From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9F1AC433EF for ; Thu, 27 Jan 2022 19:39:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 190ED6B0072; Thu, 27 Jan 2022 14:39:32 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 118816B0073; Thu, 27 Jan 2022 14:39:32 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EFC956B0074; Thu, 27 Jan 2022 14:39:31 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0146.hostedemail.com [216.40.44.146]) by kanga.kvack.org (Postfix) with ESMTP id DED6D6B0072 for ; Thu, 27 Jan 2022 14:39:31 -0500 (EST) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 9D209181CAECB for ; Thu, 27 Jan 2022 19:39:31 +0000 (UTC) X-FDA: 79077081342.18.D0EB5A0 Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) by imf06.hostedemail.com (Postfix) with ESMTP id DD4F2180009 for ; Thu, 27 Jan 2022 19:39:30 +0000 (UTC) Received: by mail-ej1-f53.google.com with SMTP id a8so8133957ejc.8 for ; Thu, 27 Jan 2022 11:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BFb8NFrlSpLTas5OqZUZmins6ncV7W5Rmo5+3meVR3g=; b=Y1M+Bf1wwslphNC9H9x0VpVivB/SCcil9aYfoAVt13yg5Ovnt7H3lIEMuriqtFhlpv ekrnPLi/jLCjKpYhcBiKQBI9U8Q2idhM5Y2jnY5rVDWUw1D6PturF4Qp5HxF07TKCc1Z hVPZC4maBNEUCfeGSOEebJPeP6XLJ/2fdS8qKWy0JeBADfPYrbrLx2OhCFPxksMVJcQc pfFFyD8UgurIoPS2TtPatrHLxpKUCG+aG2YLdtHhjbazAXLDlRPMwy5COPM6VtOcVKhi 0rl/2OvACuxdK0d4eD5XYawWhm3ABq00YjIyLHYSPCUVqI1G0PbJJKlCvEeYhPk9CmHS MKfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BFb8NFrlSpLTas5OqZUZmins6ncV7W5Rmo5+3meVR3g=; b=04oORFELOWe1E0/UqOsd4lz7m3wcKKD7S5doT/oMNUT1vgwUVAa7KvlfStyYkUlzEr W9e8SdMlHZjYpJzdmIVdCRUOvOPPglu1S1ka3vM+UQ5pLwul5yvJwfnoH7ZKVD8mPsN2 fyXwPKUuzuqVgLlmQL07bRunyCmm0PuC0AC2hPd/YzfCt1uSbfCmYLAv4xvwIYzylKAc 6MTLVI6ozfhNCIec4lgyP1GSsLtGNcUeQWdxOMTaPpWkhhcZjud6Zea7wJj7JFLopggU UDTer9OFnNrhD4ZIfOOOOQPTdUyTjyclVv8EkaFXDZjrn9H8Se5d/KCrRNrr9DmeoX9K MFjg== X-Gm-Message-State: AOAM530lTcbAZdsD7jk3yYsX+swNpxLtSEq5t8qkA+qIqiNOuQ+5T8ZR mqtZiJTax6KVQo6+R3Lqu+C82QOBv+bS+iED3+fTWA== X-Google-Smtp-Source: ABdhPJwuhg8zPBVbIllXAibAi/ysZVpdojXGj11dmGEm1WuhDT5JouZwm0vT8xovbBnIKrNXGk5qaynKQV2BHOOjEus= X-Received: by 2002:a17:906:dc92:: with SMTP id cs18mr4099175ejc.590.1643312369033; Thu, 27 Jan 2022 11:39:29 -0800 (PST) MIME-Version: 1.0 References: <20220126183429.1840447-1-pasha.tatashin@soleen.com> <20220126183429.1840447-2-pasha.tatashin@soleen.com> In-Reply-To: From: Pasha Tatashin Date: Thu, 27 Jan 2022 14:38:52 -0500 Message-ID: Subject: Re: [PATCH v3 1/9] mm: add overflow and underflow checks for page->_refcount To: Vlastimil Babka Cc: Matthew Wilcox , LKML , linux-mm , linux-m68k@lists.linux-m68k.org, Anshuman Khandual , Andrew Morton , william.kucharski@oracle.com, Mike Kravetz , Geert Uytterhoeven , schmitzmic@gmail.com, Steven Rostedt , Ingo Molnar , Johannes Weiner , Roman Gushchin , Muchun Song , Wei Xu , Greg Thelen , David Rientjes , Paul Turner , Hugh Dickins Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: DD4F2180009 X-Stat-Signature: brk788f3yeibpdkdtxjz8bfs7y3oqqr8 X-Rspam-User: nil Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=soleen.com header.s=google header.b=Y1M+Bf1w; spf=pass (imf06.hostedemail.com: domain of pasha.tatashin@soleen.com designates 209.85.218.53 as permitted sender) smtp.mailfrom=pasha.tatashin@soleen.com; dmarc=none X-HE-Tag: 1643312370-345645 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > > This is not only about chasing a bug. This also about preventing > > memory corruption and information leaking that are caused by ref_count > > bugs from happening. > > So you mean it like a security hardening feature, not just debugging? To me > it's dubious to put security hardening under CONFIG_DEBUG_VM. I think it's > just Fedora that uses DEBUG_VM in general production kernels? In our (Google) internal kernel, I added another macro: PAGE_REF_BUG(cond, page) to replace VM_BUG_ON_PAGE() in page_ref.h. The new macro keeps the asserts always enabled. I was thinking of adding something like this to the upstream kernel as well, however, I am worried about performance implications of having extra conditions in these routines, so I think we would need yet another config which decouples DEBUG_VM and some security crucial VM asserts. However, to reduce controversial discussions, I decided not to do this as part of this series, and perhaps do it as a follow-up work. Pasha