From: Borislav Petkov <bp@suse.de>
To: Will Deacon <will.deacon@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Linaro ACPI Mailman List <linaro-acpi@lists.linaro.org>,
Catalin Marinas <catalin.marinas@arm.com>,
rruigrok@codeaurora.org, Michal Hocko <mhocko@suse.cz>,
Fu Wei <fu.wei@linaro.org>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
Al Stone <al.stone@linaro.org>, Tomasz Nowicki <tn@semihalf.com>,
"Abdulhamid, Harb" <harba@qti.qualcomm.com>,
linux-acpi@vger.kernel.org, Vlastimil Babka <vbabka@suse.cz>,
Mark Salter <msalter@redhat.com>,
Grant Likely <grant.likely@linaro.org>,
Len Brown <lenb@kernel.org>, Marc Zyngier <Marc.Zyngier@arm.com>,
Jon Masters <jcm@redhat.com>,
Tomasz Nowicki <tomasz.nowicki@linaro.org>,
rrichter@cavium.com, linux-arm-kernel@lists.infradead.org,
G Gregory <graeme.gregory@linaro.org>,
Rafael Wysocki <rjw@rjwysocki.net>,
LKML <linux-kernel@vger.kernel.org>,
jarkko.nikula@linux.intel.com, Hanjun Guo <hanjun.>
Subject: Re: [PATCH v4] acpi, apei, arm64: APEI initial support for aarch64.
Date: Mon, 14 Dec 2015 13:39:57 +0100 [thread overview]
Message-ID: <20151214123957.GF11630@pd.tnic> (raw)
In-Reply-To: <20151214114658.GE6992@arm.com>
On Mon, Dec 14, 2015 at 11:46:59AM +0000, Will Deacon wrote:
> We're in violent agreement. I'm just saying that's *why*
> arch_apei_flush_tlb_one exists, as opposed to calling unmap_kernel_range
> in the driver (which will attempt IPIs). On arm64, unmap_kernel_range
> will actually work correctly, since we don't need IPIs to broadcast TLB
> maintenance.
>
> The (incorrect) premise earlier in the thread was that
> arch_apei_flush_tlb_one exists because there's no portable API for
> flushing a single page, but that's simply not true.
Right.
> Yikes, I'd not even thought about that. Perhaps its all serialised
> somehow, but I have no idea.
Yeah, didn't see any serialization there...
> Right, imagine the following sequence of events:
>
> 1. CPU x takes a GHES IRQ
> 2. CPU x then maps the buffer a page at a time in ghes_copy_tofrom_phys.
> After each unmap, it performs a local TLBI. Let's say that it has
> the final page of the buffer mapped when...
> 3. ... CPU y is meanwhile happily executing some other kernel code.
> 4. CPU y's page table walker speculatively fills the TLB with a translation
> for the last buffer page that CPU x has mapped (because its just been
> mapped with ioremap_page_range and is in the kernel page table).
> 5. CPU x unmaps the last page, performs a *local* TLBI, handles the
> event and returns from the exception
> 6. CPU y takes a GHES IRQ
> 7. CPU y then maps the first buffer page at the same virtual address
> that CPU x used to map the last buffer page
> 8. CPU y accesses the page, hits the stale TLB entry and gets junk
>
> which I think means you need to perform local TLB invalidation on map
> as well as unmap.
>
> Is there some reason this can't happen on x86? It sounds plausible on
> arm64 if we were to use local invalidation.
Ha, thanks for the detailed example, I see it now!
And I too don't see a reason why that can't happen. And the GHES
IRQ is a GSI, which has "global" in the name but I don't think that
means it interrupts the whole system like an NMI does. Especially
if it is registered/handled like a normal irq: acpi_gsi_to_irq() ..
request_irq()...
Adding Tony.
If anything, we probably should be doing something with irq_work at the
end of ghes_copy_tofrom_phys() so that the invalidation of any possible
speculative mappings happens before we return from the GHES IRQ.
Hmm, currently I'm not even clear whether this'll work: we would
theoretically need to send IPIs from IRQ context, at the end of the GHES
IRQ...
Thanks.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
WARNING: multiple messages have this Message-ID (diff)
From: bp@suse.de (Borislav Petkov)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4] acpi, apei, arm64: APEI initial support for aarch64.
Date: Mon, 14 Dec 2015 13:39:57 +0100 [thread overview]
Message-ID: <20151214123957.GF11630@pd.tnic> (raw)
In-Reply-To: <20151214114658.GE6992@arm.com>
On Mon, Dec 14, 2015 at 11:46:59AM +0000, Will Deacon wrote:
> We're in violent agreement. I'm just saying that's *why*
> arch_apei_flush_tlb_one exists, as opposed to calling unmap_kernel_range
> in the driver (which will attempt IPIs). On arm64, unmap_kernel_range
> will actually work correctly, since we don't need IPIs to broadcast TLB
> maintenance.
>
> The (incorrect) premise earlier in the thread was that
> arch_apei_flush_tlb_one exists because there's no portable API for
> flushing a single page, but that's simply not true.
Right.
> Yikes, I'd not even thought about that. Perhaps its all serialised
> somehow, but I have no idea.
Yeah, didn't see any serialization there...
> Right, imagine the following sequence of events:
>
> 1. CPU x takes a GHES IRQ
> 2. CPU x then maps the buffer a page at a time in ghes_copy_tofrom_phys.
> After each unmap, it performs a local TLBI. Let's say that it has
> the final page of the buffer mapped when...
> 3. ... CPU y is meanwhile happily executing some other kernel code.
> 4. CPU y's page table walker speculatively fills the TLB with a translation
> for the last buffer page that CPU x has mapped (because its just been
> mapped with ioremap_page_range and is in the kernel page table).
> 5. CPU x unmaps the last page, performs a *local* TLBI, handles the
> event and returns from the exception
> 6. CPU y takes a GHES IRQ
> 7. CPU y then maps the first buffer page at the same virtual address
> that CPU x used to map the last buffer page
> 8. CPU y accesses the page, hits the stale TLB entry and gets junk
>
> which I think means you need to perform local TLB invalidation on map
> as well as unmap.
>
> Is there some reason this can't happen on x86? It sounds plausible on
> arm64 if we were to use local invalidation.
Ha, thanks for the detailed example, I see it now!
And I too don't see a reason why that can't happen. And the GHES
IRQ is a GSI, which has "global" in the name but I don't think that
means it interrupts the whole system like an NMI does. Especially
if it is registered/handled like a normal irq: acpi_gsi_to_irq() ..
request_irq()...
Adding Tony.
If anything, we probably should be doing something with irq_work at the
end of ghes_copy_tofrom_phys() so that the invalidation of any possible
speculative mappings happens before we return from the GHES IRQ.
Hmm, currently I'm not even clear whether this'll work: we would
theoretically need to send IPIs from IRQ context, at the end of the GHES
IRQ...
Thanks.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Graham Norton, HRB 21284 (AG N?rnberg)
--
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <bp@suse.de>
To: Will Deacon <will.deacon@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Linaro ACPI Mailman List <linaro-acpi@lists.linaro.org>,
Catalin Marinas <catalin.marinas@arm.com>,
rruigrok@codeaurora.org, Michal Hocko <mhocko@suse.cz>,
Fu Wei <fu.wei@linaro.org>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
Al Stone <al.stone@linaro.org>, Tomasz Nowicki <tn@semihalf.com>,
"Abdulhamid, Harb" <harba@qti.qualcomm.com>,
linux-acpi@vger.kernel.org, Vlastimil Babka <vbabka@suse.cz>,
Mark Salter <msalter@redhat.com>,
Grant Likely <grant.likely@linaro.org>,
Len Brown <lenb@kernel.org>, Marc Zyngier <Marc.Zyngier@arm.com>,
Jon Masters <jcm@redhat.com>,
Tomasz Nowicki <tomasz.nowicki@linaro.org>,
rrichter@cavium.com, linux-arm-kernel@lists.infradead.org,
G Gregory <graeme.gregory@linaro.org>,
Rafael Wysocki <rjw@rjwysocki.net>,
LKML <linux-kernel@vger.kernel.org>,
jarkko.nikula@linux.intel.com, Hanjun Guo <hanjun.guo@linaro.org>,
Jonathan Zhang <jon.zhixiong.zhang@gmail.com>,
Tony Luck <tony.luck@intel.com>
Subject: Re: [PATCH v4] acpi, apei, arm64: APEI initial support for aarch64.
Date: Mon, 14 Dec 2015 13:39:57 +0100 [thread overview]
Message-ID: <20151214123957.GF11630@pd.tnic> (raw)
In-Reply-To: <20151214114658.GE6992@arm.com>
On Mon, Dec 14, 2015 at 11:46:59AM +0000, Will Deacon wrote:
> We're in violent agreement. I'm just saying that's *why*
> arch_apei_flush_tlb_one exists, as opposed to calling unmap_kernel_range
> in the driver (which will attempt IPIs). On arm64, unmap_kernel_range
> will actually work correctly, since we don't need IPIs to broadcast TLB
> maintenance.
>
> The (incorrect) premise earlier in the thread was that
> arch_apei_flush_tlb_one exists because there's no portable API for
> flushing a single page, but that's simply not true.
Right.
> Yikes, I'd not even thought about that. Perhaps its all serialised
> somehow, but I have no idea.
Yeah, didn't see any serialization there...
> Right, imagine the following sequence of events:
>
> 1. CPU x takes a GHES IRQ
> 2. CPU x then maps the buffer a page at a time in ghes_copy_tofrom_phys.
> After each unmap, it performs a local TLBI. Let's say that it has
> the final page of the buffer mapped when...
> 3. ... CPU y is meanwhile happily executing some other kernel code.
> 4. CPU y's page table walker speculatively fills the TLB with a translation
> for the last buffer page that CPU x has mapped (because its just been
> mapped with ioremap_page_range and is in the kernel page table).
> 5. CPU x unmaps the last page, performs a *local* TLBI, handles the
> event and returns from the exception
> 6. CPU y takes a GHES IRQ
> 7. CPU y then maps the first buffer page at the same virtual address
> that CPU x used to map the last buffer page
> 8. CPU y accesses the page, hits the stale TLB entry and gets junk
>
> which I think means you need to perform local TLB invalidation on map
> as well as unmap.
>
> Is there some reason this can't happen on x86? It sounds plausible on
> arm64 if we were to use local invalidation.
Ha, thanks for the detailed example, I see it now!
And I too don't see a reason why that can't happen. And the GHES
IRQ is a GSI, which has "global" in the name but I don't think that
means it interrupts the whole system like an NMI does. Especially
if it is registered/handled like a normal irq: acpi_gsi_to_irq() ..
request_irq()...
Adding Tony.
If anything, we probably should be doing something with irq_work at the
end of ghes_copy_tofrom_phys() so that the invalidation of any possible
speculative mappings happens before we return from the GHES IRQ.
Hmm, currently I'm not even clear whether this'll work: we would
theoretically need to send IPIs from IRQ context, at the end of the GHES
IRQ...
Thanks.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
next prev parent reply other threads:[~2015-12-14 12:39 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-08 7:03 [PATCH v4] acpi, apei, arm64: APEI initial support for aarch64 fu.wei
2015-12-08 7:03 ` fu.wei at linaro.org
2015-12-08 11:26 ` Hanjun Guo
2015-12-08 11:26 ` Hanjun Guo
2015-12-08 12:45 ` Fu Wei
2015-12-08 12:45 ` Fu Wei
2015-12-08 12:34 ` Lorenzo Pieralisi
2015-12-08 12:34 ` Lorenzo Pieralisi
2015-12-08 12:52 ` Hanjun Guo
2015-12-08 12:52 ` Hanjun Guo
2015-12-08 13:08 ` Fu Wei
2015-12-08 13:08 ` Fu Wei
2015-12-08 14:07 ` Lorenzo Pieralisi
2015-12-08 14:07 ` Lorenzo Pieralisi
2015-12-09 3:25 ` Fu Wei
2015-12-09 3:25 ` Fu Wei
2015-12-10 2:02 ` Fu Wei
2015-12-10 2:02 ` Fu Wei
2015-12-10 11:01 ` Will Deacon
2015-12-10 11:01 ` Will Deacon
2015-12-14 11:20 ` Borislav Petkov
2015-12-14 11:20 ` Borislav Petkov
2015-12-14 11:20 ` Borislav Petkov
2015-12-14 11:46 ` Will Deacon
2015-12-14 11:46 ` Will Deacon
2015-12-14 11:46 ` Will Deacon
2015-12-14 12:39 ` Borislav Petkov [this message]
2015-12-14 12:39 ` Borislav Petkov
2015-12-14 12:39 ` Borislav Petkov
2015-12-08 15:53 ` Suzuki K. Poulose
2015-12-08 15:53 ` Suzuki K. Poulose
2015-12-09 3:00 ` Fu Wei
2015-12-09 3:00 ` Fu Wei
2015-12-09 3:00 ` Fu Wei
2015-12-14 10:46 ` Borislav Petkov
2015-12-14 10:46 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151214123957.GF11630@pd.tnic \
--to=bp@suse.de \
--cc=Marc.Zyngier@arm.com \
--cc=al.stone@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=fu.wei@linaro.org \
--cc=graeme.gregory@linaro.org \
--cc=grant.likely@linaro.org \
--cc=harba@qti.qualcomm.com \
--cc=jarkko.nikula@linux.intel.com \
--cc=jcm@redhat.com \
--cc=lenb@kernel.org \
--cc=linaro-acpi@lists.linaro.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo.pieralisi@arm.com \
--cc=mark.rutland@arm.com \
--cc=mhocko@suse.cz \
--cc=msalter@redhat.com \
--cc=rjw@rjwysocki.net \
--cc=rrichter@cavium.com \
--cc=rruigrok@codeaurora.org \
--cc=tn@semihalf.com \
--cc=tomasz.nowicki@linaro.org \
--cc=vbabka@suse.cz \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.