x86@kernel.org, virtualization@lists.linux.dev, linux-arm-kernel@lists.infradead.org, loongarch@lists.linux.dev, linux-riscv@lists.infradead.org, linux-perf-users@vger.kernel.org, xen-devel@lists.xenproject.org, kvm@vger.kernel.org, linux-arch@vger.kernel.org, rcu@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, bpf@vger.kernel.org, bcm-kernel-feedback-list@broadcom.com, Peter Zijlstra , Nicolas Saenz Julienne , Juergen Gross , Ajay Kaher , Alexey Makhalov , Russell King , Catalin Marinas , Will Deacon , Huacai Chen , WANG Xuerui , Paul Walmsley , Palmer Dabbelt , Albert Ou , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Arnaldo Carvalho de Melo , Namhyung Kim , Mark Rutland , Alexander Shishkin , Jiri Olsa , Ian Rogers , Adrian Hunter , Kan Liang , Boris Ostrovsky , Josh Poimboeuf , Pawan Gupta , Paolo Bonzini , Andy Lutomirski , Arnd Bergmann , Frederic Weisbecker , "Paul E. McKenney" , Jason Baron , Steven Rostedt , Ard Biesheuvel , Neeraj Upadhyay , Joel Fernandes , Josh Triplett , Boqun Feng , Uladzislau Rezki , Mathieu Desnoyers , Lai Jiangshan , Zqiang , Juri Lelli , Clark Williams , Yair Podemsky , Tomas Glozar , Vincent Guittot , Dietmar Eggemann , Ben Segall , Mel Gorman , Kees Cook , Andrew Morton , Christoph Hellwig , Shuah Khan , Sami Tolvanen , Miguel Ojeda , Alice Ryhl , "Mike Rapoport (Microsoft)" , Samuel Holland , Rong Xu , Geert Uytterhoeven , Yosry Ahmed , "Kirill A. Shutemov" , "Masami Hiramatsu (Google)" , Jinghao Jia , Luis Chamberlain , Randy Dunlap , Tiezhu Yang Subject: Re: [PATCH v4 25/30] context_tracking,x86: Defer kernel text patching IPIs In-Reply-To: References: <20250114175143.81438-1-vschneid@redhat.com> <20250114175143.81438-26-vschneid@redhat.com> Date: Fri, 17 Jan 2025 10:47:49 +0100 Message-ID: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: M-hhJUoeNYoXkcIlmXfOEdUShvOj7Z_TWMnjrNL1OQk_1737107274 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: A42DA140015 X-Stat-Signature: bt13r3sokqfg6d5xsd31rdtaso7d1gnn X-HE-Tag: 1737107277-655421 X-HE-Meta: U2FsdGVkX1/JW/z1xh98N0X951QedFrgYBkU0no2uIrjSCmZvvuPBoxSUT+MmFNk7Vb1HQwTtxGmFy5Ju3Zd7vbCUPs/tLSQx8CBBJSkQXeN8e4deW6GFPsr1hTy5OHAiRybY3JH5REf7hIC8pUvcuVtiPa7OFLhRn+4GaW8kzPDFEToX5b7mVTWZmwIehzFZ9CQbM6i+euKGt8mrHi2FmXeix3on049gmG9uLgADzNpqhMKiyZxI9mnMuOHEL2kDIM99aAiC8KIGXHQyLNqc51m4pvox9VRHqP638cMgLWAgAbxZqL2UiDu5QzX3mzh4RJ3Vr8+d5GMad5RM8o64CLeXY2SpcOPGnyuzH4R7CYp46tNBw/XIQinuflqaBP0nndFfGKiN/1XVRWoNoxbwyL+4OsfuIKs1gSLtMypsjwMF4HjN+1z7HsLgFWAQGmysR3L1GJ89ncnF/vSlIGaH2jLfP9yD2j14IlcaikVIg4vqeWmdZzE8WCCqJuoRnQbYBLbSb1t205B5y5bhZWkJcTBRjbmjFrhmAwYvaFPvq63Jb3cUctm+uWztw4lG/BeiYxRRvcKnuJplO9uypLsQarHpIFdo/JzDFC6pm2VgH29smignMj2G3zL+R5MGDF0YosXVosOUf5qSEQhwyNo/dX9nB0c54Di4rwWg1wisErfPTR0VKXVI4Q8vNJur4Af7hCiju4K93MlgDtOemi8B7UTtFUMeTjxC4H1zeINKa3Y9cczacMkYk50nmTaYQr5BSwNJJSo7c27WOVsc7AEUYYvjTC8Hb+xijy9EgtD9QagBVL63SHmiCDqv8d4Sjaui8xK8i/Xl4vZAalSZ5KFdg6CQp2HZ4ZUSrfeexj7r6bg0tsWoaayrFa2ECMB5RJvE4F/VcYkp9ovC7U89se5Y5Zwp9ux1rpdH62+W/ZixQ8pxEZFgOio882yF+1Q2pXmMC4XUm+g9+ojxcUznZs hOksHuYn SuGvFTBPBENpdOveYb2WPsYU3xp5pIYLi0Iix1cvEqiuTvaz6tzTE1wH8hG3eua0/IvIfkXKJRH3YEbLKM7nB/kKnhcHq/3ONMB4EptK+SqUr5c2OKQwPIxdKUyt/xQedu9Qly57E7FI+lp+4zJV3cg1mQ//pVfoU1nNPwj6XZp5NZPAKIXl4f+cLmmBqaDCQnll1E8Uy1XgdWt5odeyBpdW7jbyBIcW+ByA59e9+PRchWg5j78otYncGj8kN0/kNFnVVwy23hSeWYxHJpeUdaSj24B/FpBRlDCaxcnmmEg86G9Pqovu7OIU5peiZA621sIJUOd3ztEWUWimNov7dzK4cQETcFu8bphRuleNEV6BcyOxYAX69ZlmQHcQ8lIc0iW4Ku1Gxl8WykqnlZyKiC535j9SDftpgZWEU5Wy+iQj8ixE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 14/01/25 13:13, Sean Christopherson wrote: > On Tue, Jan 14, 2025, Valentin Schneider wrote: >> text_poke_bp_batch() sends IPIs to all online CPUs to synchronize >> them vs the newly patched instruction. CPUs that are executing in userspace >> do not need this synchronization to happen immediately, and this is >> actually harmful interference for NOHZ_FULL CPUs. > > ... > >> This leaves us with static keys and static calls. > > ... > >> @@ -2317,11 +2334,20 @@ static void text_poke_bp_batch(struct text_poke_loc *tp, unsigned int nr_entries >> * First step: add a int3 trap to the address that will be patched. >> */ >> for (i = 0; i < nr_entries; i++) { >> - tp[i].old = *(u8 *)text_poke_addr(&tp[i]); >> - text_poke(text_poke_addr(&tp[i]), &int3, INT3_INSN_SIZE); >> + void *addr = text_poke_addr(&tp[i]); >> + >> + /* >> + * There's no safe way to defer IPIs for patching text in >> + * .noinstr, record whether there is at least one such poke. >> + */ >> + if (is_kernel_noinstr_text((unsigned long)addr)) >> + cond = NULL; > > Maybe pre-check "cond", especially if multiple ranges need to be checked? I.e. > > if (cond && is_kernel_noinstr_text(...)) >> + >> + tp[i].old = *((u8 *)addr); >> + text_poke(addr, &int3, INT3_INSN_SIZE); >> } >> >> - text_poke_sync(); >> + __text_poke_sync(cond); >> >> /* >> * Second step: update all but the first byte of the patched range. > > ... > >> +/** >> + * is_kernel_noinstr_text - checks if the pointer address is located in the >> + * .noinstr section >> + * >> + * @addr: address to check >> + * >> + * Returns: true if the address is located in .noinstr, false otherwise. >> + */ >> +static inline bool is_kernel_noinstr_text(unsigned long addr) >> +{ >> + return addr >= (unsigned long)__noinstr_text_start && >> + addr < (unsigned long)__noinstr_text_end; >> +} > > This doesn't do the right thing for modules, which matters because KVM can be > built as a module on x86, and because context tracking understands transitions > to GUEST mode, i.e. CPUs that are running in a KVM guest will be treated as not > being in the kernel, and thus will have IPIs deferred. If KVM uses a static key > or branch between guest_state_enter_irqoff() and guest_state_exit_irqoff(), the > patching code won't wait for CPUs to exit guest mode, i.e. KVM could theoretically > use the wrong static path. > AFAICT guest_state_{enter,exit}_irqoff() are only used in noinstr functions and thus such a static key usage should at the very least be caught and warned about by objtool - when this isn't built as a module. I never really thought about noinstr sections for modules; I can get objtool to warn about a non-noinstr allowed key being used in e.g. vmx_vcpu_enter_exit() just by feeding it the vmx.o: arch/x86/kvm/vmx/vmx.o: warning: objtool: vmx_vcpu_enter_exit.isra.0+0x0: dummykey: non-RO static key usage in noinstr ...but that requires removing a lot of code first because objtool stops earlier in its noinstr checks as it hits functions it doesn't have full information on, e.g. arch/x86/kvm/vmx/vmx.o: warning: objtool: vmx_vcpu_enter_exit+0x21c: call to __ct_user_enter() leaves .noinstr.text section __ct_user_enter() *is* noinstr, but you don't get that from just the header prototype. > I don't expect this to ever cause problems in practice, because patching code in > KVM's VM-Enter/VM-Exit path that has *functional* implications, while CPUs are > actively running guest code, would be all kinds of crazy. But I do think we > should plug the hole. > > If this issue is unique to KVM, i.e. is not a generic problem for all modules (I > assume module code generally isn't allowed in the entry path, even via NMI?), one > idea would be to let KVM register its noinstr section for text poking.