From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=G8WG=7X=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0E424C433E0
	for <linux-mm@archiver.kernel.org>; Wed, 10 Jun 2020 16:32:18 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C17842070B
	for <linux-mm@archiver.kernel.org>; Wed, 10 Jun 2020 16:32:17 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C17842070B
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id A851F6B0078; Wed, 10 Jun 2020 12:31:59 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A14026B007B; Wed, 10 Jun 2020 12:31:59 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 8AFC06B007D; Wed, 10 Jun 2020 12:31:59 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0069.hostedemail.com [216.40.44.69])
	by kanga.kvack.org (Postfix) with ESMTP id 6CB4D6B0078
	for <linux-mm@kvack.org>; Wed, 10 Jun 2020 12:31:59 -0400 (EDT)
Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 2EF73181ABEAA
	for <linux-mm@kvack.org>; Wed, 10 Jun 2020 16:31:59 +0000 (UTC)
X-FDA: 76913843958.03.anger57_1f1737e26dcc
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin03.hostedemail.com (Postfix) with ESMTP id 52D985DC1B
	for <linux-mm@kvack.org>; Wed, 10 Jun 2020 16:31:53 +0000 (UTC)
X-HE-Tag: anger57_1f1737e26dcc
X-Filterd-Recvd-Size: 6843
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
	by imf33.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Wed, 10 Jun 2020 16:31:52 +0000 (UTC)
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id C1388AC79;
	Wed, 10 Jun 2020 16:31:53 +0000 (UTC)
From: Vlastimil Babka <vbabka@suse.cz>
To: Andrew Morton <akpm@linux-foundation.org>,
	Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	kernel-team@android.com,
	vinmenon@codeaurora.org,
	Kees Cook <keescook@chromium.org>,
	Matthew Garrett <mjg59@google.com>,
	Roman Gushchin <guro@fb.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	Vijayanand Jitta <vjitta@codeaurora.org>,
	Jann Horn <jannh@google.com>
Subject: [PATCH 2/9] mm, slub: make some slub_debug related attributes read-only
Date: Wed, 10 Jun 2020 18:31:28 +0200
Message-Id: <20200610163135.17364-3-vbabka@suse.cz>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200610163135.17364-1-vbabka@suse.cz>
References: <20200610163135.17364-1-vbabka@suse.cz>
MIME-Version: 1.0
X-Rspamd-Queue-Id: 52D985DC1B
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam04
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

SLUB_DEBUG creates several files under /sys/kernel/slab/<cache>/ that can=
 be
read to check if the respective debugging options are enabled for given c=
ache.
The options can be also toggled at runtime by writing into the files. Som=
e of
those, namely red_zone, poison, and store_user can be toggled only when n=
o
objects yet exist in the cache.

Vijayanand reports [1] that there is a problem with freelist randomizatio=
n if
changing the debugging option's state results in different number of obje=
cts
per page, and the random sequence cache needs thus needs to be recomputed=
.

However, another problem is that the check for "no objects yet exist in t=
he
cache" is racy, as noted by Jann [2] and fixing that would add overhead o=
r
otherwise complicate the allocation/freeing paths. Thus it would be much
simpler just to remove the runtime toggling support. The documentation
describes it's "In case you forgot to enable debugging on the kernel comm=
and
line", but the neccessity of having no objects limits its usefulness anyw=
ay for
many caches.

Vijayanand describes an use case [3] where debugging is enabled for all b=
ut
zram caches for memory overhead reasons, and using the runtime toggles wa=
s the
only way to achieve such configuration. After the previous patch it's now
possible to do that directly from the kernel boot option, so we can remov=
e the
dangerous runtime toggles by making the /sys attribute files read-only.

While updating it, also improve the documentation of the debugging /sys f=
iles.

[1] https://lkml.kernel.org/r/1580379523-32272-1-git-send-email-vjitta@co=
deaurora.org
[2] https://lore.kernel.org/r/CAG48ez31PP--h6_FzVyfJ4H86QYczAFPdxtJHUEEan=
+7VJETAQ@mail.gmail.com
[3] https://lore.kernel.org/r/1383cd32-1ddc-4dac-b5f8-9c42282fa81c@codeau=
rora.org

Reported-by: Vijayanand Jitta <vjitta@codeaurora.org>
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Roman Gushchin <guro@fb.com>
---
 Documentation/vm/slub.rst | 28 ++++++++++++++----------
 mm/slub.c                 | 46 +++------------------------------------
 2 files changed, 20 insertions(+), 54 deletions(-)

diff --git a/Documentation/vm/slub.rst b/Documentation/vm/slub.rst
index cfccb258cf42..36241dfba024 100644
--- a/Documentation/vm/slub.rst
+++ b/Documentation/vm/slub.rst
@@ -101,20 +101,26 @@ debugged by specifying global debug options followe=
d by a list of slab names
=20
 	slub_debug=3DFZ;-,zs_handle,zspage
=20
-In case you forgot to enable debugging on the kernel command line: It is
-possible to enable debugging manually when the kernel is up. Look at the
-contents of::
+The state of each debug option for a slab can be found in the respective=
 files
+under::
=20
 	/sys/kernel/slab/<slab name>/
=20
-Look at the writable files. Writing 1 to them will enable the
-corresponding debug option. All options can be set on a slab that does
-not contain objects. If the slab already contains objects then sanity ch=
ecks
-and tracing may only be enabled. The other options may cause the realign=
ment
-of objects.
-
-Careful with tracing: It may spew out lots of information and never stop=
 if
-used on the wrong slab.
+If the file contains 1, the option is enabled, 0 means disabled. The deb=
ug
+options from the ``slub_debug`` parameter translate to the following fil=
es::
+
+	F	sanity_checks
+	Z	red_zone
+	P	poison
+	U	store_user
+	T	trace
+	A	failslab
+
+The sanity_checks, trace and failslab files are writable, so writing 1 o=
r 0
+will enable or disable the option at runtime. The writes to trace and fa=
ilslab
+may return -EINVAL if the cache is subject to slab merging. Careful with
+tracing: It may spew out lots of information and never stop if used on t=
he
+wrong slab.
=20
 Slab merging
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
diff --git a/mm/slub.c b/mm/slub.c
index a53371426e06..e254164d6cae 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -5351,61 +5351,21 @@ static ssize_t red_zone_show(struct kmem_cache *s=
, char *buf)
 	return sprintf(buf, "%d\n", !!(s->flags & SLAB_RED_ZONE));
 }
=20
-static ssize_t red_zone_store(struct kmem_cache *s,
-				const char *buf, size_t length)
-{
-	if (any_slab_objects(s))
-		return -EBUSY;
-
-	s->flags &=3D ~SLAB_RED_ZONE;
-	if (buf[0] =3D=3D '1') {
-		s->flags |=3D SLAB_RED_ZONE;
-	}
-	calculate_sizes(s, -1);
-	return length;
-}
-SLAB_ATTR(red_zone);
+SLAB_ATTR_RO(red_zone);
=20
 static ssize_t poison_show(struct kmem_cache *s, char *buf)
 {
 	return sprintf(buf, "%d\n", !!(s->flags & SLAB_POISON));
 }
=20
-static ssize_t poison_store(struct kmem_cache *s,
-				const char *buf, size_t length)
-{
-	if (any_slab_objects(s))
-		return -EBUSY;
-
-	s->flags &=3D ~SLAB_POISON;
-	if (buf[0] =3D=3D '1') {
-		s->flags |=3D SLAB_POISON;
-	}
-	calculate_sizes(s, -1);
-	return length;
-}
-SLAB_ATTR(poison);
+SLAB_ATTR_RO(poison);
=20
 static ssize_t store_user_show(struct kmem_cache *s, char *buf)
 {
 	return sprintf(buf, "%d\n", !!(s->flags & SLAB_STORE_USER));
 }
=20
-static ssize_t store_user_store(struct kmem_cache *s,
-				const char *buf, size_t length)
-{
-	if (any_slab_objects(s))
-		return -EBUSY;
-
-	s->flags &=3D ~SLAB_STORE_USER;
-	if (buf[0] =3D=3D '1') {
-		s->flags &=3D ~__CMPXCHG_DOUBLE;
-		s->flags |=3D SLAB_STORE_USER;
-	}
-	calculate_sizes(s, -1);
-	return length;
-}
-SLAB_ATTR(store_user);
+SLAB_ATTR_RO(store_user);
=20
 static ssize_t validate_show(struct kmem_cache *s, char *buf)
 {
--=20
2.26.2