linux-api.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Heiko Carstens <heiko.carstens@de.ibm.com>
To: Peter Zijlstra <peterz@infradead.org>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Andy Lutomirski <luto@amacapital.net>,
	Thomas Gleixner <tglx@linutronix.de>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	linux-api <linux-api@vger.kernel.org>,
	"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
	Boqun Feng <boqun.feng@gmail.com>,
	Dave Watson <davejwatson@fb.com>, Paul Turner <pjt@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Russell King <linux@arm.linux.org.uk>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Andi Kleen <andi@firstfloor.org>, Chris Lameter <cl@linux.com>,
	Ben Maurer <bmaurer@fb.com>, rostedt <rostedt@goodmis.org>,
	Josh Triplett <josh@joshtriplett.org>C
Subject: Re: [RFC PATCH for 4.18] rseq: use __u64 for rseq_cs fields, validate user inputs
Date: Tue, 3 Jul 2018 11:17:17 +0200	[thread overview]
Message-ID: <20180703091717.GK3704@osiris> (raw)
In-Reply-To: <20180703085546.GJ3704@osiris>

On Tue, Jul 03, 2018 at 10:55:46AM +0200, Heiko Carstens wrote:
> > > > We're piece-wise enabling rseq across architectures anyway, and when the
> > > > relevant maintains do this, they can have a look at their
> > > > {get,put}_user() implementations and fix them.
> > > > 
> > > > If you rely on get_user(u64) working, that means microblaze is already
> > > > broken, but I suppose it already was, since their rseq enablement patch
> > > > is extremely dodgy. Michal?
> > > 
> > > s390 uses the mvcos instruction to implement get_user(). That instruction
> > > is not defined to be atomic, but may copy bytes piecemeal.. I had the
> > > impression that the rseq fields are supposed to be updated within the
> > > context of a single thread (user + kernel space).
> > > 
> > > However if another user space thread is allowed to do this as well, then
> > > the get_user() approach won't fly on s390.
> > > 
> > > That leaves the question: does it even make sense for a thread to update
> > > the rseq structure of a different thread?
> > 
> > The problem is interrupts; we need interrupts on the CPU doing the store
> > to observe either the old or the new value, not a mix.
> > 
> > If mvcos does not guarantee that, we're having problems. Is there a
> > reason get_user() cannot use a 'regular' load?
> 
> Well, that's single instruction semantics. This is something we actually
> can guarantee, since the mvcos instruction itself won't be interrupted and
> copies all 1/2/4/8 bytes in a row.
> 
> So we are talking about that single instructions are required and not
> atomic accesses?

And to answer also your question: we don't use a regular load, since we
would have to use 'sacf' construct surrounding the load instruction which
would be much slower.
We have something like that implemented for the futex atomic ops, and we
could also implement something like that for this use case
(e.g. get_user_atomic()), if really needed.

  reply	other threads:[~2018-07-03  9:17 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-02 22:31 [RFC PATCH for 4.18] rseq: use __u64 for rseq_cs fields, validate user inputs Mathieu Desnoyers
2018-07-02 22:45 ` Linus Torvalds
2018-07-02 23:00   ` Mathieu Desnoyers
2018-07-02 23:06     ` Linus Torvalds
2018-07-02 23:16       ` Mathieu Desnoyers
2018-07-02 23:22         ` Linus Torvalds
2018-07-02 23:25           ` Mathieu Desnoyers
2018-07-02 23:22         ` Mathieu Desnoyers
2018-07-02 23:37           ` Andy Lutomirski
2018-07-03  1:19             ` Mathieu Desnoyers
2018-07-03  2:01               ` Mathieu Desnoyers
2018-07-03  2:18                 ` Linus Torvalds
2018-07-03  2:30                   ` Mathieu Desnoyers
2018-07-03  2:33                     ` Andy Lutomirski
2018-07-03  2:44                     ` Linus Torvalds
2018-07-03  8:14                     ` Peter Zijlstra
2018-07-03  8:29                       ` Heiko Carstens
2018-07-03  8:43                         ` Peter Zijlstra
2018-07-03  8:55                           ` Heiko Carstens
2018-07-03  9:17                             ` Heiko Carstens [this message]
2018-07-03  9:24                               ` Peter Zijlstra
2018-07-03  9:21                             ` Peter Zijlstra
2018-07-03 16:40                               ` Andi Kleen
2018-07-03 17:02                                 ` Peter Zijlstra
2018-07-03 17:06                                 ` Andy Lutomirski
2018-07-03 17:10                                 ` Linus Torvalds
2018-07-03 17:26                                   ` Mathieu Desnoyers
2018-07-03 17:34                                   ` Peter Zijlstra
2018-07-03 17:38                                     ` Mathieu Desnoyers
2018-07-03 17:48                                       ` Peter Zijlstra
2018-07-03 17:58                                         ` Mathieu Desnoyers
2018-07-03 18:11                                           ` Peter Zijlstra
2018-07-03 18:15                                             ` Mathieu Desnoyers
2018-07-03 18:28                                               ` Peter Zijlstra
2018-07-03 18:41                                                 ` Mathieu Desnoyers
2018-07-03 19:08                                                   ` Peter Zijlstra
2018-07-03 17:59                                         ` Linus Torvalds
2018-07-03 18:09                                           ` Mathieu Desnoyers
2018-07-03 18:10                                           ` Peter Zijlstra
2018-07-03  0:19         ` Christopher Lameter
2018-07-03  0:23           ` Mathieu Desnoyers
2018-07-03  0:35             ` Christopher Lameter
2018-07-03  1:17               ` Mathieu Desnoyers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180703091717.GK3704@osiris \
    --to=heiko.carstens@de.ibm.com \
    --cc=akpm@linux-foundation.org \
    --cc=andi@firstfloor.org \
    --cc=bmaurer@fb.com \
    --cc=boqun.feng@gmail.com \
    --cc=cl@linux.com \
    --cc=davejwatson@fb.com \
    --cc=hpa@zytor.com \
    --cc=josh@joshtriplett.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@arm.linux.org.uk \
    --cc=luto@amacapital.net \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mingo@redhat.com \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=peterz@infradead.org \
    --cc=pjt@google.com \
    --cc=rostedt@goodmis.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).