Message ID | 20230103033531.2011112-4-guoren@kernel.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp4422466wrt; Mon, 2 Jan 2023 19:38:52 -0800 (PST) X-Google-Smtp-Source: AMrXdXtx1jffCoeJz62kM5AL3dvI1xF9ytjcmKPdTIglEikundvtxjbFv8Ehvw0V6MenxO4sMTDb X-Received: by 2002:a17:906:3084:b0:7c1:23f2:c052 with SMTP id 4-20020a170906308400b007c123f2c052mr38431368ejv.45.1672717132705; Mon, 02 Jan 2023 19:38:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672717132; cv=none; d=google.com; s=arc-20160816; b=J2mtYg7kE7iqBzAXzQC2/Io1DPk48sqMftPSoZ7+mr1IOhn0KjASpN5ddkk/Mj8rBa XA54OioRiCtLsUAUyJlALspIIehr3pyKhNzZtXJ7u3UY+Tx+7MGZEae2xC4LIQ8OExNK IMJAv90qRDJRuE8abM7hD5llmwyI2tH01rpRWnQs8AMPQJS+Yz4eScNR1ZBSXBSKEyed CP3xr86VEM8uqFHystu9jeVzLrWyNMX7/yIkhEwvawNUl72dUkvGJNnybHEooVENFvH6 1Y7QERO8i5llWYlhXzOckkaHk3XLEiEAzBLApfp9YL/KYBDKcpWAAOYeEsccXrJ8v3pL gZwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7Xuzm7XNnIgJqm1vx0n+S+dXsO6Cb5+RA3/V9XvE+Qk=; b=FSSnoTaSXq+6vcy5pjYO919nfETM0q8V17YyxvB40r0qGQ4ni0EhjSkTs7+fhOPApl HlOCNuNwpWkpzjfSx7Bjf+toGhiweoUDojN7noSTALjDpp5YLzjYRV6zI8vwuj/VhK5d +0XWpI4+zg1TsaAkIq4+UaN4qDEk7JZAMaeGtR7c/VPCRiO3/IrEBIH2telMIaZDyCG6 FK8PrtT1kekH6UtLISx7zAMdlu6DTfhFu9eExyHVRryzQEswvz1vkGLgu6avEqCIkXmT 9Ef1TZQE+9loD5EGu28jx6E2mue70nSEmfbHt+tsFhx7V50x5kYZjKZnrx2DutN+4b1t y1aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iIEdauUv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hr33-20020a1709073fa100b0078df1c345e4si28949967ejc.518.2023.01.02.19.38.28; Mon, 02 Jan 2023 19:38:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iIEdauUv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236693AbjACDgx (ORCPT <rfc822;tmhikaru@gmail.com> + 99 others); Mon, 2 Jan 2023 22:36:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236673AbjACDgp (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 2 Jan 2023 22:36:45 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1538B6250; Mon, 2 Jan 2023 19:36:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B98D5B80E22; Tue, 3 Jan 2023 03:36:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9F84DC433F1; Tue, 3 Jan 2023 03:36:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672716980; bh=p9uq1dT3wqHk1xwCR4oP6vwWJJjGc4TOe40BN/kAFJo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iIEdauUv4ZuWQxs6BqjDjuZTYGqDotkCgBvMIIYCpqNEAiR5eweo2AuvH5T32fF8Q 8yr60qQHY4hNVv1MO7rKlv01n++UkVAjI1Sd5Az+e3yDk5H3Sb3WS17Euv3vbE5u5E +yU9WPAX4XUEXVwmAl6/0mpOaCFAsOFdIqGw6Td+vAFsptPtPviMyoG8B8gURPItFo Kmm1JUfcpCeSABsept4gRbY9pFDSBl4S9P53Gm02B7pe0qGwREtjeThNK5Jauv/iGj v3UFX0MvP/xso6zckdgSVTb3aEPFuXP0KDczviT9XGec9dxqFT/4Z4AQfHio+WjXAA MmMqzUm1rOizA== From: guoren@kernel.org To: arnd@arndb.de, guoren@kernel.org, palmer@rivosinc.com, tglx@linutronix.de, peterz@infradead.org, luto@kernel.org, conor.dooley@microchip.com, heiko@sntech.de, jszhang@kernel.org, lazyparser@gmail.com, falcon@tinylab.org, chenhuacai@kernel.org, apatel@ventanamicro.com, atishp@atishpatra.org, mark.rutland@arm.com, ben@decadent.org.uk, bjorn@kernel.org Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Guo Ren <guoren@linux.alibaba.com>, =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn@rivosinc.com> Subject: [PATCH -next V12 3/7] riscv: entry: Add noinstr to prevent instrumentation inserted Date: Mon, 2 Jan 2023 22:35:27 -0500 Message-Id: <20230103033531.2011112-4-guoren@kernel.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20230103033531.2011112-1-guoren@kernel.org> References: <20230103033531.2011112-1-guoren@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1753971039742943218?= X-GMAIL-MSGID: =?utf-8?q?1753971039742943218?= |
Series |
riscv: Add GENERIC_ENTRY support
|
|
Commit Message
Guo Ren
Jan. 3, 2023, 3:35 a.m. UTC
From: Guo Ren <guoren@linux.alibaba.com> Without noinstr the compiler is free to insert instrumentation (think all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not yet ready to run this early in the entry path, for instance it could rely on RCU which isn't on yet, or expect lockdep state. (by peterz) Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/ Reviewed-by: Björn Töpel <bjorn@rivosinc.com> Suggested-by: Peter Zijlstra <peterz@infradead.org> Tested-by: Jisheng Zhang <jszhang@kernel.org> Signed-off-by: Guo Ren <guoren@linux.alibaba.com> Signed-off-by: Guo Ren <guoren@kernel.org> --- arch/riscv/kernel/traps.c | 4 ++-- arch/riscv/mm/fault.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)
Comments
Hi Guo, On 1/3/23 04:35, guoren@kernel.org wrote: > From: Guo Ren <guoren@linux.alibaba.com> > > Without noinstr the compiler is free to insert instrumentation (think > all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not > yet ready to run this early in the entry path, for instance it could > rely on RCU which isn't on yet, or expect lockdep state. (by peterz) > > Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/ > Reviewed-by: Björn Töpel <bjorn@rivosinc.com> > Suggested-by: Peter Zijlstra <peterz@infradead.org> > Tested-by: Jisheng Zhang <jszhang@kernel.org> > Signed-off-by: Guo Ren <guoren@linux.alibaba.com> > Signed-off-by: Guo Ren <guoren@kernel.org> > --- > arch/riscv/kernel/traps.c | 4 ++-- > arch/riscv/mm/fault.c | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c > index 549bde5c970a..96ec76c54ff2 100644 > --- a/arch/riscv/kernel/traps.c > +++ b/arch/riscv/kernel/traps.c > @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, > } > > #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE) > -#define __trap_section __section(".xip.traps") > +#define __trap_section __noinstr_section(".xip.traps") > #else > -#define __trap_section > +#define __trap_section noinstr > #endif > #define DO_ERROR_INFO(name, signo, code, str) \ > asmlinkage __visible __trap_section void name(struct pt_regs *regs) \ > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > index d86f7cebd4a7..b26f68eac61c 100644 > --- a/arch/riscv/mm/fault.c > +++ b/arch/riscv/mm/fault.c > @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma) > * This routine handles page faults. It determines the address and the > * problem, and then passes it off to one of the appropriate routines. > */ > -asmlinkage void do_page_fault(struct pt_regs *regs) > +asmlinkage void noinstr do_page_fault(struct pt_regs *regs) (I dug the archive but can't find the series before v4, so sorry if it was already answered) I think we should not disable the instrumentation of those trap handlers as at least profiling them with ftrace would provide valuable information (and gcov would be nice too): why do we need to do that? A trap very early in the boot process is not recoverable anyway. And I took a look at other architectures, none of them disables the instrumentation on do_page_fault. > { > struct task_struct *tsk; > struct vm_area_struct *vma;
On Tue, Jan 3, 2023 at 5:12 PM Alexandre Ghiti <alex@ghiti.fr> wrote: > > Hi Guo, > > On 1/3/23 04:35, guoren@kernel.org wrote: > > From: Guo Ren <guoren@linux.alibaba.com> > > > > Without noinstr the compiler is free to insert instrumentation (think > > all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not > > yet ready to run this early in the entry path, for instance it could > > rely on RCU which isn't on yet, or expect lockdep state. (by peterz) > > > > Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/ > > Reviewed-by: Björn Töpel <bjorn@rivosinc.com> > > Suggested-by: Peter Zijlstra <peterz@infradead.org> > > Tested-by: Jisheng Zhang <jszhang@kernel.org> > > Signed-off-by: Guo Ren <guoren@linux.alibaba.com> > > Signed-off-by: Guo Ren <guoren@kernel.org> > > --- > > arch/riscv/kernel/traps.c | 4 ++-- > > arch/riscv/mm/fault.c | 2 +- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c > > index 549bde5c970a..96ec76c54ff2 100644 > > --- a/arch/riscv/kernel/traps.c > > +++ b/arch/riscv/kernel/traps.c > > @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, > > } > > > > #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE) > > -#define __trap_section __section(".xip.traps") > > +#define __trap_section __noinstr_section(".xip.traps") > > #else > > -#define __trap_section > > +#define __trap_section noinstr > > #endif > > #define DO_ERROR_INFO(name, signo, code, str) \ > > asmlinkage __visible __trap_section void name(struct pt_regs *regs) \ > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > > index d86f7cebd4a7..b26f68eac61c 100644 > > --- a/arch/riscv/mm/fault.c > > +++ b/arch/riscv/mm/fault.c > > @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma) > > * This routine handles page faults. It determines the address and the > > * problem, and then passes it off to one of the appropriate routines. > > */ > > -asmlinkage void do_page_fault(struct pt_regs *regs) > > +asmlinkage void noinstr do_page_fault(struct pt_regs *regs) > > > (I dug the archive but can't find the series before v4, so sorry if it > was already answered) > > I think we should not disable the instrumentation of those trap handlers > as at least profiling them with ftrace would provide valuable > information (and gcov would be nice too): why do we need to do that? A > trap very early in the boot process is not recoverable anyway. Everything that calls irqentry_enter() should be noinstr, and this patch prepares for the next generic_entry convert. eg: asmlinkage void noinstr do_page_fault(struct pt_regs *regs) { irqentry_state_t state = irqentry_enter(regs); __do_page_fault(regs); local_irq_disable(); irqentry_exit(regs, state); } NOKPROBE_SYMBOL(do_page_fault); You still could profile __do_page_fault. > > And I took a look at other architectures, none of them disables the > instrumentation on do_page_fault. That's not true, have a look at power & arm64. All of them have some limitations at the entry of page_fault. > > > > { > > struct task_struct *tsk; > > struct vm_area_struct *vma;
On Mon, Jan 02, 2023 at 10:35:27PM -0500, guoren@kernel.org wrote: > From: Guo Ren <guoren@linux.alibaba.com> > > Without noinstr the compiler is free to insert instrumentation (think > all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not > yet ready to run this early in the entry path, for instance it could > rely on RCU which isn't on yet, or expect lockdep state. (by peterz) That's generally true, and makes sense to me, but .... > Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/ > Reviewed-by: Björn Töpel <bjorn@rivosinc.com> > Suggested-by: Peter Zijlstra <peterz@infradead.org> > Tested-by: Jisheng Zhang <jszhang@kernel.org> > Signed-off-by: Guo Ren <guoren@linux.alibaba.com> > Signed-off-by: Guo Ren <guoren@kernel.org> > --- > arch/riscv/kernel/traps.c | 4 ++-- > arch/riscv/mm/fault.c | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c > index 549bde5c970a..96ec76c54ff2 100644 > --- a/arch/riscv/kernel/traps.c > +++ b/arch/riscv/kernel/traps.c > @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, > } > > #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE) > -#define __trap_section __section(".xip.traps") > +#define __trap_section __noinstr_section(".xip.traps") > #else > -#define __trap_section > +#define __trap_section noinstr > #endif > #define DO_ERROR_INFO(name, signo, code, str) \ > asmlinkage __visible __trap_section void name(struct pt_regs *regs) \ > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > index d86f7cebd4a7..b26f68eac61c 100644 > --- a/arch/riscv/mm/fault.c > +++ b/arch/riscv/mm/fault.c > @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma) > * This routine handles page faults. It determines the address and the > * problem, and then passes it off to one of the appropriate routines. > */ > -asmlinkage void do_page_fault(struct pt_regs *regs) > +asmlinkage void noinstr do_page_fault(struct pt_regs *regs) ... why do you need that for do_page_fault? That doesn't (currently) do any entry/exit logic, so this seems unnecessary per the commit description. Thanks, Mark. > { > struct task_struct *tsk; > struct vm_area_struct *vma; > -- > 2.36.1 >
On Wed, Jan 04, 2023 at 09:40:38AM +0800, Guo Ren wrote: > On Tue, Jan 3, 2023 at 5:12 PM Alexandre Ghiti <alex@ghiti.fr> wrote: > > > > Hi Guo, > > > > On 1/3/23 04:35, guoren@kernel.org wrote: > > > From: Guo Ren <guoren@linux.alibaba.com> > > > > > > Without noinstr the compiler is free to insert instrumentation (think > > > all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not > > > yet ready to run this early in the entry path, for instance it could > > > rely on RCU which isn't on yet, or expect lockdep state. (by peterz) > > > > > > Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/ > > > Reviewed-by: Björn Töpel <bjorn@rivosinc.com> > > > Suggested-by: Peter Zijlstra <peterz@infradead.org> > > > Tested-by: Jisheng Zhang <jszhang@kernel.org> > > > Signed-off-by: Guo Ren <guoren@linux.alibaba.com> > > > Signed-off-by: Guo Ren <guoren@kernel.org> > > > --- > > > arch/riscv/kernel/traps.c | 4 ++-- > > > arch/riscv/mm/fault.c | 2 +- > > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > > > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c > > > index 549bde5c970a..96ec76c54ff2 100644 > > > --- a/arch/riscv/kernel/traps.c > > > +++ b/arch/riscv/kernel/traps.c > > > @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, > > > } > > > > > > #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE) > > > -#define __trap_section __section(".xip.traps") > > > +#define __trap_section __noinstr_section(".xip.traps") > > > #else > > > -#define __trap_section > > > +#define __trap_section noinstr > > > #endif > > > #define DO_ERROR_INFO(name, signo, code, str) \ > > > asmlinkage __visible __trap_section void name(struct pt_regs *regs) \ > > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > > > index d86f7cebd4a7..b26f68eac61c 100644 > > > --- a/arch/riscv/mm/fault.c > > > +++ b/arch/riscv/mm/fault.c > > > @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma) > > > * This routine handles page faults. It determines the address and the > > > * problem, and then passes it off to one of the appropriate routines. > > > */ > > > -asmlinkage void do_page_fault(struct pt_regs *regs) > > > +asmlinkage void noinstr do_page_fault(struct pt_regs *regs) > > > > > > (I dug the archive but can't find the series before v4, so sorry if it > > was already answered) > > > > I think we should not disable the instrumentation of those trap handlers > > as at least profiling them with ftrace would provide valuable > > information (and gcov would be nice too): why do we need to do that? A > > trap very early in the boot process is not recoverable anyway. > Everything that calls irqentry_enter() should be noinstr, and this > patch prepares for the next generic_entry convert. > > eg: > asmlinkage void noinstr do_page_fault(struct pt_regs *regs) > { > irqentry_state_t state = irqentry_enter(regs); > > __do_page_fault(regs); > > local_irq_disable(); > > irqentry_exit(regs, state); > } > NOKPROBE_SYMBOL(do_page_fault); > > You still could profile __do_page_fault. > > > > > And I took a look at other architectures, none of them disables the > > instrumentation on do_page_fault. > That's not true, have a look at power & arm64. All of them have some > limitations at the entry of page_fault. Well, arm64's can't be kprobed, but is *can* be traced with ftrace, and *can* be instrumented with KASAN and friends. I'm not sure that we actually need to inhibit kprobes for do_page_fault, and we might be able to relax that. As a general thing, we've tried to centralize all the necesarily-noinstr bits in arch/arm64/kernel/entry-common.c, and keep everything else as instrumentable as possible. I'd recommend doing similar, and have a central file for any entry bits which can't live in the generic entry code, and keep the rest instrumentable. That will make it easier to maintain and verify. Thanks, Mark.
On Wed, Jan 4, 2023 at 8:03 PM Mark Rutland <mark.rutland@arm.com> wrote: > > On Wed, Jan 04, 2023 at 09:40:38AM +0800, Guo Ren wrote: > > On Tue, Jan 3, 2023 at 5:12 PM Alexandre Ghiti <alex@ghiti.fr> wrote: > > > > > > Hi Guo, > > > > > > On 1/3/23 04:35, guoren@kernel.org wrote: > > > > From: Guo Ren <guoren@linux.alibaba.com> > > > > > > > > Without noinstr the compiler is free to insert instrumentation (think > > > > all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not > > > > yet ready to run this early in the entry path, for instance it could > > > > rely on RCU which isn't on yet, or expect lockdep state. (by peterz) > > > > > > > > Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/ > > > > Reviewed-by: Björn Töpel <bjorn@rivosinc.com> > > > > Suggested-by: Peter Zijlstra <peterz@infradead.org> > > > > Tested-by: Jisheng Zhang <jszhang@kernel.org> > > > > Signed-off-by: Guo Ren <guoren@linux.alibaba.com> > > > > Signed-off-by: Guo Ren <guoren@kernel.org> > > > > --- > > > > arch/riscv/kernel/traps.c | 4 ++-- > > > > arch/riscv/mm/fault.c | 2 +- > > > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > > > > > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c > > > > index 549bde5c970a..96ec76c54ff2 100644 > > > > --- a/arch/riscv/kernel/traps.c > > > > +++ b/arch/riscv/kernel/traps.c > > > > @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, > > > > } > > > > > > > > #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE) > > > > -#define __trap_section __section(".xip.traps") > > > > +#define __trap_section __noinstr_section(".xip.traps") > > > > #else > > > > -#define __trap_section > > > > +#define __trap_section noinstr > > > > #endif > > > > #define DO_ERROR_INFO(name, signo, code, str) \ > > > > asmlinkage __visible __trap_section void name(struct pt_regs *regs) \ > > > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > > > > index d86f7cebd4a7..b26f68eac61c 100644 > > > > --- a/arch/riscv/mm/fault.c > > > > +++ b/arch/riscv/mm/fault.c > > > > @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma) > > > > * This routine handles page faults. It determines the address and the > > > > * problem, and then passes it off to one of the appropriate routines. > > > > */ > > > > -asmlinkage void do_page_fault(struct pt_regs *regs) > > > > +asmlinkage void noinstr do_page_fault(struct pt_regs *regs) > > > > > > > > > (I dug the archive but can't find the series before v4, so sorry if it > > > was already answered) > > > > > > I think we should not disable the instrumentation of those trap handlers > > > as at least profiling them with ftrace would provide valuable > > > information (and gcov would be nice too): why do we need to do that? A > > > trap very early in the boot process is not recoverable anyway. > > Everything that calls irqentry_enter() should be noinstr, and this > > patch prepares for the next generic_entry convert. > > > > eg: > > asmlinkage void noinstr do_page_fault(struct pt_regs *regs) > > { > > irqentry_state_t state = irqentry_enter(regs); > > > > __do_page_fault(regs); > > > > local_irq_disable(); > > > > irqentry_exit(regs, state); > > } > > NOKPROBE_SYMBOL(do_page_fault); > > > > You still could profile __do_page_fault. > > > > > > > > And I took a look at other architectures, none of them disables the > > > instrumentation on do_page_fault. > > That's not true, have a look at power & arm64. All of them have some > > limitations at the entry of page_fault. > > Well, arm64's can't be kprobed, but is *can* be traced with ftrace, and *can* > be instrumented with KASAN and friends. I'm not sure that we actually need to > inhibit kprobes for do_page_fault, and we might be able to relax that. > > As a general thing, we've tried to centralize all the necesarily-noinstr bits > in arch/arm64/kernel/entry-common.c, and keep everything else as instrumentable > as possible. > > I'd recommend doing similar, and have a central file for any entry bits which > can't live in the generic entry code, and keep the rest instrumentable. That > will make it easier to maintain and verify. Okay, here is the v13 [1]. I've centralized all the necesarily-noinstr bits in arch/riscv/kernel/traps.c. [1] https://lore.kernel.org/linux-riscv/20230107113838.3969149-1-guoren@kernel.org/ > > Thanks, > Mark.
On Wed, Jan 4, 2023 at 7:55 PM Mark Rutland <mark.rutland@arm.com> wrote: > > On Mon, Jan 02, 2023 at 10:35:27PM -0500, guoren@kernel.org wrote: > > From: Guo Ren <guoren@linux.alibaba.com> > > > > Without noinstr the compiler is free to insert instrumentation (think > > all the k*SAN, KCov, GCov, ftrace etc..) which can call code we're not > > yet ready to run this early in the entry path, for instance it could > > rely on RCU which isn't on yet, or expect lockdep state. (by peterz) > > That's generally true, and makes sense to me, but .... > > > Link: https://lore.kernel.org/linux-riscv/YxcQ6NoPf3AH0EXe@hirez.programming.kicks-ass.net/ > > Reviewed-by: Björn Töpel <bjorn@rivosinc.com> > > Suggested-by: Peter Zijlstra <peterz@infradead.org> > > Tested-by: Jisheng Zhang <jszhang@kernel.org> > > Signed-off-by: Guo Ren <guoren@linux.alibaba.com> > > Signed-off-by: Guo Ren <guoren@kernel.org> > > --- > > arch/riscv/kernel/traps.c | 4 ++-- > > arch/riscv/mm/fault.c | 2 +- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c > > index 549bde5c970a..96ec76c54ff2 100644 > > --- a/arch/riscv/kernel/traps.c > > +++ b/arch/riscv/kernel/traps.c > > @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, > > } > > > > #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE) > > -#define __trap_section __section(".xip.traps") > > +#define __trap_section __noinstr_section(".xip.traps") > > #else > > -#define __trap_section > > +#define __trap_section noinstr > > #endif > > #define DO_ERROR_INFO(name, signo, code, str) \ > > asmlinkage __visible __trap_section void name(struct pt_regs *regs) \ > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > > index d86f7cebd4a7..b26f68eac61c 100644 > > --- a/arch/riscv/mm/fault.c > > +++ b/arch/riscv/mm/fault.c > > @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma) > > * This routine handles page faults. It determines the address and the > > * problem, and then passes it off to one of the appropriate routines. > > */ > > -asmlinkage void do_page_fault(struct pt_regs *regs) > > +asmlinkage void noinstr do_page_fault(struct pt_regs *regs) > > ... why do you need that for do_page_fault? That doesn't (currently) do any > entry/exit logic, so this seems unnecessary per the commit description. Yes, the above is unnecessary; I've fixed it in v13. > > Thanks, > Mark. > > > { > > struct task_struct *tsk; > > struct vm_area_struct *vma; > > -- > > 2.36.1 > >
diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index 549bde5c970a..96ec76c54ff2 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -95,9 +95,9 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, } #if defined(CONFIG_XIP_KERNEL) && defined(CONFIG_RISCV_ALTERNATIVE) -#define __trap_section __section(".xip.traps") +#define __trap_section __noinstr_section(".xip.traps") #else -#define __trap_section +#define __trap_section noinstr #endif #define DO_ERROR_INFO(name, signo, code, str) \ asmlinkage __visible __trap_section void name(struct pt_regs *regs) \ diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c index d86f7cebd4a7..b26f68eac61c 100644 --- a/arch/riscv/mm/fault.c +++ b/arch/riscv/mm/fault.c @@ -204,7 +204,7 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma) * This routine handles page faults. It determines the address and the * problem, and then passes it off to one of the appropriate routines. */ -asmlinkage void do_page_fault(struct pt_regs *regs) +asmlinkage void noinstr do_page_fault(struct pt_regs *regs) { struct task_struct *tsk; struct vm_area_struct *vma;