From: Mark Rutland <mark.rutland@arm.com>
To: Guo Ren <guoren@kernel.org>
Cc: "Alexandre Ghiti" <alex@ghiti.fr>,
arnd@arndb.de, palmer@rivosinc.com, tglx@linutronix.de,
peterz@infradead.org, luto@kernel.org,
conor.dooley@microchip.com, heiko@sntech.de, jszhang@kernel.org,
lazyparser@gmail.com, falcon@tinylab.org, chenhuacai@kernel.org,
apatel@ventanamicro.com, atishp@atishpatra.org,
ben@decadent.org.uk, bjorn@kernel.org,
linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-riscv@lists.infradead.org,
"Guo Ren" <guoren@linux.alibaba.com>,
"Björn Töpel" <bjorn@rivosinc.com>
Subject: Re: [PATCH -next V12 3/7] riscv: entry: Add noinstr to prevent instrumentation inserted
Date: Wed, 4 Jan 2023 12:03:28 +0000 [thread overview]
Message-ID: <Y7VrEMJtwC7v7oNy@FVFF77S0Q05N> (raw)
In-Reply-To: <CAJF2gTTSretKkJGNV7Y6iJboPuAWUQ=to=RPA8_-Nz8dnufGAg@mail.gmail.com>
On Wed, Jan 04, 2023 at 09:40:38AM +0800, Guo Ren wrote:
> On Tue, Jan 3, 2023 at 5:12 PM Alexandre Ghiti <alex@ghiti.fr> wrote:
> >
> > Hi Guo,
> >
> > On 1/3/23 04:35, guoren@kernel.org wrote:
> > > From: Guo Ren <guoren@linux.alibaba.com>
> > >
> > > Without noinstr the compiler is free to insert instrumentation (think
> > > all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not
> > > yet ready to run this early in the entry path, for instance it could
> > > rely on RCU which isn't on yet, or expect lockdep state. (by peterz)
> > >
> > > Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/
> > > Reviewed-by: Björn Töpel <bjorn@rivosinc.com>
> > > Suggested-by: Peter Zijlstra <peterz@infradead.org>
> > > Tested-by: Jisheng Zhang <jszhang@kernel.org>
> > > Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
> > > Signed-off-by: Guo Ren <guoren@kernel.org>
> > > ---
> > > arch/riscv/kernel/traps.c | 4 ++--
> > > arch/riscv/mm/fault.c | 2 +-
> > > 2 files changed, 3 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
> > > index 549bde5c970a..96ec76c54ff2 100644
> > > --- a/arch/riscv/kernel/traps.c
> > > +++ b/arch/riscv/kernel/traps.c
> > > @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code,
> > > }
> > >
> > > #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE)
> > > -#define __trap_section __section(".xip.traps")
> > > +#define __trap_section __noinstr_section(".xip.traps")
> > > #else
> > > -#define __trap_section
> > > +#define __trap_section noinstr
> > > #endif
> > > #define DO_ERROR_INFO(name, signo, code, str) \
> > > asmlinkage __visible __trap_section void name(struct pt_regs *regs) \
> > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
> > > index d86f7cebd4a7..b26f68eac61c 100644
> > > --- a/arch/riscv/mm/fault.c
> > > +++ b/arch/riscv/mm/fault.c
> > > @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma)
> > > * This routine handles page faults. It determines the address and the
> > > * problem, and then passes it off to one of the appropriate routines.
> > > */
> > > -asmlinkage void do_page_fault(struct pt_regs *regs)
> > > +asmlinkage void noinstr do_page_fault(struct pt_regs *regs)
> >
> >
> > (I dug the archive but can't find the series before v4, so sorry if it
> > was already answered)
> >
> > I think we should not disable the instrumentation of those trap handlers
> > as at least profiling them with ftrace would provide valuable
> > information (and gcov would be nice too): why do we need to do that? A
> > trap very early in the boot process is not recoverable anyway.
> Everything that calls irqentry_enter() should be noinstr, and this
> patch prepares for the next generic_entry convert.
>
> eg:
> asmlinkage void noinstr do_page_fault(struct pt_regs *regs)
> {
> irqentry_state_t state = irqentry_enter(regs);
>
> __do_page_fault(regs);
>
> local_irq_disable();
>
> irqentry_exit(regs, state);
> }
> NOKPROBE_SYMBOL(do_page_fault);
>
> You still could profile __do_page_fault.
>
> >
> > And I took a look at other architectures, none of them disables the
> > instrumentation on do_page_fault.
> That's not true, have a look at power & arm64. All of them have some
> limitations at the entry of page_fault.
Well, arm64's can't be kprobed, but is *can* be traced with ftrace, and *can*
be instrumented with KASAN and friends. I'm not sure that we actually need to
inhibit kprobes for do_page_fault, and we might be able to relax that.
As a general thing, we've tried to centralize all the necesarily-noinstr bits
in arch/arm64/kernel/entry-common.c, and keep everything else as instrumentable
as possible.
I'd recommend doing similar, and have a central file for any entry bits which
can't live in the generic entry code, and keep the rest instrumentable. That
will make it easier to maintain and verify.
Thanks,
Mark.
next prev parent reply other threads:[~2023-01-04 12:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-03 3:35 [PATCH -next V12 0/7] riscv: Add GENERIC_ENTRY support guoren
2023-01-03 3:35 ` [PATCH -next V12 1/7] compiler_types.h: Add __noinstr_section() for noinstr guoren
2023-01-03 3:35 ` [PATCH -next V12 2/7] riscv: ptrace: Remove duplicate operation guoren
2023-01-03 3:35 ` [PATCH -next V12 3/7] riscv: entry: Add noinstr to prevent instrumentation inserted guoren
2023-01-03 9:11 ` Alexandre Ghiti
2023-01-04 1:40 ` Guo Ren
2023-01-04 12:03 ` Mark Rutland [this message]
2023-01-07 11:48 ` Guo Ren
2023-01-04 11:55 ` Mark Rutland
2023-01-07 11:49 ` Guo Ren
2023-01-03 3:35 ` [PATCH -next V12 4/7] riscv: entry: Convert to generic entry guoren
2023-01-03 3:35 ` [PATCH -next V12 5/7] riscv: entry: Remove extra level wrappers of trace_hardirqs_{on,off} guoren
2023-01-03 3:35 ` [PATCH -next V12 6/7] riscv: entry: Consolidate ret_from_kernel_thread into ret_from_fork guoren
2023-01-03 3:35 ` [PATCH -next V12 7/7] riscv: entry: Consolidate general regs saving/restoring guoren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y7VrEMJtwC7v7oNy@FVFF77S0Q05N \
--to=mark.rutland@arm.com \
--cc=alex@ghiti.fr \
--cc=apatel@ventanamicro.com \
--cc=arnd@arndb.de \
--cc=atishp@atishpatra.org \
--cc=ben@decadent.org.uk \
--cc=bjorn@kernel.org \
--cc=bjorn@rivosinc.com \
--cc=chenhuacai@kernel.org \
--cc=conor.dooley@microchip.com \
--cc=falcon@tinylab.org \
--cc=guoren@kernel.org \
--cc=guoren@linux.alibaba.com \
--cc=heiko@sntech.de \
--cc=jszhang@kernel.org \
--cc=lazyparser@gmail.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=luto@kernel.org \
--cc=palmer@rivosinc.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox