From: Thomas Gleixner <tglx@linutronix.de>
To: Borislav Petkov <bp@alien8.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
x86@kernel.org, Filipe Manana <fdmanana@suse.com>
Subject: Re: [patch 3/3] x86/fpu: Make FPU protection more robust
Date: Mon, 02 May 2022 17:58:40 +0200 [thread overview]
Message-ID: <87k0b4lydr.ffs@tglx> (raw)
In-Reply-To: <Ym/sHqKqmLOJubgE@zn.tnic>
On Mon, May 02 2022 at 16:35, Borislav Petkov wrote:
> On Sun, May 01, 2022 at 09:31:47PM +0200, Thomas Gleixner wrote:
>> /**
>> + * fpregs_lock - Lock FPU state for maintenance operations
>
> "maintenance"?
I meant maintenance of user thread FPU state. Let me rephrase.
>> + *
>> + * This protects against preemption, soft interrupts and in-kernel FPU
>> + * usage on both !RT and RT enabled kernels.
>> + *
>> + * !RT kernels use local_bh_disable() to prevent soft interrupt processing
>> + * and preemption.
>> + *
>> + * On RT kernels local_bh_disable() is not sufficient because it only
>> + * serializes soft interrupt related sections via a local lock, but stays
>> + * preemptible. Disabling preemption is the right choice here as bottom
>> + * half processing is always in thread context on RT kernels so it
>> + * implicitly prevents bottom half processing as well.
>> + */
>> +void fpregs_lock(void)
>> +{
>> + if (!IS_ENABLED(CONFIG_PREEMPT_RT))
>> + local_bh_disable();
>> + else
>> + preempt_disable();
>
> So I'm wondering: can we get rid of this distinction and simply do
> preempt_disable()?
>
> Or can FPU be used in softirq processing too so we want to block that
> there?
Yes, FPU can be used legitimately in softirq processing context.
> But even if, fpu_in_use will already state that fact...
Right, though currently it's guaranteed that softirq processing context
can use the FPU. Quite some of the network crypto work runs in softirq
context, so this might cause a regression. If so, then this needs to be
an explicit commit on top which is easy to revert. Let me stare at it
some more.
>> @@ -410,10 +433,9 @@ void kernel_fpu_begin_mask(unsigned int
>> {
>> preempt_disable();
>>
>> - WARN_ON_FPU(!kernel_fpu_usable());
>> - WARN_ON_FPU(this_cpu_read(in_kernel_fpu));
>> + WARN_ON_ONCE(!kernel_fpu_usable());
>>
>> - this_cpu_write(in_kernel_fpu, true);
>> + this_cpu_write(fpu_in_use, true);
>
> This starts to look awfully similar to fpregs_lock()...
Similar, but not identical and we cannot use fpregs_lock() here as we
don't want to have local_bh_disable() when in hard interrupt context.
>> if (!(current->flags & PF_KTHREAD) &&
>> !test_thread_flag(TIF_NEED_FPU_LOAD)) {
>> @@ -433,9 +455,9 @@ EXPORT_SYMBOL_GPL(kernel_fpu_begin_mask)
>>
>> void kernel_fpu_end(void)
>> {
>> - WARN_ON_FPU(!this_cpu_read(in_kernel_fpu));
>> + WARN_ON_ONCE(!this_cpu_read(fpu_in_use));
>>
>> - this_cpu_write(in_kernel_fpu, false);
>> + this_cpu_write(fpu_in_use, false);
>> preempt_enable();
>
> ... and this to fpregs_unlock().
>
> Can we use those here too instead of open-coding them mostly?
Not really, unless we drop the use FPU in softirq processing context
guarantee. See above.
Let me think about it.
Thanks,
tglx
next prev parent reply other threads:[~2022-05-02 15:58 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-01 19:31 [patch 0/3] x86/fpu: Prevent FPU state corruption Thomas Gleixner
2022-05-01 19:31 ` [patch 1/3] " Thomas Gleixner
2022-05-02 13:16 ` Borislav Petkov
2022-05-05 0:42 ` [tip: x86/urgent] " tip-bot2 for Thomas Gleixner
2022-05-01 19:31 ` [patch 2/3] x86/fpu: Rename irq_fpu_usable() Thomas Gleixner
2022-05-02 13:57 ` Borislav Petkov
2022-05-01 19:31 ` [patch 3/3] x86/fpu: Make FPU protection more robust Thomas Gleixner
2022-05-02 14:35 ` Borislav Petkov
2022-05-02 15:58 ` Thomas Gleixner [this message]
2022-05-03 9:06 ` Peter Zijlstra
2022-05-04 15:36 ` Thomas Gleixner
2022-05-04 15:55 ` Jason A. Donenfeld
2022-05-04 16:45 ` Thomas Gleixner
2022-05-04 19:05 ` Jason A. Donenfeld
2022-05-04 21:04 ` Thomas Gleixner
2022-05-04 23:52 ` Jason A. Donenfeld
2022-05-05 0:55 ` Thomas Gleixner
2022-05-05 1:11 ` Jason A. Donenfeld
2022-05-05 1:21 ` Thomas Gleixner
2022-05-05 11:02 ` Jason A. Donenfeld
2022-05-05 11:34 ` David Laight
2022-05-05 11:35 ` Jason A. Donenfeld
2022-05-05 11:53 ` David Laight
2022-05-06 22:34 ` Jason A. Donenfeld
2022-05-07 13:50 ` David Laight
2022-05-05 13:48 ` Jason A. Donenfeld
2022-05-06 22:15 ` Jason A. Donenfeld
2022-05-03 9:03 ` Peter Zijlstra
2022-05-02 10:02 ` [patch 0/3] x86/fpu: Prevent FPU state corruption Filipe Manana
2022-05-02 12:22 ` Borislav Petkov
2022-05-04 15:40 ` Jason A. Donenfeld
2022-05-04 18:05 ` Thomas Gleixner
2022-05-18 1:02 ` Jason A. Donenfeld
2022-05-18 11:14 ` Jason A. Donenfeld
2022-05-18 11:18 ` Jason A. Donenfeld
2022-05-18 13:09 ` Thomas Gleixner
2022-05-18 14:08 ` Jason A. Donenfeld
2022-05-25 20:36 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k0b4lydr.ffs@tglx \
--to=tglx@linutronix.de \
--cc=bp@alien8.de \
--cc=fdmanana@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox