Re: [RFC PATCH v7 17/23] kernel/entry: Add support for core-wide protection of kernel-mode

From: Joel Fernandes
Date: Thu Sep 03 2020 - 00:36:16 EST

Next message: Andy Lutomirski: "Re: [PATCH v11 6/9] x86/cet: Add PTRACE interface for CET"
Previous message: Alexey Kardashevskiy: "Re: [PATCH v1 01/10] powerpc/pseries/iommu: Replace hard-coded page shift"
In reply to: Dario Faggioli: "Re: [RFC PATCH v7 17/23] kernel/entry: Add support for core-wide protection of kernel-mode"
Next in thread: Dario Faggioli: "Re: [RFC PATCH v7 17/23] kernel/entry: Add support for core-wide protection of kernel-mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 2, 2020 at 12:57 PM Dario Faggioli <dfaggioli@xxxxxxxx> wrote:
>
> On Wed, 2020-09-02 at 09:53 +0200, Thomas Gleixner wrote:
> > On Tue, Sep 01 2020 at 21:29, Joel Fernandes wrote:
> > > On Tue, Sep 01, 2020 at 10:02:10PM +0200, Thomas Gleixner wrote:
> > > >
> > > Or, are you saying users may want 'core scheduling' enabled but may
> > > want to
> > > leave out the kernel protection?
> >
> > Core scheduling per se without all the protection muck, i.e. a
> > relaxed
> > version which tries to gang schedule threads of a process on a core
> > if
> > feasible has advantages to some workloads.
> >
> Indeed! For at least two reasons, IMO:
>
> 1) what Thomas is saying already. I.e., even on a CPU which has HT but
> is not affected by any of the (known!) speculation issues, one may want
> to use Core Scheduling _as_a_feature_. For instance, for avoiding
> threads from different processes, or vCPUs from different VMs, sharing
> cores (e.g., for better managing their behavior/performance, or for
> improved fairness of billing/accounting). And in this case, this
> mechanism for protecting the kernel from the userspace on the other
> thread may not be necessary or interesting;

Agreed. So then I should really make this configurable and behind a
sysctl then. I'll do that.

> 2) protection of the kernel from the other thread running in userspace
> may be achieved in different ways. This is one, sure. ASI will probably
> be another. Hence if/when we'll have both, this and ASI, it would be
> cool to be able to configure the system in such a way that there is
> only one active, to avoid paying the price of both! :-)

Actually, no. Part of ASI will involve exactly what this patch does -
IPI-pausing siblings but ASI does so when they have no choice but to
switch away from the "limited kernel" mapping, into the full host
kernel mapping. I am not sure if they have yet implemented that part
but they do talk of it in [1] and in their pretty LPC slides. It is
just that ASI tries to avoid that scenario of kicking all siblings out
of guest mode. So, maybe this patch can be a stepping stone to ASI.
At least I got the entry hooks right, and the algorithm is efficient
IMO (useless IPIs are avoided). ASI can then come in and avoid
sending IPIs even more by doing their limited-kernel-mapping things if
needed. So, it does not need to be this vs ASI, both may be needed.

Why do you feel that ASI on its own offers some magical protection
that eliminates the need for this patch?

thanks,

- Joel

[1] The link https://lkml.org/lkml/2019/5/13/515 mentions "note that
kicking all sibling hyperthreads is not implemented in this serie"

Next message: Andy Lutomirski: "Re: [PATCH v11 6/9] x86/cet: Add PTRACE interface for CET"
Previous message: Alexey Kardashevskiy: "Re: [PATCH v1 01/10] powerpc/pseries/iommu: Replace hard-coded page shift"
In reply to: Dario Faggioli: "Re: [RFC PATCH v7 17/23] kernel/entry: Add support for core-wide protection of kernel-mode"
Next in thread: Dario Faggioli: "Re: [RFC PATCH v7 17/23] kernel/entry: Add support for core-wide protection of kernel-mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]