From mboxrd@z Thu Jan 1 00:00:00 1970 From: Will Deacon Subject: Re: [EXT] Re: [PATCH v3 03/13] task_isolation: add instruction synchronization memory barrier Date: Tue, 21 Apr 2020 08:41:02 +0100 Message-ID: <20200421074101.GA15021@willie-the-truck> References: <4473787e1b6bc3cc226067e8d122092a678b63de.camel@marvell.com> <07c25c246c55012981ec0296eee23e68c719333a.camel@marvell.com> <20200415124427.GB28304@C02TD0UTHF1T.local> <20200420122350.GB12889@willie-the-truck> <20200420123628.GB69441@C02TD0UTHF1T.local> <20200420135523.GA18711@willie-the-truck> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mail.kernel.org ([198.145.29.99]:47812 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725992AbgDUHlI (ORCPT ); Tue, 21 Apr 2020 03:41:08 -0400 Content-Disposition: inline In-Reply-To: <20200420135523.GA18711@willie-the-truck> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Mark Rutland Cc: Alex Belits , "mingo@kernel.org" , "davem@davemloft.net" , "linux-api@vger.kernel.org" , "rostedt@goodmis.org" , "peterz@infradead.org" , "linux-arch@vger.kernel.org" , Prasun Kapoor , "catalin.marinas@arm.com" , "frederic@kernel.org" , "tglx@linutronix.de" , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" On Mon, Apr 20, 2020 at 02:55:23PM +0100, Will Deacon wrote: > On Mon, Apr 20, 2020 at 01:36:28PM +0100, Mark Rutland wrote: > > On Mon, Apr 20, 2020 at 01:23:51PM +0100, Will Deacon wrote: > > > IIUC, we don't need to do anything on arm64 because taking an exception acts > > > as a context synchronization event, so I don't think you should try to > > > expose this as a new barrier macro. Instead, just make it a pre-requisite > > > that architectures need to ensure this behaviour when entering the kernel > > > from userspace if they are to select HAVE_ARCH_TASK_ISOLATION. > > > > The CSE from the exception isn't sufficient here, because it needs to > > occur after the CPU has re-registered to receive IPIs for > > kick_all_cpus_sync(). Otherwise there's a window between taking the > > exception and re-registering where a necessary context synchronization > > event can be missed. e.g. > > > > CPU A CPU B > > [ Modifies some code ] > > [ enters exception ] > > [ D cache maintenance ] > > [ I cache maintenance ] > > [ IPI ] // IPI not taken > > ... [ register for IPI ] > > [ IPI completes ] > > [ execute stale code here ] > > Thanks. > > > However, I think 'IMB' is far too generic, and we should have an arch > > hook specific to task isolation, as it's far less likely to be abused as > > IMB will. > > What guarantees we don't run any unsynchronised module code between > exception entry and registering for the IPI? It seems like we'd want that > code to run as early as possible, e.g. as part of > task_isolation_user_exit() but that doesn't seem to be what's happening. Sorry, I guess that's more a question for Alex. Alex -- do you think we could move the "register for IPI" step earlier so that it's easier to reason about the code that runs in the dead zone during exception entry? Will