* [PATCH] kasan: remove PG_skip_kasan_poison flag
@ 2023-02-24 6:51 Peter Collingbourne
2023-02-27 0:19 ` Andrey Konovalov
0 siblings, 1 reply; 3+ messages in thread
From: Peter Collingbourne @ 2023-02-24 6:51 UTC (permalink / raw)
To: catalin.marinas, andreyknvl
Cc: Peter Collingbourne, linux-mm, kasan-dev, ryabinin.a.a,
linux-arm-kernel, vincenzo.frascino, will, eugenis
Code inspection reveals that PG_skip_kasan_poison is redundant with
kasantag, because the former is intended to be set iff the latter is
the match-all tag. It can also be observed that it's basically pointless
to poison pages which have kasantag=0, because any pages with this tag
would have been pointed to by pointers with match-all tags, so poisoning
the pages would have little to no effect in terms of bug detection.
Therefore, change the condition in should_skip_kasan_poison() to check
kasantag instead, and remove PG_skip_kasan_poison.
Signed-off-by: Peter Collingbourne <pcc@google.com>
Link: https://linux-review.googlesource.com/id/I57f825f2eaeaf7e8389d6cf4597c8a5821359838
---
I sent this independently of
https://lore.kernel.org/all/20230224061550.177541-1-pcc@google.com/
because I initially thought that the patches were independent.
But moments after sending it, I realized that this patch depends on
that one, because without that patch, this patch will end up disabling
page poisoning altogether! But it's too late to turn them into a series
now; I'll do that for v2.
include/linux/page-flags.h | 9 ---------
include/trace/events/mmflags.h | 9 +--------
mm/page_alloc.c | 28 ++++++++--------------------
3 files changed, 9 insertions(+), 37 deletions(-)
diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
index a7e3a3405520..74f81a52e7e1 100644
--- a/include/linux/page-flags.h
+++ b/include/linux/page-flags.h
@@ -135,9 +135,6 @@ enum pageflags {
#ifdef CONFIG_ARCH_USES_PG_ARCH_X
PG_arch_2,
PG_arch_3,
-#endif
-#ifdef CONFIG_KASAN_HW_TAGS
- PG_skip_kasan_poison,
#endif
__NR_PAGEFLAGS,
@@ -594,12 +591,6 @@ TESTCLEARFLAG(Young, young, PF_ANY)
PAGEFLAG(Idle, idle, PF_ANY)
#endif
-#ifdef CONFIG_KASAN_HW_TAGS
-PAGEFLAG(SkipKASanPoison, skip_kasan_poison, PF_HEAD)
-#else
-PAGEFLAG_FALSE(SkipKASanPoison, skip_kasan_poison)
-#endif
-
/*
* PageReported() is used to track reported free pages within the Buddy
* allocator. We can use the non-atomic version of the test and set
diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h
index 9db52bc4ce19..c448694fc7e9 100644
--- a/include/trace/events/mmflags.h
+++ b/include/trace/events/mmflags.h
@@ -96,12 +96,6 @@
#define IF_HAVE_PG_ARCH_X(flag,string)
#endif
-#ifdef CONFIG_KASAN_HW_TAGS
-#define IF_HAVE_PG_SKIP_KASAN_POISON(flag,string) ,{1UL << flag, string}
-#else
-#define IF_HAVE_PG_SKIP_KASAN_POISON(flag,string)
-#endif
-
#define __def_pageflag_names \
{1UL << PG_locked, "locked" }, \
{1UL << PG_waiters, "waiters" }, \
@@ -130,8 +124,7 @@ IF_HAVE_PG_HWPOISON(PG_hwpoison, "hwpoison" ) \
IF_HAVE_PG_IDLE(PG_young, "young" ) \
IF_HAVE_PG_IDLE(PG_idle, "idle" ) \
IF_HAVE_PG_ARCH_X(PG_arch_2, "arch_2" ) \
-IF_HAVE_PG_ARCH_X(PG_arch_3, "arch_3" ) \
-IF_HAVE_PG_SKIP_KASAN_POISON(PG_skip_kasan_poison, "skip_kasan_poison")
+IF_HAVE_PG_ARCH_X(PG_arch_3, "arch_3" )
#define show_page_flags(flags) \
(flags) ? __print_flags(flags, "|", \
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 7136c36c5d01..2509b8bde8d5 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -1380,7 +1380,7 @@ static inline bool should_skip_kasan_poison(struct page *page, fpi_t fpi_flags)
return deferred_pages_enabled() ||
(!IS_ENABLED(CONFIG_KASAN_GENERIC) &&
(fpi_flags & FPI_SKIP_KASAN_POISON)) ||
- PageSkipKASanPoison(page);
+ page_kasan_tag(page) == 0xff;
}
static void kernel_init_pages(struct page *page, int numpages)
@@ -2511,22 +2511,13 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
/* Take note that memory was initialized by the loop above. */
init = false;
}
- if (!should_skip_kasan_unpoison(gfp_flags)) {
- /* Try unpoisoning (or setting tags) and initializing memory. */
- if (kasan_unpoison_pages(page, order, init)) {
- /* Take note that memory was initialized by KASAN. */
- if (kasan_has_integrated_init())
- init = false;
- /* Take note that memory tags were set by KASAN. */
- reset_tags = false;
- } else {
- /*
- * KASAN decided to exclude this allocation from being
- * (un)poisoned due to sampling. Make KASAN skip
- * poisoning when the allocation is freed.
- */
- SetPageSkipKASanPoison(page);
- }
+ if (!should_skip_kasan_unpoison(gfp_flags) &&
+ kasan_unpoison_pages(page, order, init)) {
+ /* Take note that memory was initialized by KASAN. */
+ if (kasan_has_integrated_init())
+ init = false;
+ /* Take note that memory tags were set by KASAN. */
+ reset_tags = false;
}
/*
* If memory tags have not been set by KASAN, reset the page tags to
@@ -2539,9 +2530,6 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
/* If memory is still not initialized, initialize it now. */
if (init)
kernel_init_pages(page, 1 << order);
- /* Propagate __GFP_SKIP_KASAN_POISON to page flags. */
- if (kasan_hw_tags_enabled() && (gfp_flags & __GFP_SKIP_KASAN_POISON))
- SetPageSkipKASanPoison(page);
set_page_owner(page, order, gfp_flags);
page_table_check_alloc(page, order);
--
2.39.2.637.g21b0678d19-goog
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] kasan: remove PG_skip_kasan_poison flag
2023-02-24 6:51 [PATCH] kasan: remove PG_skip_kasan_poison flag Peter Collingbourne
@ 2023-02-27 0:19 ` Andrey Konovalov
2023-02-28 6:33 ` Peter Collingbourne
0 siblings, 1 reply; 3+ messages in thread
From: Andrey Konovalov @ 2023-02-27 0:19 UTC (permalink / raw)
To: Peter Collingbourne
Cc: catalin.marinas, linux-mm, kasan-dev, ryabinin.a.a,
linux-arm-kernel, vincenzo.frascino, will, eugenis
On Fri, Feb 24, 2023 at 7:51 AM Peter Collingbourne <pcc@google.com> wrote:
>
> Code inspection reveals that PG_skip_kasan_poison is redundant with
> kasantag, because the former is intended to be set iff the latter is
> the match-all tag. It can also be observed that it's basically pointless
> to poison pages which have kasantag=0, because any pages with this tag
> would have been pointed to by pointers with match-all tags, so poisoning
> the pages would have little to no effect in terms of bug detection.
> Therefore, change the condition in should_skip_kasan_poison() to check
> kasantag instead, and remove PG_skip_kasan_poison.
This seems reasonable.
> Signed-off-by: Peter Collingbourne <pcc@google.com>
> Link: https://linux-review.googlesource.com/id/I57f825f2eaeaf7e8389d6cf4597c8a5821359838
> ---
> I sent this independently of
> https://lore.kernel.org/all/20230224061550.177541-1-pcc@google.com/
> because I initially thought that the patches were independent.
> But moments after sending it, I realized that this patch depends on
> that one, because without that patch, this patch will end up disabling
> page poisoning altogether! But it's too late to turn them into a series
> now; I'll do that for v2.
>
> include/linux/page-flags.h | 9 ---------
> include/trace/events/mmflags.h | 9 +--------
> mm/page_alloc.c | 28 ++++++++--------------------
> 3 files changed, 9 insertions(+), 37 deletions(-)
>
> diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
> index a7e3a3405520..74f81a52e7e1 100644
> --- a/include/linux/page-flags.h
> +++ b/include/linux/page-flags.h
> @@ -135,9 +135,6 @@ enum pageflags {
> #ifdef CONFIG_ARCH_USES_PG_ARCH_X
> PG_arch_2,
> PG_arch_3,
> -#endif
> -#ifdef CONFIG_KASAN_HW_TAGS
> - PG_skip_kasan_poison,
> #endif
> __NR_PAGEFLAGS,
>
> @@ -594,12 +591,6 @@ TESTCLEARFLAG(Young, young, PF_ANY)
> PAGEFLAG(Idle, idle, PF_ANY)
> #endif
>
> -#ifdef CONFIG_KASAN_HW_TAGS
> -PAGEFLAG(SkipKASanPoison, skip_kasan_poison, PF_HEAD)
> -#else
> -PAGEFLAG_FALSE(SkipKASanPoison, skip_kasan_poison)
> -#endif
> -
> /*
> * PageReported() is used to track reported free pages within the Buddy
> * allocator. We can use the non-atomic version of the test and set
> diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h
> index 9db52bc4ce19..c448694fc7e9 100644
> --- a/include/trace/events/mmflags.h
> +++ b/include/trace/events/mmflags.h
> @@ -96,12 +96,6 @@
> #define IF_HAVE_PG_ARCH_X(flag,string)
> #endif
>
> -#ifdef CONFIG_KASAN_HW_TAGS
> -#define IF_HAVE_PG_SKIP_KASAN_POISON(flag,string) ,{1UL << flag, string}
> -#else
> -#define IF_HAVE_PG_SKIP_KASAN_POISON(flag,string)
> -#endif
> -
> #define __def_pageflag_names \
> {1UL << PG_locked, "locked" }, \
> {1UL << PG_waiters, "waiters" }, \
> @@ -130,8 +124,7 @@ IF_HAVE_PG_HWPOISON(PG_hwpoison, "hwpoison" ) \
> IF_HAVE_PG_IDLE(PG_young, "young" ) \
> IF_HAVE_PG_IDLE(PG_idle, "idle" ) \
> IF_HAVE_PG_ARCH_X(PG_arch_2, "arch_2" ) \
> -IF_HAVE_PG_ARCH_X(PG_arch_3, "arch_3" ) \
> -IF_HAVE_PG_SKIP_KASAN_POISON(PG_skip_kasan_poison, "skip_kasan_poison")
> +IF_HAVE_PG_ARCH_X(PG_arch_3, "arch_3" )
>
> #define show_page_flags(flags) \
> (flags) ? __print_flags(flags, "|", \
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 7136c36c5d01..2509b8bde8d5 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1380,7 +1380,7 @@ static inline bool should_skip_kasan_poison(struct page *page, fpi_t fpi_flags)
> return deferred_pages_enabled() ||
> (!IS_ENABLED(CONFIG_KASAN_GENERIC) &&
> (fpi_flags & FPI_SKIP_KASAN_POISON)) ||
> - PageSkipKASanPoison(page);
> + page_kasan_tag(page) == 0xff;
Please also update the comment above should_skip_kasan_poison.
I think we can drop #3 and #4 from that comment and instead add a more
generic #3: "Page tags have not been assigned, as unpoisoning has been
skipped".
> }
>
> static void kernel_init_pages(struct page *page, int numpages)
> @@ -2511,22 +2511,13 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
> /* Take note that memory was initialized by the loop above. */
> init = false;
> }
> - if (!should_skip_kasan_unpoison(gfp_flags)) {
> - /* Try unpoisoning (or setting tags) and initializing memory. */
> - if (kasan_unpoison_pages(page, order, init)) {
> - /* Take note that memory was initialized by KASAN. */
> - if (kasan_has_integrated_init())
> - init = false;
> - /* Take note that memory tags were set by KASAN. */
> - reset_tags = false;
> - } else {
> - /*
> - * KASAN decided to exclude this allocation from being
> - * (un)poisoned due to sampling. Make KASAN skip
> - * poisoning when the allocation is freed.
> - */
> - SetPageSkipKASanPoison(page);
> - }
> + if (!should_skip_kasan_unpoison(gfp_flags) &&
> + kasan_unpoison_pages(page, order, init)) {
> + /* Take note that memory was initialized by KASAN. */
> + if (kasan_has_integrated_init())
> + init = false;
> + /* Take note that memory tags were set by KASAN. */
> + reset_tags = false;
> }
> /*
> * If memory tags have not been set by KASAN, reset the page tags to
> @@ -2539,9 +2530,6 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
> /* If memory is still not initialized, initialize it now. */
> if (init)
> kernel_init_pages(page, 1 << order);
> - /* Propagate __GFP_SKIP_KASAN_POISON to page flags. */
> - if (kasan_hw_tags_enabled() && (gfp_flags & __GFP_SKIP_KASAN_POISON))
> - SetPageSkipKASanPoison(page);
With this removed, __GFP_SKIP_KASAN_POISON is no longer used and can
be removed too.
>
> set_page_owner(page, order, gfp_flags);
> page_table_check_alloc(page, order);
> --
> 2.39.2.637.g21b0678d19-goog
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] kasan: remove PG_skip_kasan_poison flag
2023-02-27 0:19 ` Andrey Konovalov
@ 2023-02-28 6:33 ` Peter Collingbourne
0 siblings, 0 replies; 3+ messages in thread
From: Peter Collingbourne @ 2023-02-28 6:33 UTC (permalink / raw)
To: Andrey Konovalov
Cc: catalin.marinas, linux-mm, kasan-dev, ryabinin.a.a,
linux-arm-kernel, vincenzo.frascino, will, eugenis
On Sun, Feb 26, 2023 at 4:20 PM Andrey Konovalov <andreyknvl@gmail.com> wrote:
>
> On Fri, Feb 24, 2023 at 7:51 AM Peter Collingbourne <pcc@google.com> wrote:
> >
> > Code inspection reveals that PG_skip_kasan_poison is redundant with
> > kasantag, because the former is intended to be set iff the latter is
> > the match-all tag. It can also be observed that it's basically pointless
> > to poison pages which have kasantag=0, because any pages with this tag
> > would have been pointed to by pointers with match-all tags, so poisoning
> > the pages would have little to no effect in terms of bug detection.
> > Therefore, change the condition in should_skip_kasan_poison() to check
> > kasantag instead, and remove PG_skip_kasan_poison.
>
> This seems reasonable.
>
> > Signed-off-by: Peter Collingbourne <pcc@google.com>
> > Link: https://linux-review.googlesource.com/id/I57f825f2eaeaf7e8389d6cf4597c8a5821359838
> > ---
> > I sent this independently of
> > https://lore.kernel.org/all/20230224061550.177541-1-pcc@google.com/
> > because I initially thought that the patches were independent.
> > But moments after sending it, I realized that this patch depends on
> > that one, because without that patch, this patch will end up disabling
> > page poisoning altogether! But it's too late to turn them into a series
> > now; I'll do that for v2.
> >
> > include/linux/page-flags.h | 9 ---------
> > include/trace/events/mmflags.h | 9 +--------
> > mm/page_alloc.c | 28 ++++++++--------------------
> > 3 files changed, 9 insertions(+), 37 deletions(-)
> >
> > diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h
> > index a7e3a3405520..74f81a52e7e1 100644
> > --- a/include/linux/page-flags.h
> > +++ b/include/linux/page-flags.h
> > @@ -135,9 +135,6 @@ enum pageflags {
> > #ifdef CONFIG_ARCH_USES_PG_ARCH_X
> > PG_arch_2,
> > PG_arch_3,
> > -#endif
> > -#ifdef CONFIG_KASAN_HW_TAGS
> > - PG_skip_kasan_poison,
> > #endif
> > __NR_PAGEFLAGS,
> >
> > @@ -594,12 +591,6 @@ TESTCLEARFLAG(Young, young, PF_ANY)
> > PAGEFLAG(Idle, idle, PF_ANY)
> > #endif
> >
> > -#ifdef CONFIG_KASAN_HW_TAGS
> > -PAGEFLAG(SkipKASanPoison, skip_kasan_poison, PF_HEAD)
> > -#else
> > -PAGEFLAG_FALSE(SkipKASanPoison, skip_kasan_poison)
> > -#endif
> > -
> > /*
> > * PageReported() is used to track reported free pages within the Buddy
> > * allocator. We can use the non-atomic version of the test and set
> > diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h
> > index 9db52bc4ce19..c448694fc7e9 100644
> > --- a/include/trace/events/mmflags.h
> > +++ b/include/trace/events/mmflags.h
> > @@ -96,12 +96,6 @@
> > #define IF_HAVE_PG_ARCH_X(flag,string)
> > #endif
> >
> > -#ifdef CONFIG_KASAN_HW_TAGS
> > -#define IF_HAVE_PG_SKIP_KASAN_POISON(flag,string) ,{1UL << flag, string}
> > -#else
> > -#define IF_HAVE_PG_SKIP_KASAN_POISON(flag,string)
> > -#endif
> > -
> > #define __def_pageflag_names \
> > {1UL << PG_locked, "locked" }, \
> > {1UL << PG_waiters, "waiters" }, \
> > @@ -130,8 +124,7 @@ IF_HAVE_PG_HWPOISON(PG_hwpoison, "hwpoison" ) \
> > IF_HAVE_PG_IDLE(PG_young, "young" ) \
> > IF_HAVE_PG_IDLE(PG_idle, "idle" ) \
> > IF_HAVE_PG_ARCH_X(PG_arch_2, "arch_2" ) \
> > -IF_HAVE_PG_ARCH_X(PG_arch_3, "arch_3" ) \
> > -IF_HAVE_PG_SKIP_KASAN_POISON(PG_skip_kasan_poison, "skip_kasan_poison")
> > +IF_HAVE_PG_ARCH_X(PG_arch_3, "arch_3" )
> >
> > #define show_page_flags(flags) \
> > (flags) ? __print_flags(flags, "|", \
> > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > index 7136c36c5d01..2509b8bde8d5 100644
> > --- a/mm/page_alloc.c
> > +++ b/mm/page_alloc.c
> > @@ -1380,7 +1380,7 @@ static inline bool should_skip_kasan_poison(struct page *page, fpi_t fpi_flags)
> > return deferred_pages_enabled() ||
> > (!IS_ENABLED(CONFIG_KASAN_GENERIC) &&
> > (fpi_flags & FPI_SKIP_KASAN_POISON)) ||
> > - PageSkipKASanPoison(page);
> > + page_kasan_tag(page) == 0xff;
>
> Please also update the comment above should_skip_kasan_poison.
Done in v2.
> I think we can drop #3 and #4 from that comment and instead add a more
> generic #3: "Page tags have not been assigned, as unpoisoning has been
> skipped".
I realized that the page tag will also be unassigned when the page is
first being initialized, so I decided to be more explicit in the
comment here about the circumstances where this will happen. I also
took the opportunity to remove the FPI_SKIP_KASAN_POISON flag, since I
realized that it is now also redundant with the page tag.
> > }
> >
> > static void kernel_init_pages(struct page *page, int numpages)
> > @@ -2511,22 +2511,13 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
> > /* Take note that memory was initialized by the loop above. */
> > init = false;
> > }
> > - if (!should_skip_kasan_unpoison(gfp_flags)) {
> > - /* Try unpoisoning (or setting tags) and initializing memory. */
> > - if (kasan_unpoison_pages(page, order, init)) {
> > - /* Take note that memory was initialized by KASAN. */
> > - if (kasan_has_integrated_init())
> > - init = false;
> > - /* Take note that memory tags were set by KASAN. */
> > - reset_tags = false;
> > - } else {
> > - /*
> > - * KASAN decided to exclude this allocation from being
> > - * (un)poisoned due to sampling. Make KASAN skip
> > - * poisoning when the allocation is freed.
> > - */
> > - SetPageSkipKASanPoison(page);
> > - }
> > + if (!should_skip_kasan_unpoison(gfp_flags) &&
> > + kasan_unpoison_pages(page, order, init)) {
> > + /* Take note that memory was initialized by KASAN. */
> > + if (kasan_has_integrated_init())
> > + init = false;
> > + /* Take note that memory tags were set by KASAN. */
> > + reset_tags = false;
> > }
> > /*
> > * If memory tags have not been set by KASAN, reset the page tags to
> > @@ -2539,9 +2530,6 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
> > /* If memory is still not initialized, initialize it now. */
> > if (init)
> > kernel_init_pages(page, 1 << order);
> > - /* Propagate __GFP_SKIP_KASAN_POISON to page flags. */
> > - if (kasan_hw_tags_enabled() && (gfp_flags & __GFP_SKIP_KASAN_POISON))
> > - SetPageSkipKASanPoison(page);
>
> With this removed, __GFP_SKIP_KASAN_POISON is no longer used and can
> be removed too.
Done in v2. Since the remaining flag will skip both poisoning and
unpoisoning, I decided to rename it to GFP_SKIP_KASAN.
Peter
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-28 6:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-24 6:51 [PATCH] kasan: remove PG_skip_kasan_poison flag Peter Collingbourne
2023-02-27 0:19 ` Andrey Konovalov
2023-02-28 6:33 ` Peter Collingbourne
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox