lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wgUxgA-s4ZvxpcKDFfyoEmvcDr9Ydgo5W4s2hvrLHhP+g@mail.gmail.com>
Date:   Mon, 14 Oct 2019 13:38:34 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Vineet Gupta <vineetg76@...il.com>
Cc:     linux-arch <linux-arch@...r.kernel.org>,
        Arnd Bergmann <arnd@...db.de>,
        Peter Zijlstra <peterz@...radead.org>,
        "Aneesh Kumar K . V" <aneesh.kumar@...ux.ibm.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Nick Piggin <npiggin@...il.com>, Linux-MM <linux-mm@...ck.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-snps-arc@...ts.infradead.org, Will Deacon <will@...nel.org>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [RFC] asm-generic/tlb: stub out pmd_free_tlb() if __PAGETABLE_PMD_FOLDED

On Mon, Oct 14, 2019 at 12:08 PM Vineet Gupta <vineetg76@...il.com> wrote:
>
> > And yes, pmd_clear_bad() should just go away. We have
> >
> >   static inline int pmd_none_or_clear_bad(pmd_t *pmd)
> >   {
> >         if (pmd_none(*pmd))
> >                 return 1;
> >         if (unlikely(pmd_bad(*pmd))) {
> >                 pmd_clear_bad(pmd);
> >                 return 1;
> >         }
> >         return 0;
> >   }

That was a particularly bad example.

The pmd always exists, even in a 2-level setup.

It's the pgd/p4d/pud that end up containing a lower level, but
pmd_none() is never one of the fixed "doesn't exist" cases.

> > Exactly what part isn't working for you?
>
> I haven't tested that patch but I suspect even if it was broken, it would not
> necessarily show right away with a trivial test.
>
> Anyhow my worry/confusions starts at free_pgd_range() where
> pgd_none_or_clear_bad(pgd) is no-op given pgd_none()/pgd_bad() are stubs for nopmd
> case.

Right. If you have a two-level setup, then p[g4u]d_none_or_clear_bad()
should end up being no-ops.

Buit then:

> And the validation of pgd entry actually happens in pmd_none_or_clear_bad(pmd)
> since there pmd actually ends up referencing pgd entry. Hence the ensuing
> pmd_clear_bad() doesn't seem like if it could be stubbed out.

Yes, you're correct, I was just "off by one" in my levels.

Yeah, the folding is damn confusing. And it doesn't help that I think
some of the code talks about the lower level being folded into the
higher level for historical reasons, so we have those PMD_FOLDED
macros etc, which are really about pud() just going away because pmd
is folded inside the pud.

So when the pud level is compiled away, we talk about the pmd level
being folded into it, and then we get confusion (like mine above)
where you end up being off by one level, because depending on how it's
being talked about, you talk about one or the other.

And it shows in the header files too. We have "pgtable-nopmd.h", which
then defines the page table accessors not for the pmd level, but for
the pud level.

Which is why I then spout nonsense like the above about pmd_none() -
because I was thinking of the nopmd case, but that makes the
p*u*d_none() be always 0, not p*m*d_none().

So we have this whole "off-by-one" error in our naming and thus our
thinking, and it's really easy to just get really confused about it.

We should probably get rid of the whole "PMD_FOLDED" logic, and
instead talk about "no PUD level".

It actually shows in our types too. We do this:

   typedef struct { pud_t pud; } pmd_t;
   #define PTRS_PER_PMD    1

because some of the code thinks of the pmd as containing the pud.

But it would probably be better to do it the other way around, and
just consistently think of it as "pud level doesn't exist, the pud
level just contains a pmd" instead.

So we have these really odd "somethimes we think of pmd as part of a
pud entry" vs "sometimes we think of pud as just containing a single
pmd".

And I think that latter model is the better mental model, but then we
should have

   typedef struct { pmd_t pud; } pud_t;
   #define PTRS_PER_PUD    1

instead, and we'd get

   static inline pmd_t * pmd_offset(pud_t * pud, unsigned long address)
   { return &pud->pmd; }

and that would make more sense, wouldn't it?

But trying to fix our odd "we seem to think about it wrong" model
would likely be too painful to be realistic., It would involve
renaming

  nop4d.h -> nopgd.h
  nopud.h -> nop4d.h
  nopmd.h -> nopud.h

and turning those types around (so we'd have those

   typedef struct { p4d_t p4d; } pgd_t;
   typedef struct { pud_t pud; | p4d_t;
   typedef struct { pmd_t pmd; } pud_t;

for no-pgd/no-p4d/no-pud respectively.

So then a 2-level machine would only define the pmd and pte levels,
and be done with it, because the upper levels would be defined in
terms of those.

But that's not what we do, and we mix up levels in odd and confusing ways.

And now I've said pgd/pud/p4d/pmd so many times that I've confused
myself and think I'm wrong again, and I think that historically -
originally - we always had a pgd, and then the pmd didn't exist
because it was folded into it. That makes sense from a x86 naming
standpoint. Then x86 _did_ get a pmd, and then we added more levels in
between, and other architectures did things differently.

So I think the confusion is historical, and is because we've switched
between thinking that the the lower level that doesn't exist, but is
embedded in the upper level, and slowly converted to "it's the upper
level that doesn't exist, and just contains the lower level"

The point stands: it's confusing, and we should probably pick one
model, and the model we pick should likely be "this level doesn't
exist, and just wraps the lower level", so it *should* be "no pgd"/"no
p4d"/"no pud".

            Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ