lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 19 May 2020 17:26:58 -0700
From:   Andy Lutomirski <>
To:     Thomas Gleixner <>
Cc:     Andy Lutomirski <>,
        LKML <>, X86 ML <>,
        "Paul E. McKenney" <>,
        Alexandre Chartre <>,
        Frederic Weisbecker <>,
        Paolo Bonzini <>,
        Sean Christopherson <>,
        Masami Hiramatsu <>,
        Petr Mladek <>,
        Steven Rostedt <>,
        Joel Fernandes <>,
        Boris Ostrovsky <>,
        Juergen Gross <>,
        Brian Gerst <>,
        Mathieu Desnoyers <>,
        Josh Poimboeuf <>,
        Will Deacon <>,
        Tom Lendacky <>,
        Wei Liu <>,
        Michael Kelley <>,
        Jason Chen CJ <>,
        Zhao Yakui <>,
        "Peter Zijlstra (Intel)" <>
Subject: Re: [patch V6 12/37] x86/entry: Provide idtentry_entry/exit_cond_rcu()

On Tue, May 19, 2020 at 2:20 PM Thomas Gleixner <> wrote:
> Andy Lutomirski <> writes:
> > On Tue, May 19, 2020 at 1:20 PM Thomas Gleixner <> wrote:
> >> Thomas Gleixner <> writes:
> >> It's about this:
> >>
> >> rcu_nmi_enter()
> >> {
> >>         if (!rcu_is_watching()) {
> >>             make it watch;
> >>         } else if (!in_nmi()) {
> >>             do_magic_nohz_dyntick_muck();
> >>         }
> >>
> >> So if we do all irq/system vector entries conditional then the
> >> do_magic() gets never executed. After that I got lost...
> >
> > I'm also baffled by that magic, but I'm also not suggesting doing this
> > to *all* entries -- just the not-super-magic ones that use
> > idtentry_enter().
> >
> > Paul, what is this code actually trying to do?
> Citing Paul from IRC:
>   "The way things are right now, you can leave out the rcu_irq_enter()
>    if this is not a nohz_full CPU.
>    Or if this is a nohz_full CPU, and the tick is already
>    enabled, in that case you could also leave out the rcu_irq_enter().
>    Or even if this is a nohz_full CPU and it does not have the tick
>    enabled, if it has been in the kernel less than a few tens of
>    milliseconds, still OK to avoid invoking rcu_irq_enter()
>    But my guess is that it would be a lot simpler to just always call
>    it.
> Hope that helps.


Unless I've missed something, the effect here is that #PF hitting in
an RCU-watching context will skip rcu_irq_enter(), whereas all IRQs
(because you converted them) as well as other faults and traps will
call rcu_irq_enter().

Once upon a time, we did this horrible thing where, on entry from user
mode, we would turn on interrupts while still in CONTEXT_USER, which
means we could get an IRQ in an extended quiescent state.  This means
that the IRQ code had to end the EQS so that IRQ handlers could use
RCU.  But I killed this a few years ago -- x86 Linux now has a rule
that, if IF=1, we are *not* in an EQS with the sole exception of the
idle code.

In my dream world, we would never ever get IRQs while in an EQS -- we
would do MWAIT with IF=0 and we would exit the EQS before taking the
interrupt.  But I guess we still need to support HLT, which means we
have this mess.

But I still think we can plausibly get rid of the conditional.  If we
get an IRQ or (egads!) a fault in idle context, we'll have
!__rcu_is_watching(), but, AFAICT, we also have preemption off.  So it
should be okay to do rcu_irq_enter().  OTOH, if we get an IRQ or a
fault anywhere else, then we either have a severe bug in the RCU code
itself and the RCU code faulted (in which case we get what we deserve)
or RCU is watching and all is well.  This means that the rule will be
that, if preemption is on, it's fine to schedule inside an
idtentry_begin()/idtentry_end() pair.

The remaining bit is just the urgent thing, and I don't understand
what's going on.  Paul, could we split out the urgent logic all by
itself so that the IRQ handlers could do rcu_poke_urgent()?  Or am I
entirely misunderstanding its purpose?

Powered by blists - more mailing lists