From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2486FC2BA19 for ; Tue, 21 Apr 2020 07:41:15 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EFD4D2073A for ; Tue, 21 Apr 2020 07:41:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="NklFy1CJ"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ux6xM77N" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EFD4D2073A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Ci2/0lZZKJgn0xib3Qoj0pn80uQYEkJp9UyhHFnKH2s=; b=NklFy1CJk3womb QlLFLAyuA4F2NV6n55hhmP2uY22pOYQEChjqXPc4y4yOj7AzxdAmGFrJG0ks6xP1MX+2+igAfQOgT c9pWSSxuEUr4gHGEhNnKDxvSzhB1/bo4U2Iy0A6QD5fvXaHMse+BgIH534eudlxMKVD3s6qG7qnvj f6oB61HVAOFG8Ufc5/+Rsbi1oaPkfQ1DW8iFcrOhv4wdeeXCOw1K/UGcv9xvbrzW8a8DRGe0tNGIt SXMaaveO4tvChGA3sW4ILaPac7FxJAyeKcd3iLcVL5FRCqfCWNlOLiageS/AmnFKVqB/6TSsiOjuY gWYkUsm3wXpV5dox2bEg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jQnWo-0001hN-PZ; Tue, 21 Apr 2020 07:41:10 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jQnWm-0001gA-7v for linux-arm-kernel@lists.infradead.org; Tue, 21 Apr 2020 07:41:09 +0000 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 765932084D; Tue, 21 Apr 2020 07:41:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587454867; bh=Nbpcjvf4OfQ6/2rbNcF4XSAXJpyKzoe6+kQqdiYXyL8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ux6xM77N6e3zjcMhKqKkdPDzL8BNNWgNngXIeQat43yqC0nlQLUhfbDvC0IRskK4a lzXX4ZT/0h9u4DpM21iqQivITIIy8PZvfZnm9XI2slLBPWpJY6DkcnyZ0ZnL+Yq49u drScS8rGC++743FnPenRISkU6YuS2/Gft9+GbSfU= Date: Tue, 21 Apr 2020 08:41:02 +0100 From: Will Deacon To: Mark Rutland Subject: Re: [EXT] Re: [PATCH v3 03/13] task_isolation: add instruction synchronization memory barrier Message-ID: <20200421074101.GA15021@willie-the-truck> References: <4473787e1b6bc3cc226067e8d122092a678b63de.camel@marvell.com> <07c25c246c55012981ec0296eee23e68c719333a.camel@marvell.com> <20200415124427.GB28304@C02TD0UTHF1T.local> <20200420122350.GB12889@willie-the-truck> <20200420123628.GB69441@C02TD0UTHF1T.local> <20200420135523.GA18711@willie-the-truck> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200420135523.GA18711@willie-the-truck> User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200421_004108_330782_723616D9 X-CRM114-Status: GOOD ( 21.02 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "linux-arch@vger.kernel.org" , "catalin.marinas@arm.com" , "peterz@infradead.org" , Alex Belits , "frederic@kernel.org" , "linux-kernel@vger.kernel.org" , "rostedt@goodmis.org" , "davem@davemloft.net" , "netdev@vger.kernel.org" , "linux-api@vger.kernel.org" , Prasun Kapoor , "tglx@linutronix.de" , "mingo@kernel.org" , "linux-arm-kernel@lists.infradead.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Apr 20, 2020 at 02:55:23PM +0100, Will Deacon wrote: > On Mon, Apr 20, 2020 at 01:36:28PM +0100, Mark Rutland wrote: > > On Mon, Apr 20, 2020 at 01:23:51PM +0100, Will Deacon wrote: > > > IIUC, we don't need to do anything on arm64 because taking an exception acts > > > as a context synchronization event, so I don't think you should try to > > > expose this as a new barrier macro. Instead, just make it a pre-requisite > > > that architectures need to ensure this behaviour when entering the kernel > > > from userspace if they are to select HAVE_ARCH_TASK_ISOLATION. > > > > The CSE from the exception isn't sufficient here, because it needs to > > occur after the CPU has re-registered to receive IPIs for > > kick_all_cpus_sync(). Otherwise there's a window between taking the > > exception and re-registering where a necessary context synchronization > > event can be missed. e.g. > > > > CPU A CPU B > > [ Modifies some code ] > > [ enters exception ] > > [ D cache maintenance ] > > [ I cache maintenance ] > > [ IPI ] // IPI not taken > > ... [ register for IPI ] > > [ IPI completes ] > > [ execute stale code here ] > > Thanks. > > > However, I think 'IMB' is far too generic, and we should have an arch > > hook specific to task isolation, as it's far less likely to be abused as > > IMB will. > > What guarantees we don't run any unsynchronised module code between > exception entry and registering for the IPI? It seems like we'd want that > code to run as early as possible, e.g. as part of > task_isolation_user_exit() but that doesn't seem to be what's happening. Sorry, I guess that's more a question for Alex. Alex -- do you think we could move the "register for IPI" step earlier so that it's easier to reason about the code that runs in the dead zone during exception entry? Will _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel