lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <02cdf436-6942-89a7-98b2-bfa75ba5f301@efficios.com> Date: Fri, 11 Nov 2022 09:43:49 -0500 From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> To: John Ogness <john.ogness@...utronix.de>, Petr Mladek <pmladek@...e.com>, "Paul E. McKenney" <paulmck@...nel.org>, Frederic Weisbecker <frederic@...nel.org> Cc: Sergey Senozhatsky <senozhatsky@...omium.org>, Steven Rostedt <rostedt@...dmis.org>, Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org, Neeraj Upadhyay <quic_neeraju@...cinc.com>, Josh Triplett <josh@...htriplett.org>, Lai Jiangshan <jiangshanlai@...il.com>, Joel Fernandes <joel@...lfernandes.org>, rcu@...r.kernel.org, Jason Wessel <jason.wessel@...driver.com>, Daniel Thompson <daniel.thompson@...aro.org>, Douglas Anderson <dianders@...omium.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby <jirislaby@...nel.org>, kgdb-bugreport@...ts.sourceforge.net, linux-serial@...r.kernel.org, linux-fsdevel@...r.kernel.org, Miguel Ojeda <ojeda@...nel.org>, Richard Weinberger <richard@....at>, Anton Ivanov <anton.ivanov@...bridgegreys.com>, Johannes Berg <johannes@...solutions.net>, linux-um@...ts.infradead.org, Luis Chamberlain <mcgrof@...nel.org>, Aaron Tomlin <atomlin@...hat.com>, Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>, Geert Uytterhoeven <geert+renesas@...der.be>, Tony Lindgren <tony@...mide.com>, Lukas Wunner <lukas@...ner.de>, Geert Uytterhoeven <geert@...ux-m68k.org>, linux-m68k@...ts.linux-m68k.org, Ard Biesheuvel <ardb@...nel.org>, linux-efi@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>, Alim Akhtar <alim.akhtar@...sung.com>, linux-arm-kernel@...ts.infradead.org, linux-samsung-soc@...r.kernel.org, Michal Simek <michal.simek@...inx.com>, Peter Zijlstra <peterz@...radead.org>, Mathias Nyman <mathias.nyman@...ux.intel.com>, linux-usb@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, Helge Deller <deller@....de>, Javier Martinez Canillas <javierm@...hat.com>, Thomas Zimmermann <tzimmermann@...e.de>, Juergen Gross <jgross@...e.com>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, Tom Rix <trix@...hat.com>, linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org Subject: Re: [PATCH printk v3 00/40] reduce console_lock scope On 2022-11-07 09:15, John Ogness wrote: [...] > > The base commit for this series is from Paul McKenney's RCU tree > and provides an NMI-safe SRCU implementation [1]. Without the > NMI-safe SRCU implementation, this series is not less safe than > mainline. But we will need the NMI-safe SRCU implementation for > atomic consoles anyway, so we might as well get it in > now. Especially since it _does_ increase the reliability for > mainline in the panic path. So, your email got me to review the SRCU nmi-safe series: [1] https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git/log/?h=srcunmisafe.2022.10.21a Especially this commit: https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git/commit/?h=srcunmisafe.2022.10.21a&id=5d0f5953b60f5f7a278085b55ddc73e2932f4c33 I disagree with the overall approach taken there, which is to create yet another SRCU flavor, this time with explicit "nmi-safe" read-locks. This adds complexity to the kernel APIs and I think we can be clever about this and make SRCU nmi-safe without requiring a whole new incompatible API. You can find the basic idea needed to achieve this in the libside RCU user-space implementation. I needed to introduce a split-counter concept to support rseq vs atomics to keep track of per-cpu grace period counters. The "rseq" counter is the fast-path, but if rseq fails, the abort handler uses the atomic counter instead. https://github.com/compudj/side/blob/main/src/rcu.h#L23 struct side_rcu_percpu_count { uintptr_t begin; uintptr_t rseq_begin; uintptr_t end; uintptr_t rseq_end; } __attribute__((__aligned__(SIDE_CACHE_LINE_SIZE))); The idea is to "split" each percpu counter into two counters, one for rseq, and the other for atomics. When a grace period wants to observe the value of a percpu counter, it simply sums the two counters: https://github.com/compudj/side/blob/main/src/rcu.c#L112 The same idea can be applied to SRCU in the kernel: one counter for percpu ops, and the other counter for nmi context, so basically: srcu_read_lock() if (likely(!in_nmi())) increment the percpu-ops lock counter else increment the atomic lock counter srcu_read_unlock() if (likely(!in_nmi())) increment the percpu-ops unlock counter else increment the atomic unlock counter Then in the grace period sum the percpu-ops and the atomic values whenever each counter value is read. This would allow SRCU to be NMI-safe without requiring the callers to explicitly state whether they need to be nmi-safe or not, and would only take the overhead of the atomics in the NMI handlers rather than for all users which happen to use SRCU read locks shared with nmi handlers. Thoughts ? Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. https://www.efficios.com
Powered by blists - more mailing lists