On Wed, May 16, 2018 at 09:44:59AM -0700, Dave Hansen wrote:
> On 05/15/2018 10:21 AM, Fenghua Yu wrote:
> > On Tue, May 15, 2018 at 08:51:24AM -0700, Dave Hansen wrote:
> >> On 05/14/2018 11:52 AM, Fenghua Yu wrote:
> >>> +#define delay_ms 1
> >>
> >> That seems like a dangerously-generic name that should not be a #define
> >> anyway.
> >
> > Sure. I will change it to
> > #define split_lock_delay_ms 1
>
> Why not:
>
> static unsigned int reenable_split_lock_delay_ms = 1;
>
> ?
Sure.
>
> >>> +/* Will the faulting instruction be re-executed? */
> >>> +static bool re_execute(struct pt_regs *regs)
> >>> +{
> >>> + /*
> >>> + * The only reason for generating #AC from kernel is because of
> >>> + * split lock. The kernel faulting instruction will be re-executed.
> >>> + */
> >>> + if (!user_mode(regs))
> >>> + return true;
> >>> +
> >>> + return false;
> >>> +}
> >>
> >> This helper with a single user is a bit unnecessary. Just open-code
> >> this and move the comments into the caller.
> >
> > In this patch, this helper is only used for checking kernel mode.
> > Then in patch #11, this helper will add checking user mode code.
> > It would be better to have a helper defined and called.
>
> Then introduce the helper later, or call this out in a comment or the
> patch description, please.
Ok. I will call this out in the patch description.
>
> >>> +/*
> >>> + * #AC handler for kernel split lock is called by generic #AC handler.
> >>> + *
> >>> + * Disable #AC for split lock on this CPU so that the faulting
> >>> instruction
> >>> + * gets executed. The #AC for split lock is re-enabled later.
> >>> + */
> >>> +bool do_split_lock_exception(struct pt_regs *regs, unsigned long
> >>> error_code)
> >>> +{
> >>> + unsigned long delay = msecs_to_jiffies(delay_ms);
> >>> + unsigned long address = read_cr2(); /* Get the faulting address */
> >>> + int this_cpu = smp_processor_id();
> >>
> >> How does this end up working? This seems to depend on this handler not
> >> getting preempted.
> >
> > Maybe change the handler to:
> >
> > this_cpu = task_cpu(current);
> > Then disable split lock on this_cpu.
> > Re-enable split lock on this_cpu (already in this way).
> >
> > Does this sound better?
>
> Actually, as I look at it, interrupts *are* still disabled here, so you
> are OK. But, you can do a local_irq_enable() once you get all of the
> per-cpu state settled and go to start handling the fault if you are
> going to do anything that takes an appreciable amount of time.
Ok.
>
> >>> diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
> >>> index 03f3d7695dac..c07b817bbbe9 100644
> >>> --- a/arch/x86/kernel/traps.c
> >>> +++ b/arch/x86/kernel/traps.c
> >>> @@ -61,6 +61,7 @@
> >>> #include <asm/mpx.h>
> >>> #include <asm/vm86.h>
> >>> #include <asm/umip.h>
> >>> +#include <asm/cpu.h>
> >>>
> >>> #ifdef CONFIG_X86_64
> >>> #include <asm/x86_init.h>
> >>> @@ -286,10 +287,21 @@ static void do_error_trap(struct pt_regs *regs,
> >>> long error_code, char *str,
> >>> unsigned long trapnr, int signr)
> >>> {
> >>> siginfo_t info;
> >>> + int ret;
> >>>
> >>> RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU");
> >>>
> >>> /*
> >>> + * #AC exception could be handled by split lock handler.
> >>> + * If the handler can't handle the exception, go to generic #AC handler.
> >>> + */
> >>> + if (trapnr == X86_TRAP_AC) {
> >>> + ret = do_split_lock_exception(regs, error_code);
> >>> + if (ret)
> >>> + return;
> >>> + }
> >>
> >> Why are you hooking into do_error_trap()? Shouldn't you just be
> >> installing do_split_lock_exception() as *the* #AC handler and put it in
> >> the IDT?
> >
> > Split lock is not the only reason that causes #AC. #AC can be caused
> > by user turning on AC bit in EFLAGS, which is just cache line misalignment
> > and is different from split lock.
> >
> > So split lock is sharing the handler with another #AC case and can't
> > be installed seperately from previous #AC handler, right?
>
> There are lots of exceptions that use do_error_trap(). I'm suggesting
> that you make an IDT entry for X86_TRAP_AC that does not use
> do_error_trap() since you need something different in there now.
>
> See:
>
> > #define DO_ERROR(trapnr, signr, str, name) \
> > dotraplinkage void do_##name(struct pt_regs *regs, long error_code) \
> > { \
> > do_error_trap(regs, error_code, str, trapnr, signr); \
> > }
> >
> > DO_ERROR(X86_TRAP_DE, SIGFPE, "divide error",
> > divide_error)
> > DO_ERROR(X86_TRAP_OF, SIGSEGV, "overflow", overflow)
> > DO_ERROR(X86_TRAP_UD, SIGILL, "invalid opcode", invalid_op)
> > DO_ERROR(X86_TRAP_OLD_MF, SIGFPE, "coprocessor segment
> > overrun",coprocessor_segment_overrun)
> > DO_ERROR(X86_TRAP_TS, SIGSEGV, "invalid TSS", invalid_TSS)
> > DO_ERROR(X86_TRAP_NP, SIGBUS, "segment not present",
> > segment_not_present)
> > DO_ERROR(X86_TRAP_SS, SIGBUS, "stack segment",
> > stack_segment)
> > DO_ERROR(X86_TRAP_AC, SIGBUS, "alignment check",
> > alignment_check)
>
> Look at do_general_protection(), for instance.
Sure. I will define the #AC separately.
Thanks.
-Fenghua
