From: Jann Horn <jannh@google.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: John Hubbard <jhubbard@nvidia.com>,
x86@kernel.org, willy@infradead.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
aarcange@redhat.com, kirill.shutemov@linux.intel.com,
jroedel@suse.de, ubizjak@gmail.com
Subject: Re: [PATCH 01/13] mm: Update ptep_get_lockless()s comment
Date: Wed, 26 Oct 2022 18:45:16 +0200 [thread overview]
Message-ID: <CAG48ez05gBiB2w7bL_3O_OUoBWazmHnRwMiuni_wQyXBUcaxbQ@mail.gmail.com> (raw)
In-Reply-To: <Y1f7YvKuwOl1XEwU@hirez.programming.kicks-ass.net>
On Tue, Oct 25, 2022 at 5:06 PM Peter Zijlstra <peterz@infradead.org> wrote:
> On Tue, Oct 25, 2022 at 04:18:20PM +0200, Jann Horn wrote:
> > On Tue, Oct 25, 2022 at 4:02 PM Peter Zijlstra <peterz@infradead.org> wrote:
> > > On Mon, Oct 24, 2022 at 09:58:07PM +0200, Jann Horn wrote:
> > >
> > > > Unless I'm completely misunderstanding what's going on here, the whole
> > > > "remove_table" thing only happens when you "remove a table", meaning
> > > > you free an entire *pagetable*. Just zapping PTEs doesn't trigger that
> > > > logic.
> > >
> > > Aah; yes true. OTOH even it that were not so, I think it would still be
> > > broken because the current code relies on the TLB flush to have
> > > completed, whereas the RCU scheme is effectively async and can be
> > > considered pending until the callback runs.
> > >
> > > Hurmph... easiest fix is probably to dis-allow kvm_flush_tlb_multi()
> > > for i386-pae builds.
> > >
> > > Something like so... nobody in his right mind should care about i386-pae
> > > virt performance much.
> >
> > I think Xen and HyperV have similar codepaths.
> > hyperv_flush_tlb_multi() looks like it uses remote flush hypercalls,
> > xen_flush_tlb_multi() too.
>
> Sure (not updated).
>
> > On top of that, I think that theoretically, Linux doesn't even ensure
> > that you have a TLB flush in between tearing down one PTE and
> > installing another PTE (see
> > https://lore.kernel.org/all/CAG48ez1Oz4tT-N2Y=Zs6jumu=zOp7SQRZ=V2c+b5bT9P4retJA@mail.gmail.com/),
> > but I haven't tested that, and if it is true, I'm also not entirely
> > sure if it's correct (in the sense that it only creates incoherent-TLB
> > states when userspace is doing something stupid like racing
> > MADV_DONTNEED and page faults on the same region).
> >
> > I think the more clearly correct fix would be to get rid of the split
> > loads and use CMPXCHG16B instead (probably destroying the performance
> > of GUP-fast completely), but that's complicated because some of the
> > architectures that use the split loads path don't have cmpxchg_double
> > (or at least don't have it wired up).
>
> cmpxchg8b; but no, I think we want to fix MADV_DONTNEED, incoherent TLB
> states are a pain nobody needs.
>
> Something like so should force TLB flushes before dropping pte_lock (not
> looked at the various pmd level things yet).
[...]
> #endif /* _LINUX_MM_H */
> diff --git a/mm/memory.c b/mm/memory.c
> index f88c351aecd4..9bb63b3fbee1 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -1440,6 +1440,11 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb,
> tlb_remove_tlb_entry(tlb, pte, addr);
> zap_install_uffd_wp_if_needed(vma, addr, pte, details,
> ptent);
> +
> + if (!force_flush && !tlb->fullmm && details &&
> + details->zap_flags & ZAP_FLAG_FORCE_FLUSH)
> + force_flush = 1;
> +
Hmm... I guess that might work, assuming that there is no other
codepath we might race with that first turns the present PTE into a
non-present PTE but keeps the flush queued for later. At least
codepaths that use the tlb_batched infrastructure are unproblematic...
next prev parent reply other threads:[~2022-10-26 16:45 UTC|newest]
Thread overview: 143+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-22 11:14 [PATCH 00/13] Clean up pmd_get_atomic() and i386-PAE Peter Zijlstra
2022-10-22 11:14 ` [PATCH 01/13] mm: Update ptep_get_lockless()s comment Peter Zijlstra
2022-10-24 5:42 ` John Hubbard
2022-10-24 8:00 ` Peter Zijlstra
2022-10-24 19:58 ` Jann Horn
2022-10-24 20:19 ` Linus Torvalds
2022-10-24 20:23 ` Jann Horn
2022-10-24 20:36 ` Linus Torvalds
2022-10-25 3:21 ` Matthew Wilcox
2022-10-25 7:54 ` Alistair Popple
2022-10-25 13:33 ` Peter Zijlstra
2022-10-25 13:44 ` Jann Horn
2022-10-26 0:45 ` Alistair Popple
2022-10-25 14:02 ` Peter Zijlstra
2022-10-25 14:18 ` Jann Horn
2022-10-25 15:06 ` Peter Zijlstra
2022-10-26 16:45 ` Jann Horn [this message]
2022-10-27 7:08 ` Peter Zijlstra
2022-10-27 18:13 ` Linus Torvalds
2022-10-27 19:35 ` Peter Zijlstra
2022-10-27 19:43 ` Linus Torvalds
2022-10-27 20:15 ` Nadav Amit
2022-10-27 20:31 ` Linus Torvalds
2022-10-27 21:44 ` Nadav Amit
2022-10-28 23:57 ` Nadav Amit
2022-10-29 0:42 ` Linus Torvalds
2022-10-29 18:05 ` Nadav Amit
2022-10-29 18:36 ` Linus Torvalds
2022-10-29 18:58 ` Linus Torvalds
2022-10-29 19:14 ` Linus Torvalds
2022-10-29 19:28 ` Nadav Amit
2022-10-30 0:18 ` Nadav Amit
2022-10-30 2:17 ` Nadav Amit
2022-10-30 18:19 ` Linus Torvalds
2022-10-30 18:51 ` Linus Torvalds
2022-10-30 22:47 ` Linus Torvalds
2022-10-31 1:47 ` Linus Torvalds
2022-10-31 4:09 ` Nadav Amit
2022-10-31 4:55 ` Nadav Amit
2022-10-31 5:00 ` Linus Torvalds
2022-10-31 15:43 ` Nadav Amit
2022-10-31 17:32 ` Linus Torvalds
2022-10-31 9:36 ` Peter Zijlstra
2022-10-31 17:28 ` Linus Torvalds
2022-10-31 18:43 ` mm: delay rmap removal until after TLB flush Linus Torvalds
2022-11-02 9:14 ` Christian Borntraeger
2022-11-02 9:23 ` Christian Borntraeger
2022-11-02 17:55 ` Linus Torvalds
2022-11-02 18:28 ` Linus Torvalds
2022-11-02 22:29 ` Gerald Schaefer
2022-11-02 12:45 ` Peter Zijlstra
2022-11-02 22:31 ` Gerald Schaefer
2022-11-02 23:13 ` Linus Torvalds
2022-11-03 9:52 ` David Hildenbrand
2022-11-03 16:54 ` Linus Torvalds
2022-11-03 17:09 ` Linus Torvalds
2022-11-03 17:36 ` David Hildenbrand
2022-11-04 6:33 ` Alexander Gordeev
2022-11-04 17:35 ` Linus Torvalds
2022-11-06 21:06 ` Hugh Dickins
2022-11-06 22:34 ` Linus Torvalds
2022-11-06 23:14 ` Andrew Morton
2022-11-07 0:06 ` Stephen Rothwell
2022-11-07 16:19 ` Linus Torvalds
2022-11-07 23:02 ` Andrew Morton
2022-11-07 23:44 ` Stephen Rothwell
2022-11-07 9:12 ` Peter Zijlstra
2022-11-07 20:07 ` Johannes Weiner
2022-11-07 20:29 ` Linus Torvalds
2022-11-07 23:47 ` Linus Torvalds
2022-11-08 4:28 ` Linus Torvalds
2022-11-08 19:56 ` Linus Torvalds
2022-11-08 20:03 ` Konstantin Ryabitsev
2022-11-08 20:18 ` Linus Torvalds
2022-11-08 19:41 ` [PATCH 1/4] mm: introduce 'encoded' page pointers with embedded extra bits Linus Torvalds
2022-11-08 20:37 ` Nadav Amit
2022-11-08 20:46 ` Linus Torvalds
2022-11-09 6:36 ` Alexander Gordeev
2022-11-09 18:00 ` Linus Torvalds
2022-11-09 20:02 ` Linus Torvalds
2022-11-08 19:41 ` [PATCH 2/4] mm: teach release_pages() to take an array of encoded page pointers too Linus Torvalds
2022-11-08 19:41 ` [PATCH 3/4] mm: mmu_gather: prepare to gather encoded page pointers with flags Linus Torvalds
2022-11-08 19:41 ` [PATCH 4/4] mm: delay page_remove_rmap() until after the TLB has been flushed Linus Torvalds
2022-11-08 21:05 ` Nadav Amit
2022-11-09 15:53 ` Johannes Weiner
2022-11-09 19:31 ` Hugh Dickins
2022-10-31 9:39 ` [PATCH 01/13] mm: Update ptep_get_lockless()s comment Peter Zijlstra
2022-10-31 17:22 ` Linus Torvalds
2022-10-31 9:46 ` Peter Zijlstra
2022-10-31 9:28 ` Peter Zijlstra
2022-10-31 17:19 ` Linus Torvalds
2022-10-30 19:34 ` Nadav Amit
2022-10-29 19:39 ` John Hubbard
2022-10-29 20:15 ` Linus Torvalds
2022-10-29 20:30 ` Linus Torvalds
2022-10-29 20:42 ` John Hubbard
2022-10-29 20:56 ` Nadav Amit
2022-10-29 21:03 ` Nadav Amit
2022-10-29 21:12 ` Linus Torvalds
2022-10-29 20:59 ` Theodore Ts'o
2022-10-26 19:43 ` Nadav Amit
2022-10-27 7:27 ` Peter Zijlstra
2022-10-27 17:30 ` Nadav Amit
2022-10-22 11:14 ` [PATCH 02/13] x86/mm/pae: Make pmd_t similar to pte_t Peter Zijlstra
2022-10-22 11:14 ` [PATCH 03/13] sh/mm: " Peter Zijlstra
2022-12-21 13:54 ` Guenter Roeck
2022-10-22 11:14 ` [PATCH 04/13] mm: Fix pmd_read_atomic() Peter Zijlstra
2022-10-22 17:30 ` Linus Torvalds
2022-10-24 8:09 ` Peter Zijlstra
2022-11-01 12:41 ` Peter Zijlstra
2022-11-01 17:42 ` Linus Torvalds
2022-10-22 11:14 ` [PATCH 05/13] mm: Rename GUP_GET_PTE_LOW_HIGH Peter Zijlstra
2022-10-22 11:14 ` [PATCH 06/13] mm: Rename pmd_read_atomic() Peter Zijlstra
2022-10-22 11:14 ` [PATCH 07/13] mm/gup: Fix the lockless PMD access Peter Zijlstra
2022-10-23 0:42 ` Hugh Dickins
2022-10-24 7:42 ` Peter Zijlstra
2022-10-25 3:58 ` Hugh Dickins
2022-10-22 11:14 ` [PATCH 08/13] x86/mm/pae: Dont (ab)use atomic64 Peter Zijlstra
2022-10-22 11:14 ` [PATCH 09/13] x86/mm/pae: Use WRITE_ONCE() Peter Zijlstra
2022-10-22 17:42 ` Linus Torvalds
2022-10-24 10:21 ` Peter Zijlstra
2022-10-22 11:14 ` [PATCH 10/13] x86/mm/pae: Be consistent with pXXp_get_and_clear() Peter Zijlstra
2022-10-22 17:53 ` Linus Torvalds
2022-10-24 11:13 ` Peter Zijlstra
2022-10-22 11:14 ` [PATCH 11/13] x86_64: Remove pointless set_64bit() usage Peter Zijlstra
2022-10-22 17:55 ` Linus Torvalds
2022-11-03 19:09 ` Nathan Chancellor
2022-11-03 19:23 ` Uros Bizjak
2022-11-03 19:35 ` Nathan Chancellor
2022-11-03 20:39 ` Linus Torvalds
2022-11-03 21:06 ` Peter Zijlstra
2022-11-04 16:01 ` Peter Zijlstra
2022-11-04 17:15 ` Linus Torvalds
2022-11-05 13:29 ` Jason A. Donenfeld
2022-11-05 15:14 ` Peter Zijlstra
2022-11-05 20:54 ` Jason A. Donenfeld
2022-11-07 9:14 ` David Laight
2022-12-19 15:44 ` Peter Zijlstra
2022-10-22 11:14 ` [PATCH 12/13] x86/mm/pae: Get rid of set_64bit() Peter Zijlstra
2022-10-22 11:14 ` [PATCH 13/13] mm: Remove pointless barrier() after pmdp_get_lockless() Peter Zijlstra
2022-10-22 19:59 ` Yu Zhao
2022-10-22 17:57 ` [PATCH 00/13] Clean up pmd_get_atomic() and i386-PAE Linus Torvalds
2022-10-29 12:21 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAG48ez05gBiB2w7bL_3O_OUoBWazmHnRwMiuni_wQyXBUcaxbQ@mail.gmail.com \
--to=jannh@google.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=jhubbard@nvidia.com \
--cc=jroedel@suse.de \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
--cc=ubizjak@gmail.com \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).