[RFC,01/20] mm/tlb: fix fullmm semantics

Message ID	20210131001132.3368247-2-namit@vmware.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=3kWv=HC=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CD4E764E15 From: Nadav Amit <nadav.amit@gmail.com> To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: Nadav Amit <namit@vmware.com>, Andrea Arcangeli <aarcange@redhat.com>, Andrew Morton <akpm@linux-foundation.org>, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Thomas Gleixner <tglx@linutronix.de>, Will Deacon <will@kernel.org>, Yu Zhao <yuzhao@google.com>, Nick Piggin <npiggin@gmail.com>, x86@kernel.org Subject: [RFC 01/20] mm/tlb: fix fullmm semantics Date: Sat, 30 Jan 2021 16:11:13 -0800 Message-Id: <20210131001132.3368247-2-namit@vmware.com> In-Reply-To: <20210131001132.3368247-1-namit@vmware.com> References: <20210131001132.3368247-1-namit@vmware.com> MIME-Version: 1.0 Received-SPF: none (<>: No applicable sender policy available) receiver=imf01; identity=mailfrom; envelope-from="<>"; helo=mail-pf1-f173.google.com; client-ip=209.85.210.173 Content-Transfer-Encoding: quoted-printable Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	TLB batching consolidation and enhancements \| expand [RFC,00/20] TLB batching consolidation and enhancements [RFC,01/20] mm/tlb: fix fullmm semantics [RFC,02/20] mm/mprotect: use mmu_gather [RFC,03/20] mm/mprotect: do not flush on permission promotion [RFC,04/20] mm/mapping_dirty_helpers: use mmu_gather [RFC,05/20] mm/tlb: move BATCHED_UNMAP_TLB_FLUSH to tlb.h [RFC,06/20] fs/task_mmu: use mmu_gather interface of clear-soft-dirty [RFC,07/20] mm: move x86 tlb_gen to generic code [RFC,08/20] mm: store completed TLB generation [RFC,09/20] mm: create pte/pmd_tlb_flush_pending() [RFC,10/20] mm: add pte_to_page() [RFC,11/20] mm/tlb: remove arch-specific tlb_start/end_vma() [RFC,12/20] mm/tlb: save the VMA that is flushed during tlb_start_vma() [RFC,13/20] mm/tlb: introduce tlb_start_ptes() and tlb_end_ptes() [RFC,14/20] mm: move inc/dec_tlb_flush_pending() to mmu_gather.c [RFC,15/20] mm: detect deferred TLB flushes in vma granularity [RFC,16/20] mm/tlb: per-page table generation tracking [RFC,17/20] mm/tlb: updated completed deferred TLB flush conditionally [RFC,18/20] mm: make mm_cpumask() volatile [RFC,19/20] lib/cpumask: introduce cpumask_atomic_or() [RFC,20/20] mm/rmap: avoid potential races

Nadav Amit Jan. 31, 2021, 12:11 a.m. UTC

From: Nadav Amit <namit@vmware.com>

fullmm in mmu_gather is supposed to indicate that the mm is torn-down
(e.g., on process exit) and can therefore allow certain optimizations.
However, tlb_finish_mmu() sets fullmm, when in fact it want to say that
the TLB should be fully flushed.

Change tlb_finish_mmu() to set need_flush_all and check this flag in
tlb_flush_mmu_tlbonly() when deciding whether a flush is needed.

Signed-off-by: Nadav Amit <namit@vmware.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Cc: Yu Zhao <yuzhao@google.com>
Cc: Nick Piggin <npiggin@gmail.com>
Cc: x86@kernel.org
---
 include/asm-generic/tlb.h | 2 +-
 mm/mmu_gather.c           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Andy Lutomirski Jan. 31, 2021, 1:02 a.m. UTC | #1

On Sat, Jan 30, 2021 at 4:16 PM Nadav Amit <nadav.amit@gmail.com> wrote:
>
> From: Nadav Amit <namit@vmware.com>
>
> fullmm in mmu_gather is supposed to indicate that the mm is torn-down
> (e.g., on process exit) and can therefore allow certain optimizations.
> However, tlb_finish_mmu() sets fullmm, when in fact it want to say that
> the TLB should be fully flushed.

Maybe also rename fullmm?

Nadav Amit Jan. 31, 2021, 1:19 a.m. UTC | #2

> On Jan 30, 2021, at 5:02 PM, Andy Lutomirski <luto@kernel.org> wrote:
> 
> On Sat, Jan 30, 2021 at 4:16 PM Nadav Amit <nadav.amit@gmail.com> wrote:
>> From: Nadav Amit <namit@vmware.com>
>> 
>> fullmm in mmu_gather is supposed to indicate that the mm is torn-down
>> (e.g., on process exit) and can therefore allow certain optimizations.
>> However, tlb_finish_mmu() sets fullmm, when in fact it want to say that
>> the TLB should be fully flushed.
> 
> Maybe also rename fullmm?

Possible. How about mm_torn_down?

I should have also changed the comment in tlb_finish_mmu().

Andy Lutomirski Jan. 31, 2021, 2:57 a.m. UTC | #3

On Sat, Jan 30, 2021 at 5:19 PM Nadav Amit <nadav.amit@gmail.com> wrote:
>
> > On Jan 30, 2021, at 5:02 PM, Andy Lutomirski <luto@kernel.org> wrote:
> >
> > On Sat, Jan 30, 2021 at 4:16 PM Nadav Amit <nadav.amit@gmail.com> wrote:
> >> From: Nadav Amit <namit@vmware.com>
> >>
> >> fullmm in mmu_gather is supposed to indicate that the mm is torn-down
> >> (e.g., on process exit) and can therefore allow certain optimizations.
> >> However, tlb_finish_mmu() sets fullmm, when in fact it want to say that
> >> the TLB should be fully flushed.
> >
> > Maybe also rename fullmm?
>
> Possible. How about mm_torn_down?

Sure.  Or mm_exiting, perhaps?

>
> I should have also changed the comment in tlb_finish_mmu().

Nadav Amit Feb. 1, 2021, 7:30 a.m. UTC | #4

> On Jan 30, 2021, at 6:57 PM, Andy Lutomirski <luto@kernel.org> wrote:
> 
> On Sat, Jan 30, 2021 at 5:19 PM Nadav Amit <nadav.amit@gmail.com> wrote:
>>> On Jan 30, 2021, at 5:02 PM, Andy Lutomirski <luto@kernel.org> wrote:
>>> 
>>> On Sat, Jan 30, 2021 at 4:16 PM Nadav Amit <nadav.amit@gmail.com> wrote:
>>>> From: Nadav Amit <namit@vmware.com>
>>>> 
>>>> fullmm in mmu_gather is supposed to indicate that the mm is torn-down
>>>> (e.g., on process exit) and can therefore allow certain optimizations.
>>>> However, tlb_finish_mmu() sets fullmm, when in fact it want to say that
>>>> the TLB should be fully flushed.
>>> 
>>> Maybe also rename fullmm?
>> 
>> Possible. How about mm_torn_down?
> 
> Sure.  Or mm_exiting, perhaps?

mm_exiting indeed sounds better.

Peter Zijlstra Feb. 1, 2021, 11:36 a.m. UTC | #5

https://lkml.kernel.org/r/20210127235347.1402-1-will@kernel.org

Nadav Amit Feb. 2, 2021, 9:32 a.m. UTC | #6

> On Feb 1, 2021, at 3:36 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> 
> 
> https://lkml.kernel.org/r/20210127235347.1402-1-will@kernel.org

I have seen this series, and applied my patches on it.

Despite Will’s patches, there were still inconsistencies between fullmm
and need_flush_all.

Am I missing something?

Peter Zijlstra Feb. 2, 2021, 11 a.m. UTC | #7

On Tue, Feb 02, 2021 at 01:32:36AM -0800, Nadav Amit wrote:
> > On Feb 1, 2021, at 3:36 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> > 
> > 
> > https://lkml.kernel.org/r/20210127235347.1402-1-will@kernel.org
> 
> I have seen this series, and applied my patches on it.
> 
> Despite Will’s patches, there were still inconsistencies between fullmm
> and need_flush_all.
> 
> Am I missing something?

I wasn't aware you were on top. I'll look again.

Nadav Amit Feb. 2, 2021, 9:35 p.m. UTC | #8

> On Feb 2, 2021, at 3:00 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> 
> On Tue, Feb 02, 2021 at 01:32:36AM -0800, Nadav Amit wrote:
>>> On Feb 1, 2021, at 3:36 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>>> 
>>> 
>>> https://lkml.kernel.org/r/20210127235347.1402-1-will@kernel.org
>> 
>> I have seen this series, and applied my patches on it.
>> 
>> Despite Will’s patches, there were still inconsistencies between fullmm
>> and need_flush_all.
>> 
>> Am I missing something?
> 
> I wasn't aware you were on top. I'll look again.

Looking on arm64’s tlb_flush() makes me think that there is currently a bug
that this patch fixes. Arm64’s tlb_flush() does:

       /*
        * If we're tearing down the address space then we only care about
        * invalidating the walk-cache, since the ASID allocator won't
        * reallocate our ASID without invalidating the entire TLB.
        */
       if (tlb->fullmm) {
               if (!last_level)
                       flush_tlb_mm(tlb->mm);
               return;
       } 

But currently tlb_mmu_finish() can mistakenly set fullmm incorrectly (if
mm_tlb_flush_nested() is true), which might skip the TLB flush.

Lucky for us, arm64 flushes each VMA separately (which as we discussed
separately may not be necessary), so the only PTEs that might not be flushed
are PTEs that are updated concurrently by another thread that also defer
their flushes. It therefore seems that the implications are more on the
correctness of certain syscalls (e.g., madvise(DONT_NEED)) without
implications on security or memory corruptions.

Let me know if you want me to send this patch separately with an updated
commit log for faster inclusion.

Will Deacon Feb. 3, 2021, 9:44 a.m. UTC | #9

On Tue, Feb 02, 2021 at 01:35:38PM -0800, Nadav Amit wrote:
> > On Feb 2, 2021, at 3:00 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> > 
> > On Tue, Feb 02, 2021 at 01:32:36AM -0800, Nadav Amit wrote:
> >>> On Feb 1, 2021, at 3:36 AM, Peter Zijlstra <peterz@infradead.org> wrote:
> >>> 
> >>> 
> >>> https://lkml.kernel.org/r/20210127235347.1402-1-will@kernel.org
> >> 
> >> I have seen this series, and applied my patches on it.
> >> 
> >> Despite Will’s patches, there were still inconsistencies between fullmm
> >> and need_flush_all.
> >> 
> >> Am I missing something?
> > 
> > I wasn't aware you were on top. I'll look again.
> 
> Looking on arm64’s tlb_flush() makes me think that there is currently a bug
> that this patch fixes. Arm64’s tlb_flush() does:
> 
>        /*
>         * If we're tearing down the address space then we only care about
>         * invalidating the walk-cache, since the ASID allocator won't
>         * reallocate our ASID without invalidating the entire TLB.
>         */
>        if (tlb->fullmm) {
>                if (!last_level)
>                        flush_tlb_mm(tlb->mm);
>                return;
>        } 
> 
> But currently tlb_mmu_finish() can mistakenly set fullmm incorrectly (if
> mm_tlb_flush_nested() is true), which might skip the TLB flush.

But in that case isn't 'freed_tables' set to 1, so 'last_level' will be
false and we'll do the flush in the code above?

Will

Nadav Amit Feb. 4, 2021, 3:20 a.m. UTC | #10

> On Feb 3, 2021, at 1:44 AM, Will Deacon <will@kernel.org> wrote:
> 
> On Tue, Feb 02, 2021 at 01:35:38PM -0800, Nadav Amit wrote:
>>> On Feb 2, 2021, at 3:00 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>>> 
>>> On Tue, Feb 02, 2021 at 01:32:36AM -0800, Nadav Amit wrote:
>>>>> On Feb 1, 2021, at 3:36 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>>>>> 
>>>>> 
>>>>> https://lkml.kernel.org/r/20210127235347.1402-1-will@kernel.org
>>>> 
>>>> I have seen this series, and applied my patches on it.
>>>> 
>>>> Despite Will’s patches, there were still inconsistencies between fullmm
>>>> and need_flush_all.
>>>> 
>>>> Am I missing something?
>>> 
>>> I wasn't aware you were on top. I'll look again.
>> 
>> Looking on arm64’s tlb_flush() makes me think that there is currently a bug
>> that this patch fixes. Arm64’s tlb_flush() does:
>> 
>>       /*
>>        * If we're tearing down the address space then we only care about
>>        * invalidating the walk-cache, since the ASID allocator won't
>>        * reallocate our ASID without invalidating the entire TLB.
>>        */
>>       if (tlb->fullmm) {
>>               if (!last_level)
>>                       flush_tlb_mm(tlb->mm);
>>               return;
>>       } 
>> 
>> But currently tlb_mmu_finish() can mistakenly set fullmm incorrectly (if
>> mm_tlb_flush_nested() is true), which might skip the TLB flush.
> 
> But in that case isn't 'freed_tables' set to 1, so 'last_level' will be
> false and we'll do the flush in the code above?

Indeed. You are right. So no rush.

[RFC,01/20] mm/tlb: fix fullmm semantics

Commit Message

Comments

Patch