[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 25/30] context_tracking,x86: Defer kernel text patching IPIs
- To: Valentin Schneider <vschneid@xxxxxxxxxx>
- From: Sean Christopherson <seanjc@xxxxxxxxxx>
- Date: Tue, 14 Jan 2025 13:48:48 -0800
- Cc: linux-kernel@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, virtualization@xxxxxxxxxxxxxxx, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx, loongarch@xxxxxxxxxxxxxxx, linux-riscv@xxxxxxxxxxxxxxxxxxx, linux-perf-users@xxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, rcu@xxxxxxxxxxxxxxx, linux-hardening@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, linux-kselftest@xxxxxxxxxxxxxxx, bpf@xxxxxxxxxxxxxxx, bcm-kernel-feedback-list@xxxxxxxxxxxx, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Nicolas Saenz Julienne <nsaenzju@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Ajay Kaher <ajay.kaher@xxxxxxxxxxxx>, Alexey Makhalov <alexey.amakhalov@xxxxxxxxxxxx>, Russell King <linux@xxxxxxxxxxxxxxx>, Catalin Marinas <catalin.marinas@xxxxxxx>, Will Deacon <will@xxxxxxxxxx>, Huacai Chen <chenhuacai@xxxxxxxxxx>, WANG Xuerui <kernel@xxxxxxxxxx>, Paul Walmsley <paul.walmsley@xxxxxxxxxx>, Palmer Dabbelt <palmer@xxxxxxxxxxx>, Albert Ou <aou@xxxxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Namhyung Kim <namhyung@xxxxxxxxxx>, Mark Rutland <mark.rutland@xxxxxxx>, Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, Ian Rogers <irogers@xxxxxxxxxx>, Adrian Hunter <adrian.hunter@xxxxxxxxx>, Kan Liang <kan.liang@xxxxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Frederic Weisbecker <frederic@xxxxxxxxxx>, "Paul E. McKenney" <paulmck@xxxxxxxxxx>, Jason Baron <jbaron@xxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Ard Biesheuvel <ardb@xxxxxxxxxx>, Neeraj Upadhyay <neeraj.upadhyay@xxxxxxxxxx>, Joel Fernandes <joel@xxxxxxxxxxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, Boqun Feng <boqun.feng@xxxxxxxxx>, Uladzislau Rezki <urezki@xxxxxxxxx>, Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>, Lai Jiangshan <jiangshanlai@xxxxxxxxx>, Zqiang <qiang.zhang1211@xxxxxxxxx>, Juri Lelli <juri.lelli@xxxxxxxxxx>, Clark Williams <williams@xxxxxxxxxx>, Yair Podemsky <ypodemsk@xxxxxxxxxx>, Tomas Glozar <tglozar@xxxxxxxxxx>, Vincent Guittot <vincent.guittot@xxxxxxxxxx>, Dietmar Eggemann <dietmar.eggemann@xxxxxxx>, Ben Segall <bsegall@xxxxxxxxxx>, Mel Gorman <mgorman@xxxxxxx>, Kees Cook <kees@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Christoph Hellwig <hch@xxxxxxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, Sami Tolvanen <samitolvanen@xxxxxxxxxx>, Miguel Ojeda <ojeda@xxxxxxxxxx>, Alice Ryhl <aliceryhl@xxxxxxxxxx>, "Mike Rapoport (Microsoft)" <rppt@xxxxxxxxxx>, Samuel Holland <samuel.holland@xxxxxxxxxx>, Rong Xu <xur@xxxxxxxxxx>, Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>, Yosry Ahmed <yosryahmed@xxxxxxxxxx>, "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, "Masami Hiramatsu (Google)" <mhiramat@xxxxxxxxxx>, Jinghao Jia <jinghao7@xxxxxxxxxxxx>, Luis Chamberlain <mcgrof@xxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
- Delivery-date: Tue, 14 Jan 2025 21:48:55 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Jan 14, 2025, Sean Christopherson wrote:
> On Tue, Jan 14, 2025, Valentin Schneider wrote:
> > +/**
> > + * is_kernel_noinstr_text - checks if the pointer address is located in the
> > + * .noinstr section
> > + *
> > + * @addr: address to check
> > + *
> > + * Returns: true if the address is located in .noinstr, false otherwise.
> > + */
> > +static inline bool is_kernel_noinstr_text(unsigned long addr)
> > +{
> > + return addr >= (unsigned long)__noinstr_text_start &&
> > + addr < (unsigned long)__noinstr_text_end;
> > +}
>
> This doesn't do the right thing for modules, which matters because KVM can be
> built as a module on x86, and because context tracking understands transitions
> to GUEST mode, i.e. CPUs that are running in a KVM guest will be treated as
> not
> being in the kernel, and thus will have IPIs deferred. If KVM uses a static
> key
> or branch between guest_state_enter_irqoff() and guest_state_exit_irqoff(),
> the
> patching code won't wait for CPUs to exit guest mode, i.e. KVM could
> theoretically
> use the wrong static path.
>
> I don't expect this to ever cause problems in practice, because patching code
> in
> KVM's VM-Enter/VM-Exit path that has *functional* implications, while CPUs are
> actively running guest code, would be all kinds of crazy. But I do think we
> should plug the hole.
>
> If this issue is unique to KVM, i.e. is not a generic problem for all modules
> (I
> assume module code generally isn't allowed in the entry path, even via NMI?),
> one
> idea would be to let KVM register its noinstr section for text poking.
Another idea would be to track which keys/branches are tagged noinstr, i.e.
generate
the information at compile time instead of doing lookups at runtime. The
biggest
downside I can think of is that it would require plumbing in the information to
text_poke_bp_batch().
|
