From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C7EAC76196 for ; Tue, 28 Mar 2023 13:04:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E66176B0075; Tue, 28 Mar 2023 09:04:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E165B6B0078; Tue, 28 Mar 2023 09:04:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CB8646B007B; Tue, 28 Mar 2023 09:04:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id BA1866B0075 for ; Tue, 28 Mar 2023 09:04:51 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 7433E1A0223 for ; Tue, 28 Mar 2023 13:04:51 +0000 (UTC) X-FDA: 80618326782.10.05DB2B4 Received: from out-29.mta0.migadu.com (out-29.mta0.migadu.com [91.218.175.29]) by imf20.hostedemail.com (Postfix) with ESMTP id 80D581C0035 for ; Tue, 28 Mar 2023 13:04:48 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=aPFwvaZd; spf=pass (imf20.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.29 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680008688; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Son+EeR8XyaKhlokwJs6j5Bs+OL8G7txoA1nBIX15Xk=; b=bffQ1/7m52Hkx7vMHOsp+JU3tG5aPw+S4XM6mluo4rO+ayXRWv1FBMLpAhqeji8TN1D52c zngtaq3oDQHOLpTe/QzWEcYrSz0Ps1Uh9s2rT0B/GsJkSRWHyDrTu1kRCUv2Y0tvpxMP30 wkwbGs2/7ur3GWQRZupWOvAGKCDxay0= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=aPFwvaZd; spf=pass (imf20.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.29 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680008688; a=rsa-sha256; cv=none; b=FuoJ/PUFC67giExTOrEID2bSityATLL8X41YlmeVTuiKoLX0PXlrZPnO3rpMq9uJwxUnZh j+2qKfd3c/qNkGlQlVk+C/XqpsP+nQ2FxgMEMtQXbCR+8F91pHUq9yu4mzbp+TFVkQw1P2 UNoMvENF9z5NI5jLPjTpa1h4YtmtEGs= Content-Type: text/plain; charset=utf-8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1680008686; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Son+EeR8XyaKhlokwJs6j5Bs+OL8G7txoA1nBIX15Xk=; b=aPFwvaZd6nfzRXCS/nAZB5enMyqkmzTFxQhGDmRDwrNX0W93BB3iKW881jxXgG6I2CU4Sd BL9lDjTjuBZdINj3Vfkg1EVTG++R0/8TcP2cVZ8oEwqa0fZit2RlTgETczibdVWfFb2z5L F+r1WNI1O/KiNbjnJmWEfnCgzltc6uA= MIME-Version: 1.0 Subject: Re: [PATCH 3/6] mm: kfence: make kfence_protect_page() void X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Muchun Song In-Reply-To: Date: Tue, 28 Mar 2023 21:04:11 +0800 Cc: Muchun Song , glider@google.com, dvyukov@google.com, akpm@linux-foundation.org, jannh@google.com, sjpark@amazon.de, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: <938ED660-4153-4F16-8115-E96BCAD51F35@linux.dev> References: <20230328095807.7014-1-songmuchun@bytedance.com> <20230328095807.7014-4-songmuchun@bytedance.com> To: Marco Elver X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 80D581C0035 X-Stat-Signature: fmapsh834u49eeom9s4uyg8fsztuutag X-Rspam-User: X-HE-Tag: 1680008688-360939 X-HE-Meta: U2FsdGVkX1//hLgrzw4dFjZarmk3ifgkO1BvBwUHqGccjkv6k8Xsz3JSyHSw0IdYJyY786XYseQSm+n72HuxXV8+VNCKQLGu9Z7WBGs5d/XoxT4CtCQNlqMIZpk+4kznJLNW+gfA0PPDZ0MRpXn9Gw6JuJNwJ3+GQTeizEL+HLwcKDn4wE37ir6yJr+laBoJ4nDzPessxqGbqqgtApJJB8nRtpdhCFjEtkRCLMRbPp/jvhABult3mebDeU/gK2fKWt5ykSlY6dADaffKgn3ls3rm3+8WZpGbic8kuDJDdqdx+8o9qCk8m0kW3pc4jYytRuoN19puwgFQsfr085zAQvfoZjAd0Q2aWgTMFJlV4NnbV8JTPFkiOQaLdXYacQT92E+TfwvbKsCLKIAI6bDpA6MhzrwmBzTGDCFL7UaRU5ziI5ySGOxTK9aCjXHf2pqtfr4td4TFgi7gVCqk+ymcNRYNGTqdAb+7YgBGTJSNj+yfDtpUG22Ggf+H6cVafPQOY2cGHMP15hhuxkkK284w5zgtn5KLQZWdVKefOeosPeRNB+CralY+CX3DMT47EwtkeNg4+hfYFlRSTP69DOzHkknRXL14SbrpgNY9HbefztIJyvBmVAOYYqgESgxjkWd+J+UnEbFe1bJZ6eVP7LY0KCsKVDLnxzNtpKxteeMmV4BwfbT7jmj2pHlTaF51qrsvN5DUZLu+lw1cn7cSkl3TulTGk3xqPe/40vHACQFw48iaIzepQ9UWY0VVEctNYQN+B0zZvcYA/ATYDeUmUiCynEyEdmOVrisKE4HYJVzh2i2bshUyTE7re8/bqYZdPdlLeRUV+emY4ICQGeldasfVXmC7TqjWtIMuTPEfR9NwrkPz3GGEXVFpdNR55xGMeOxtdqZceEeNon+mIKNKMnlfZhvj1Ddneq8DN0V3lEWnShof/QSGEKTJrKcxEs/NMxq09rkzaLiX3l4N2oH13Kf asIP1GWq FOsHLn4k9e5cSjKdrkk08ypUTQ23TrqxZKqsPBDYl1Xo6AuUUSim42LxbzUll8T/ml9fUxV1mb9YhqZepzFcr/58MmdXA2qwogHpKFRHq/0eSA0fw+iMcrl2yp+VZvwYiQpBZaeJvXZJzfA0/C1JCw/ML9XsRVtIO7Q8Lt2EhCQRRY/ySZ5RDNNg/KztV/Nl2f2rhJ73X+bkwoRhXzjGEQogqb5HDW4h+zWQVDaVSfYT4J7g2R6bbCClAHY2HCGKnKwPEHnnrEaNFmTb0w/sxvbKQWiLBD8SHCVYXoUClQMinKQc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > On Mar 28, 2023, at 18:32, Marco Elver wrote: >=20 > On Tue, 28 Mar 2023 at 11:58, Muchun Song = wrote: >>=20 >> The arch_kfence_init_pool() make sure kfence pool is mapped with base = page >> size (e.g. 4KB), so the following PTE lookup in kfence_protect_page() = will >> always succeed. Then there is no way to stop kfence_protect_page() = always >> returning true, so make it void to simplify the code. >>=20 >> Signed-off-by: Muchun Song >> --- >> arch/arm/include/asm/kfence.h | 4 +- >> arch/arm64/include/asm/kfence.h | 4 +- >> arch/parisc/include/asm/kfence.h | 7 +- >> arch/powerpc/include/asm/kfence.h | 8 +-- >> arch/riscv/include/asm/kfence.h | 4 +- >> arch/s390/include/asm/kfence.h | 3 +- >> arch/x86/include/asm/kfence.h | 9 +-- >> mm/kfence/core.c | 142 = +++++++++++++++++--------------------- >> 8 files changed, 73 insertions(+), 108 deletions(-) >>=20 >> diff --git a/arch/arm/include/asm/kfence.h = b/arch/arm/include/asm/kfence.h >> index 7980d0f2271f..c30a5f8125e8 100644 >> --- a/arch/arm/include/asm/kfence.h >> +++ b/arch/arm/include/asm/kfence.h >> @@ -43,11 +43,9 @@ static inline bool arch_kfence_init_pool(void) >> return true; >> } >>=20 >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> set_memory_valid(addr, 1, !protect); >> - >> - return true; >> } >>=20 >> #endif /* __ASM_ARM_KFENCE_H */ >> diff --git a/arch/arm64/include/asm/kfence.h = b/arch/arm64/include/asm/kfence.h >> index a81937fae9f6..7717c6d98b6f 100644 >> --- a/arch/arm64/include/asm/kfence.h >> +++ b/arch/arm64/include/asm/kfence.h >> @@ -12,11 +12,9 @@ >>=20 >> static inline bool arch_kfence_init_pool(void) { return true; } >>=20 >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> set_memory_valid(addr, 1, !protect); >> - >> - return true; >> } >>=20 >> #ifdef CONFIG_KFENCE >> diff --git a/arch/parisc/include/asm/kfence.h = b/arch/parisc/include/asm/kfence.h >> index 6259e5ac1fea..290792009315 100644 >> --- a/arch/parisc/include/asm/kfence.h >> +++ b/arch/parisc/include/asm/kfence.h >> @@ -19,13 +19,10 @@ static inline bool arch_kfence_init_pool(void) >> } >>=20 >> /* Protect the given page and flush TLB. */ >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> pte_t *pte =3D virt_to_kpte(addr); >>=20 >> - if (WARN_ON(!pte)) >> - return false; >> - >> /* >> * We need to avoid IPIs, as we may get KFENCE allocations or = faults >> * with interrupts disabled. >> @@ -37,8 +34,6 @@ static inline bool kfence_protect_page(unsigned = long addr, bool protect) >> set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT)); >>=20 >> flush_tlb_kernel_range(addr, addr + PAGE_SIZE); >> - >> - return true; >> } >>=20 >> #endif /* _ASM_PARISC_KFENCE_H */ >> diff --git a/arch/powerpc/include/asm/kfence.h = b/arch/powerpc/include/asm/kfence.h >> index 6fd2b4d486c5..9d8502a7d0a4 100644 >> --- a/arch/powerpc/include/asm/kfence.h >> +++ b/arch/powerpc/include/asm/kfence.h >> @@ -21,16 +21,14 @@ static inline bool arch_kfence_init_pool(void) >> } >>=20 >> #ifdef CONFIG_PPC64 >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> struct page *page =3D virt_to_page(addr); >>=20 >> __kernel_map_pages(page, 1, !protect); >> - >> - return true; >> } >> #else >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> pte_t *kpte =3D virt_to_kpte(addr); >>=20 >> @@ -40,8 +38,6 @@ static inline bool kfence_protect_page(unsigned = long addr, bool protect) >> } else { >> pte_update(&init_mm, addr, kpte, 0, _PAGE_PRESENT, 0); >> } >> - >> - return true; >> } >> #endif >>=20 >> diff --git a/arch/riscv/include/asm/kfence.h = b/arch/riscv/include/asm/kfence.h >> index d887a54042aa..1299f47170b5 100644 >> --- a/arch/riscv/include/asm/kfence.h >> +++ b/arch/riscv/include/asm/kfence.h >> @@ -46,7 +46,7 @@ static inline bool arch_kfence_init_pool(void) >> return true; >> } >>=20 >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> pte_t *pte =3D virt_to_kpte(addr); >>=20 >> @@ -56,8 +56,6 @@ static inline bool kfence_protect_page(unsigned = long addr, bool protect) >> set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT)); >>=20 >> flush_tlb_kernel_range(addr, addr + PAGE_SIZE); >> - >> - return true; >> } >>=20 >> #endif /* _ASM_RISCV_KFENCE_H */ >> diff --git a/arch/s390/include/asm/kfence.h = b/arch/s390/include/asm/kfence.h >> index d55ba878378b..6d7b3632d79c 100644 >> --- a/arch/s390/include/asm/kfence.h >> +++ b/arch/s390/include/asm/kfence.h >> @@ -33,10 +33,9 @@ static __always_inline void = kfence_split_mapping(void) >> #endif >> } >>=20 >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> __kernel_map_pages(virt_to_page(addr), 1, !protect); >> - return true; >> } >>=20 >> #endif /* _ASM_S390_KFENCE_H */ >> diff --git a/arch/x86/include/asm/kfence.h = b/arch/x86/include/asm/kfence.h >> index ff5c7134a37a..6ffd4a078a71 100644 >> --- a/arch/x86/include/asm/kfence.h >> +++ b/arch/x86/include/asm/kfence.h >> @@ -38,13 +38,9 @@ static inline bool arch_kfence_init_pool(void) >> } >>=20 >> /* Protect the given page and flush TLB. */ >> -static inline bool kfence_protect_page(unsigned long addr, bool = protect) >> +static inline void kfence_protect_page(unsigned long addr, bool = protect) >> { >> - unsigned int level; >> - pte_t *pte =3D lookup_address(addr, &level); >> - >> - if (WARN_ON(!pte || level !=3D PG_LEVEL_4K)) >> - return false; >> + pte_t *pte =3D virt_to_kpte(addr); >=20 > This WARN and bailing here has helped us catch an issue early before > [1] - and because KFENCE ought to be enabled as a debugging tool, the > philosophy is to be failure tolerant and not crash the system here, > hence the "return false". >=20 > [1] https://lore.kernel.org/lkml/Y3bCV6VckVUEF7Pq@elver.google.com/ A good example. >=20 > We're relying on the architecture doing the "right thing", but it's > not entirely unlikely that the arch ends up doing the wrong thing due > to some bug like above (i.e. arch_kfence_init_pool() is faulty). Got it. I=E2=80=99ll drop this one next version. Thanks >=20 > Nack.