From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F3AA2C4829A for ; Tue, 13 Feb 2024 13:21:56 +0000 (UTC) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4TZ26W3gk1z3vY3 for ; Wed, 14 Feb 2024 00:21:55 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=arm.com (client-ip=217.140.110.172; helo=foss.arm.com; envelope-from=ryan.roberts@arm.com; receiver=lists.ozlabs.org) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lists.ozlabs.org (Postfix) with ESMTP id 4TZ26411SSz3bsZ for ; Wed, 14 Feb 2024 00:21:31 +1100 (AEDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1C4FADA7; Tue, 13 Feb 2024 05:21:41 -0800 (PST) Received: from [10.1.36.184] (XHFQ2J9959.cambridge.arm.com [10.1.36.184]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3E9C13F762; Tue, 13 Feb 2024 05:20:56 -0800 (PST) Message-ID: Date: Tue, 13 Feb 2024 13:20:55 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v5 19/25] arm64/mm: Wire up PTE_CONT for user mappings Content-Language: en-GB To: David Hildenbrand , Mark Rutland References: <20240202080756.1453939-1-ryan.roberts@arm.com> <20240202080756.1453939-20-ryan.roberts@arm.com> <64395ae4-3a7d-45dd-8f1d-ea6b232829c5@arm.com> <41499621-482f-455b-9f68-b43ea8052557@redhat.com> <1d302d7a-50ab-4ab4-b049-75ed4a71a87d@arm.com> <99e2a92c-f2a2-4e1e-8ce2-08caae2cb7e4@redhat.com> From: Ryan Roberts In-Reply-To: <99e2a92c-f2a2-4e1e-8ce2-08caae2cb7e4@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kefeng Wang , x86@kernel.org, Catalin Marinas , Yang Shi , Dave Hansen , linux-mm@kvack.org, Andrey Ryabinin , "H. Peter Anvin" , Will Deacon , Ard Biesheuvel , Marc Zyngier , Alistair Popple , Barry Song <21cnbao@gmail.com>, Matthew Wilcox , "Aneesh Kumar K.V" , Ingo Molnar , Zi Yan , "Naveen N. Rao" , John Hubbard , Nicholas Piggin , Borislav Petkov , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, James Morse , Andrew Morton , linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On 13/02/2024 13:13, David Hildenbrand wrote: > On 13.02.24 14:06, Ryan Roberts wrote: >> On 13/02/2024 12:19, David Hildenbrand wrote: >>> On 13.02.24 13:06, Ryan Roberts wrote: >>>> On 12/02/2024 20:38, Ryan Roberts wrote: >>>>> [...] >>>>> >>>>>>>>> +static inline bool mm_is_user(struct mm_struct *mm) >>>>>>>>> +{ >>>>>>>>> +    /* >>>>>>>>> +     * Don't attempt to apply the contig bit to kernel mappings, because >>>>>>>>> +     * dynamically adding/removing the contig bit can cause page faults. >>>>>>>>> +     * These racing faults are ok for user space, since they get >>>>>>>>> serialized >>>>>>>>> +     * on the PTL. But kernel mappings can't tolerate faults. >>>>>>>>> +     */ >>>>>>>>> +    return mm != &init_mm; >>>>>>>>> +} >>>>>>>> >>>>>>>> We also have the efi_mm as a non-user mm, though I don't think we >>>>>>>> manipulate >>>>>>>> that while it is live, and I'm not sure if that needs any special handling. >>>>>>> >>>>>>> Well we never need this function in the hot (order-0 folio) path, so I >>>>>>> think I >>>>>>> could add a check for efi_mm here with performance implication. It's >>>>>>> probably >>>>>>> safest to explicitly exclude it? What do you think? >>>>>> >>>>>> Oops: This should have read "I think I could add a check for efi_mm here >>>>>> *without* performance implication" >>>>> >>>>> It turns out that efi_mm is only defined when CONFIG_EFI is enabled. I can do >>>>> this: >>>>> >>>>> return mm != &init_mm && (!IS_ENABLED(CONFIG_EFI) || mm != &efi_mm); >>>>> >>>>> Is that acceptable? This is my preference, but nothing else outside of efi >>>>> references this symbol currently. >>>>> >>>>> Or perhaps I can convince myself that its safe to treat efi_mm like userspace. >>>>> There are a couple of things that need to be garanteed for it to be safe: >>>>> >>>>>     - The PFNs of present ptes either need to have an associated struct >>>>> page or >>>>>       need to have the PTE_SPECIAL bit set (either pte_mkspecial() or >>>>>       pte_mkdevmap()) >>>>> >>>>>     - Live mappings must either be static (no changes that could cause >>>>> fold/unfold >>>>>       while live) or the system must be able to tolerate a temporary fault >>>>> >>>>> Mark suggests efi_mm is not manipulated while live, so that meets the latter >>>>> requirement, but I'm not sure about the former? >>>> >>>> I've gone through all the efi code, and conclude that, as Mark suggests, the >>>> mappings are indeed static. And additionally, the ptes are populated using only >>>> the _private_ ptep API, so there is no issue here. As just discussed with Mark, >>>> my prefereence is to not make any changes to code, and just add a comment >>>> describing why efi_mm is safe. >>>> >>>> Details: >>>> >>>> * Registered with ptdump >>>>       * ptep_get_lockless() >>>> * efi_create_mapping -> create_pgd_mapping … -> init_pte: >>>>       * __ptep_get() >>>>       * __set_pte() >>>> * efi_memattr_apply_permissions -> efi_set_mapping_permissions … -> >>>> set_permissions >>>>       * __ptep_get() >>>>       * __set_pte() >>> >>> Sound good. We could add some VM_WARN_ON if we ever get the efi_mm via the >>> "official" APIs. >> >> We could, but that would lead to the same linkage issue, which I'm trying to >> avoid in the first place: >> >> VM_WARN_ON(IS_ENABLED(CONFIG_EFI) && mm == efi_mm); >> >> This creates new source code dependencies, which I would rather avoid if >> possible. > > Just a thought, you could have a is_efi_mm() function that abstracts all that. > > diff --git a/include/linux/efi.h b/include/linux/efi.h > index c74f47711f0b..152f5fa66a2a 100644 > --- a/include/linux/efi.h > +++ b/include/linux/efi.h > @@ -692,6 +692,15 @@ extern struct efi { >   >  extern struct mm_struct efi_mm; >   > +static inline void is_efi_mm(struct mm_struct *mm) > +{ > +#ifdef CONFIG_EFI > +       return mm == &efi_mm; > +#else > +       return false; > +#endif > +} > + >  static inline int >  efi_guidcmp (efi_guid_t left, efi_guid_t right) >  { > > That would definitely work, but in that case, I might as well just check for it in mm_is_user() (and personally I would change the name to mm_is_efi()): static inline bool mm_is_user(struct mm_struct *mm) { return mm != &init_mm && !mm_is_efi(mm); } Any objections?