lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 23 May 2024 22:34:35 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: "Christoph Lameter (Ampere)" <cl@...ux.com>
Cc: Yang Shi <yang@...amperecomputing.com>, will@...nel.org,
	anshuman.khandual@....com, scott@...amperecomputing.com,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [v2 PATCH] arm64: mm: force write fault for atomic RMW
 instructions

On Thu, May 23, 2024 at 12:43:34PM -0700, Christoph Lameter (Ampere) wrote:
> On Thu, 23 May 2024, Catalin Marinas wrote:
> > > > While this class includes all atomics that currently require write
> > > > permission, there's some unallocated space in this range and we don't
> > > > know what future architecture versions may introduce. Unfortunately we
> > > > need to check each individual atomic op in this class (not sure what the
> > > > overhead will be).
> > > 
> > > Can you tell us which bits or pattern is not allocated? Maybe we can exclude
> > > that from the pattern.
> > 
> > Yes, it may be easier to exclude those patterns. See the Arm ARM K.a
> > section C4.1.94.29 (page 791).
> 
> Hmmm. We could consult an exception table once the pattern matches to reduce
> the overhead.

Yeah, check the atomic class first and then go into the finer-grained
details. I think this would reduce the overhead for non-atomic
instructions.

> However, the harm done I think is acceptable even if we leave things as is.
> In the worst case we create unnecesssary write fault processing for an
> "atomic op" that does not need write access. Also: Why would it need to be
> atomic if it does not write???

I'm thinking of some conditional instruction that states no write if
condition fails. But it could be even worse if the architects decide to
reuse that unallocated space for some instructions that have nothing to
do with the atomic accesses.

It's something we need to clarify with them but I'm about to go on
holiday for a week, so I won't be able to check.

> The ultimate solution would be to change the spec so that arm processors can
> skip useless read faults.

I raised this already, waiting for feedback from the architects.

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ