lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <877cmspr6i.fsf@oracle.com>
Date:   Wed, 08 Nov 2023 00:47:33 -0800
From:   Ankur Arora <ankur.a.arora@...cle.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Ankur Arora <ankur.a.arora@...cle.com>,
        linux-kernel@...r.kernel.org, tglx@...utronix.de,
        peterz@...radead.org, torvalds@...ux-foundation.org,
        paulmck@...nel.org, linux-mm@...ck.org, x86@...nel.org,
        akpm@...ux-foundation.org, luto@...nel.org, bp@...en8.de,
        dave.hansen@...ux.intel.com, hpa@...or.com, mingo@...hat.com,
        juri.lelli@...hat.com, vincent.guittot@...aro.org,
        willy@...radead.org, mgorman@...e.de, jon.grimm@....com,
        bharata@....com, raghavendra.kt@....com,
        boris.ostrovsky@...cle.com, konrad.wilk@...cle.com,
        jgross@...e.com, andrew.cooper3@...rix.com, mingo@...nel.org,
        bristot@...nel.org, mathieu.desnoyers@...icios.com,
        geert@...ux-m68k.org, glaubitz@...sik.fu-berlin.de,
        anton.ivanov@...bridgegreys.com, mattst88@...il.com,
        krypton@...ich-teichert.org, David.Laight@...LAB.COM,
        richard@....at, mjguzik@...il.com, geert@...ux-m68k.org
Subject: Re: [RFC PATCH 45/86] preempt: ARCH_NO_PREEMPT only preempts lazily


Steven Rostedt <rostedt@...dmis.org> writes:

> On Tue,  7 Nov 2023 13:57:31 -0800
> Ankur Arora <ankur.a.arora@...cle.com> wrote:
>
>> Note: this commit is badly broken. Only here for discussion.
>>
>> Configurations with ARCH_NO_PREEMPT support preempt_count, but might
>> not be tested well enough under PREEMPTION to support it might not
>> be demarcating the necessary non-preemptible sections.
>>
>> One way to handle this is by limiting them to PREEMPT_NONE mode, not
>> doing any tick enforcement and limiting preemption to happen only at
>> user boundary.
>>
>> Unfortunately, this is only a partial solution because eager
>> rescheduling could still happen (say, due to RCU wanting an
>> expedited quiescent period.) And, because we do not trust the
>> preempt_count accounting, this would mean preemption inside an
>> unmarked critical section.
>
> Is preempt_count accounting really not trust worthy?

I think the concern was that we might not be marking all the sections
that might be non-preemptible.

Plus, given that these archs have always been !preemption, it is
unlikely that they would work without changes. I think basically we
don't have a clue if they work or not since haven't ever been tested.

> That is, if we preempt at preempt_count() going to zero but nowhere else,
> would that work? At least it would create some places that can be resched.

I'm not sure we can be sure. I can imagine places where it should be
preempt_disable() ; spin_lock() ; ... ; spin_unlock(); preempt_enable()
but the preempt_disable/_enable() are MIA.

I think even so it is a pretty good idea. We could decompose
ARCH_NO_PREEMPT into ARCH_NO_PREEMPT_COUNT and ARCH_NO_PREEMPT_IRQ.

And, as you imply, PREEMPTION (or rather PREEMPT_COUNT) only depends
on ARCH_NO_PREEMPT_COUNT, not the ARCH_NO_PREEMPT_IRQ.

And this change might make the task of fixing this simpler since you
would only have to worry about neighborhood and paths leading to
preempt_enable().

 void irqentry_exit_cond_resched(void)
 {
-       if (!preempt_count()) {
+       if (IS_DISABLED(CONFIG_ARCH_NO_PREEMPT_IRQ) && !preempt_count()) {
                /* Sanity check RCU and thread stack */
                rcu_irq_exit_check_preempt();


Geert, if you think it might help I can send out a patch.

> What's the broken part of these archs? The assembly?

Not sure anyone knows. But, assuming m68k is representative of the other
three ARCH_NO_PREEMPT ones (might be better placed, because COLDFIRE m68k
already supports preemption) the patches Geert had sent out add:

 - preempt_enable/_disable() pairs to the cache/tlb flush logic
 - a need-resched check and call to preempt_schedule_irq() in the
   exception return path.

m68k support: https://lore.kernel.org/all/7858a184cda66e0991fd295c711dfed7e4d1248c.1696603287.git.geert@linux-m68k.org/#t

(The series itself ran into an mmput() bug which might or might not
have anything to do with preemption.)

> If that's the case, as
> long as the generic code has the preempt_count() I would think that would
> be trust worthy. I'm also guessing that in_irq() and friends are still
> reliable.

True.

--
ankur

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ