From: Catalin Marinas <catalin.marinas@arm.com>
To: Will Deacon <will@kernel.org>
Cc: Joey Gouly <joey.gouly@arm.com>,
linux-arm-kernel@lists.infradead.org, nd@arm.com,
akpm@linux-foundation.org, aneesh.kumar@kernel.org,
aneesh.kumar@linux.ibm.com, anshuman.khandual@arm.com,
bp@alien8.de, broonie@kernel.org, christophe.leroy@csgroup.eu,
dave.hansen@linux.intel.com, hpa@zytor.com,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linuxppc-dev@lists.ozlabs.org, maz@kernel.org, mingo@redhat.com,
mpe@ellerman.id.au, naveen.n.rao@linux.ibm.com,
npiggin@gmail.com, oliver.upton@linux.dev, shuah@kernel.org,
skhan@linuxfoundation.org, szabolcs.nagy@arm.com,
tglx@linutronix.de, x86@kernel.org, kvmarm@lists.linux.dev,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v5 06/30] arm64: context switch POR_EL0 register
Date: Mon, 2 Sep 2024 20:08:08 +0100 [thread overview]
Message-ID: <ZtYNGBrcE-j35fpw@arm.com> (raw)
In-Reply-To: <20240827113803.GB4318@willie-the-truck>
On Tue, Aug 27, 2024 at 12:38:04PM +0100, Will Deacon wrote:
> On Fri, Aug 23, 2024 at 07:40:52PM +0100, Catalin Marinas wrote:
> > On Fri, Aug 23, 2024 at 06:08:36PM +0100, Will Deacon wrote:
> > > On Fri, Aug 23, 2024 at 05:41:06PM +0100, Catalin Marinas wrote:
> > > > On Fri, Aug 23, 2024 at 03:45:32PM +0100, Will Deacon wrote:
> > > > > On Thu, Aug 22, 2024 at 04:10:49PM +0100, Joey Gouly wrote:
> > > > > > +static void permission_overlay_switch(struct task_struct *next)
> > > > > > +{
> > > > > > + if (!system_supports_poe())
> > > > > > + return;
> > > > > > +
> > > > > > + current->thread.por_el0 = read_sysreg_s(SYS_POR_EL0);
> > > > > > + if (current->thread.por_el0 != next->thread.por_el0) {
> > > > > > + write_sysreg_s(next->thread.por_el0, SYS_POR_EL0);
> > > > > > + /* ISB required for kernel uaccess routines when chaning POR_EL0 */
> > > > >
> > > > > nit: typo "chaning".
> > > > >
> > > > > But more substantially, is this just to prevent spurious faults in the
> > > > > context of a new thread using a stale value for POR_EL0?
> > > >
> > > > Not just prevent faults but enforce the permissions from the new
> > > > thread's POR_EL0. The kernel may continue with a uaccess routine from
> > > > here, we can't tell.
[...]
> > > So what do we actually gain by having the uaccess routines honour this?
> >
> > I guess where it matters is more like not accidentally faulting because
> > the previous thread had more restrictive permissions.
>
> That's what I wondered initially, but won't the fault handler retry in
> that case?
Yes, it will retry and this should be fine (I assume you are only
talking about the dropping ISB in the context switch).
For the case of running with a more permissive stale POR_EL0, arguably it's
slightly more predictable for the user but, OTOH, some syscalls like
readv() could be routed through GUP with no checks. As with MTE, we
don't guarantee uaccesses honour the user permissions.
That said, at some point we should sanitise this path anyway and have a
single ISB at the end. In the meantime, I'm fine with dropping the ISB
here.
--
Catalin
next prev parent reply other threads:[~2024-09-02 19:08 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-22 15:10 [PATCH v5 00/30] Permission Overlay Extension Joey Gouly
2024-08-22 15:10 ` [PATCH v5 01/30] powerpc/mm: add ARCH_PKEY_BITS to Kconfig Joey Gouly
2024-08-22 15:10 ` [PATCH v5 02/30] x86/mm: " Joey Gouly
2024-08-22 15:10 ` [PATCH v5 03/30] mm: use ARCH_PKEY_BITS to define VM_PKEY_BITN Joey Gouly
2024-08-22 15:10 ` [PATCH v5 04/30] arm64: disable trapping of POR_EL0 to EL2 Joey Gouly
2024-08-23 13:42 ` Will Deacon
2024-08-22 15:10 ` [PATCH v5 05/30] arm64: cpufeature: add Permission Overlay Extension cpucap Joey Gouly
2024-08-22 15:10 ` [PATCH v5 06/30] arm64: context switch POR_EL0 register Joey Gouly
2024-08-23 14:45 ` Will Deacon
2024-08-23 16:41 ` Catalin Marinas
2024-08-23 17:08 ` Will Deacon
2024-08-23 18:40 ` Catalin Marinas
2024-08-27 11:38 ` Will Deacon
2024-09-02 19:08 ` Catalin Marinas [this message]
2024-09-03 14:54 ` Joey Gouly
2024-09-04 10:22 ` Will Deacon
2024-09-04 11:32 ` Joey Gouly
2024-09-04 11:43 ` Will Deacon
2024-09-04 12:55 ` Joey Gouly
2024-09-04 16:17 ` Will Deacon
2024-09-04 17:05 ` Marc Zyngier
2024-09-05 10:36 ` Joey Gouly
2024-09-04 11:38 ` Catalin Marinas
2024-09-11 15:01 ` Kevin Brodsky
2024-09-11 15:33 ` Dave Hansen
2024-09-12 10:50 ` Will Deacon
2024-09-12 12:48 ` Joey Gouly
2024-09-13 15:14 ` Will Deacon
2024-09-22 5:49 ` Aneesh Kumar K.V
2024-08-22 15:10 ` [PATCH v5 07/30] KVM: arm64: Save/restore POE registers Joey Gouly
2024-08-22 15:10 ` [PATCH v5 08/30] KVM: arm64: make kvm_at() take an OP_AT_* Joey Gouly
2024-08-23 13:48 ` Will Deacon
2024-08-23 14:24 ` Marc Zyngier
2024-08-30 8:01 ` Marc Zyngier
2024-08-30 9:05 ` Will Deacon
2024-08-30 11:58 ` Marc Zyngier
2024-08-30 9:25 ` Will Deacon
2024-08-30 11:23 ` Marc Zyngier
2024-08-30 11:35 ` Joey Gouly
2024-08-22 15:10 ` [PATCH v5 09/30] KVM: arm64: use `at s1e1a` for POE Joey Gouly
2024-08-22 15:10 ` [PATCH v5 10/30] KVM: arm64: Sanitise ID_AA64MMFR3_EL1 Joey Gouly
2024-08-22 15:10 ` [PATCH v5 11/30] arm64: enable the Permission Overlay Extension for EL0 Joey Gouly
2024-08-22 15:10 ` [PATCH v5 12/30] arm64: re-order MTE VM_ flags Joey Gouly
2024-08-22 15:10 ` [PATCH v5 13/30] arm64: add POIndex defines Joey Gouly
2024-08-22 15:10 ` [PATCH v5 14/30] arm64: convert protection key into vm_flags and pgprot values Joey Gouly
2024-08-22 15:10 ` [PATCH v5 15/30] arm64: mask out POIndex when modifying a PTE Joey Gouly
2024-08-22 15:10 ` [PATCH v5 16/30] arm64: handle PKEY/POE faults Joey Gouly
2024-08-29 17:55 ` Mark Brown
2024-09-03 14:50 ` Joey Gouly
2024-09-03 15:29 ` Joey Gouly
2024-08-22 15:11 ` [PATCH v5 17/30] arm64: add pte_access_permitted_no_overlay() Joey Gouly
2024-08-22 15:11 ` [PATCH v5 18/30] arm64: implement PKEYS support Joey Gouly
2024-08-22 15:11 ` [PATCH v5 19/30] arm64: add POE signal support Joey Gouly
2024-09-24 11:27 ` Kevin Brodsky
2024-09-24 15:04 ` Dave Martin
2024-10-09 14:43 ` Will Deacon
2024-10-14 17:10 ` Will Deacon
2024-10-15 9:59 ` Joey Gouly
2024-10-15 11:37 ` Mark Brown
2024-10-15 11:41 ` Will Deacon
2024-10-15 12:25 ` Joey Gouly
2024-10-15 13:26 ` Mark Brown
2024-10-17 7:44 ` Kevin Brodsky
2024-10-15 13:39 ` Dave Martin
2024-10-15 15:01 ` Catalin Marinas
2024-10-17 14:00 ` Kevin Brodsky
2024-08-22 15:11 ` [PATCH v5 20/30] arm64/ptrace: add support for FEAT_POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 21/30] arm64: enable POE and PIE to coexist Joey Gouly
2024-08-22 15:11 ` [PATCH v5 22/30] arm64: enable PKEY support for CPUs with S1POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 23/30] arm64: add Permission Overlay Extension Kconfig Joey Gouly
2024-08-22 15:11 ` [PATCH v5 24/30] kselftest/arm64: move get_header() Joey Gouly
2024-08-22 15:11 ` [PATCH v5 25/30] selftests: mm: move fpregs printing Joey Gouly
2024-08-22 15:11 ` [PATCH v5 26/30] selftests: mm: make protection_keys test work on arm64 Joey Gouly
2024-08-22 15:11 ` [PATCH v5 27/30] kselftest/arm64: add HWCAP test for FEAT_S1POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 28/30] kselftest/arm64: parse POE_MAGIC in a signal frame Joey Gouly
2024-08-22 15:11 ` [PATCH v5 29/30] kselftest/arm64: Add test case for POR_EL0 signal frame records Joey Gouly
2024-08-22 15:11 ` [PATCH v5 30/30] KVM: selftests: get-reg-list: add Permission Overlay registers Joey Gouly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZtYNGBrcE-j35fpw@arm.com \
--to=catalin.marinas@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@kernel.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=anshuman.khandual@arm.com \
--cc=bp@alien8.de \
--cc=broonie@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=naveen.n.rao@linux.ibm.com \
--cc=nd@arm.com \
--cc=npiggin@gmail.com \
--cc=oliver.upton@linux.dev \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).