[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs

To: Dave Hansen <dave.hansen@xxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>
From: Valentin Schneider <vschneid@xxxxxxxxxx>
Date: Wed, 26 Feb 2025 17:52:50 +0100
Cc: linux-kernel@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, virtualization@xxxxxxxxxxxxxxx, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx, loongarch@xxxxxxxxxxxxxxx, linux-riscv@xxxxxxxxxxxxxxxxxxx, linux-perf-users@xxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, rcu@xxxxxxxxxxxxxxx, linux-hardening@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, linux-kselftest@xxxxxxxxxxxxxxx, bpf@xxxxxxxxxxxxxxx, bcm-kernel-feedback-list@xxxxxxxxxxxx, Juergen Gross <jgross@xxxxxxxx>, Ajay Kaher <ajay.kaher@xxxxxxxxxxxx>, Alexey Makhalov <alexey.amakhalov@xxxxxxxxxxxx>, Russell King <linux@xxxxxxxxxxxxxxx>, Catalin Marinas <catalin.marinas@xxxxxxx>, Will Deacon <will@xxxxxxxxxx>, Huacai Chen <chenhuacai@xxxxxxxxxx>, WANG Xuerui <kernel@xxxxxxxxxx>, Paul Walmsley <paul.walmsley@xxxxxxxxxx>, Palmer Dabbelt <palmer@xxxxxxxxxxx>, Albert Ou <aou@xxxxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Namhyung Kim <namhyung@xxxxxxxxxx>, Mark Rutland <mark.rutland@xxxxxxx>, Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>, Jiri Olsa <jolsa@xxxxxxxxxx>, Ian Rogers <irogers@xxxxxxxxxx>, Adrian Hunter <adrian.hunter@xxxxxxxxx>, "Liang, Kan" <kan.liang@xxxxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>, Sean Christopherson <seanjc@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Frederic Weisbecker <frederic@xxxxxxxxxx>, "Paul E. McKenney" <paulmck@xxxxxxxxxx>, Jason Baron <jbaron@xxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Ard Biesheuvel <ardb@xxxxxxxxxx>, Neeraj Upadhyay <neeraj.upadhyay@xxxxxxxxxx>, Joel Fernandes <joel@xxxxxxxxxxxxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, Boqun Feng <boqun.feng@xxxxxxxxx>, Uladzislau Rezki <urezki@xxxxxxxxx>, Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>, Lai Jiangshan <jiangshanlai@xxxxxxxxx>, Zqiang <qiang.zhang1211@xxxxxxxxx>, Juri Lelli <juri.lelli@xxxxxxxxxx>, Clark Williams <williams@xxxxxxxxxx>, Yair Podemsky <ypodemsk@xxxxxxxxxx>, Tomas Glozar <tglozar@xxxxxxxxxx>, Vincent Guittot <vincent.guittot@xxxxxxxxxx>, Dietmar Eggemann <dietmar.eggemann@xxxxxxx>, Ben Segall <bsegall@xxxxxxxxxx>, Mel Gorman <mgorman@xxxxxxx>, Kees Cook <kees@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Christoph Hellwig <hch@xxxxxxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, Sami Tolvanen <samitolvanen@xxxxxxxxxx>, Miguel Ojeda <ojeda@xxxxxxxxxx>, Alice Ryhl <aliceryhl@xxxxxxxxxx>, "Mike Rapoport (Microsoft)" <rppt@xxxxxxxxxx>, Samuel Holland <samuel.holland@xxxxxxxxxx>, Rong Xu <xur@xxxxxxxxxx>, Nicolas Saenz Julienne <nsaenzju@xxxxxxxxxx>, Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>, Yosry Ahmed <yosryahmed@xxxxxxxxxx>, "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, "Masami Hiramatsu (Google)" <mhiramat@xxxxxxxxxx>, Jinghao Jia <jinghao7@xxxxxxxxxxxx>, Luis Chamberlain <mcgrof@xxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
Delivery-date: Wed, 26 Feb 2025 16:53:04 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 20/02/25 09:38, Dave Hansen wrote:
> On 2/20/25 09:10, Valentin Schneider wrote:
>>> The LDT and maybe the PEBS buffers are the only implicit supervisor
>>> accesses to vmalloc()'d memory that I can think of. But those are both
>>> handled specially and shouldn't ever get zapped while in use. The LDT
>>> replacement has its own IPIs separate from TLB flushing.
>>>
>>> But I'm actually not all that worried about accesses while actually
>>> running userspace. It's that "danger zone" in the kernel between entry
>>> and when the TLB might have dangerous garbage in it.
>>>
>> So say we have kPTI, thus no vmalloc() mapped in CR3 when running
>> userspace, and do a full TLB flush right before switching to userspace -
>> could the TLB still end up with vmalloc()-range-related entries when we're
>> back in the kernel and going through the danger zone?
>
> Yes, because the danger zone includes the switch back to the kernel CR3
> with vmalloc() fully mapped. All bets are off about what's in the TLB
> the moment that CR3 write occurs.
>
> Actually, you could probably use that.
>
> If a mapping is in the PTI user page table, you can't defer the flushes
> for it. Basically the same rule for text poking in the danger zone.
>
> If there's a deferred flush pending, make sure that all of the
> SWITCH_TO_KERNEL_CR3's fully flush the TLB. You'd need something similar
> to user_pcid_flush_mask.
>

Right, that's what I (roughly) had in mind...

> But, honestly, I'm still not sure this is worth all the trouble. If
> folks want to avoid IPIs for TLB flushes, there are hardware features
> that *DO* that. Just get new hardware instead of adding this complicated
> pile of software that we have to maintain forever. In 10 years, we'll
> still have this software *and* 95% of our hardware has the hardware
> feature too.

... But yeah, it pretty much circumvents arch_context_tracking_work, or at
the very least adds an early(er) flushing of the context tracking
work... Urgh.

Thank you for grounding my wild ideas into reality. I'll try to think some
more see if I see any other way out (other than "buy hardware that does
what you want and ditch the one that doesn't").

References:
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Valentin Schneider
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Jann Horn
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Valentin Schneider
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Dave Hansen
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Valentin Schneider
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Dave Hansen
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Valentin Schneider
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Dave Hansen
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Valentin Schneider
- Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
  - From: Dave Hansen

Prev by Date: Re: [PATCH] xen/page_alloc: Simplify domain_adjust_tot_pages
Next by Date: Re: [PATCH for 4.20 v2] CHANGELOG.md: Finalize changes in 4.20 release cycle
Previous by thread: Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
Next by thread: Re: [PATCH v4 29/30] x86/mm, mm/vmalloc: Defer flush_tlb_kernel_range() targeting NOHZ_FULL CPUs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.