From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 93A35C76196
	for <linux-mm@archiver.kernel.org>; Tue, 28 Mar 2023 10:33:41 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0A2E46B0072; Tue, 28 Mar 2023 06:33:41 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 02CA16B0074; Tue, 28 Mar 2023 06:33:40 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id DE79A900002; Tue, 28 Mar 2023 06:33:40 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id C9AEC6B0072
	for <linux-mm@kvack.org>; Tue, 28 Mar 2023 06:33:40 -0400 (EDT)
Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 6F4B612011C
	for <linux-mm@kvack.org>; Tue, 28 Mar 2023 10:33:40 +0000 (UTC)
X-FDA: 80617945800.21.61DF75C
Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174])
	by imf29.hostedemail.com (Postfix) with ESMTP id A28DB120010
	for <linux-mm@kvack.org>; Tue, 28 Mar 2023 10:33:37 +0000 (UTC)
Authentication-Results: imf29.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=q6BWSq3V;
	spf=pass (imf29.hostedemail.com: domain of elver@google.com designates 209.85.219.174 as permitted sender) smtp.mailfrom=elver@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1679999617;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=ZDR+svhMJqmi1JNTt9QQspjwqS4wpTbac+Zzy4tDFxI=;
	b=Wq+dDd26HHVqjS+ZdZApwEfVdekZU/44/BTBz66jZ2hrPc5l4+UGbWkMbKp/RIaAIIvWA1
	6016+L8GrmV4o4ioEqGiW03d6HUlOtffFE5+Q/v/8x+dWqQqlIU5k1Rc1M27AwAV8Qi1xf
	yHKvmcM+rTglbDVom/g3MKMaHHEph2I=
ARC-Authentication-Results: i=1;
	imf29.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=q6BWSq3V;
	spf=pass (imf29.hostedemail.com: domain of elver@google.com designates 209.85.219.174 as permitted sender) smtp.mailfrom=elver@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1679999617; a=rsa-sha256;
	cv=none;
	b=gIqlqLRKbJ859y97XWZUIt3TMuqly+mIzkKtbpTvKVa/s3eX6C0vD5UCkmEHyAVaOpqrb2
	QDJ80Uftv6SNu2X6LLLSa/LWM+IpJjeJBfwv1aW4EpLL7dkdo3CDVrgK8iJrLrHt847aSx
	zDXbEiFJuthucrE7BgNQJfcvSZ08AbQ=
Received: by mail-yb1-f174.google.com with SMTP id i6so14386001ybu.8
        for <linux-mm@kvack.org>; Tue, 28 Mar 2023 03:33:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112; t=1679999617;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=ZDR+svhMJqmi1JNTt9QQspjwqS4wpTbac+Zzy4tDFxI=;
        b=q6BWSq3V1F6Rm0Eo4lGZIghczqg4WrLQmzkgqoeTIie1EmepHBt+OGKT/YC9Sd/nbR
         G1096B3bRLGA/WTZ4Ecjlqx0xzZZxnmnfHCP8QENg8WQyMipQJC2ReJmm0NBcvW1/7Ua
         1cqVCArEkX9PJ/ZqW03tKV/8gPtwlNztlXeCQmCv4i73gXMIrxqRaVI3nSxIg/zA/ag6
         ZcmzlpkS6Z6FJmSaiYsFT3qr4IdX3g4UhuvM+6nrYFcKGQwgQ7Np4wEelT4ftwKcL/yl
         qGiOZfbOTEEMioisfApxceMOPvut1f7vLjczyXXBHm/dKW7FAP0kk3bjEH9MgBxO0zLC
         Y0zQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1679999617;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ZDR+svhMJqmi1JNTt9QQspjwqS4wpTbac+Zzy4tDFxI=;
        b=mkZA+Rk40q7NLZeaqYf5golMuiiCNMxCp+NEhV4fLJuAP3nT3rak2XbTvyQx2TazhL
         soFqU81nd3OlDx6f6qrLpKFL/IOQ9/jv3QrBMoombLILtkLMDhl5hnqhMG3Znv5ExnU8
         d69Bl/eqG+DiUUoLOdKcuIyhKxMtJ8DKNWeSfIb+3SnRKKZqIqnTd1dS5+ndHxezN7XG
         YHfT78eRt0ecoop8JwIhhqcGAuk8Hd/Xz5209l6aLyypUf2VFpO1K37Libxsl/i4VG1e
         w5avAg2pHTn4GlBm/jhhGNUJkeHKxQVRQP9DK8niuHUABhgUM6t41cxVL919jX6GQeHI
         lcZw==
X-Gm-Message-State: AAQBX9fqWgdaI8u0mMEa5gjBcNXAoGCEYGbrb++ZdJOtUH2IVs1jhX3x
	g+pC/S55MPgaHPSghRRqiNBw1elg7EsslhFoEOt4mA==
X-Google-Smtp-Source: AKy350YZZt4/ks3j8DNXjnapUa3ZNTgqyy7bbzy1kfqGqIfQn0BYtMYGjz/iUjziVkMI4qqHKqweRe0dTSyARO819Fs=
X-Received: by 2002:a25:2d20:0:b0:b75:afb9:a257 with SMTP id
 t32-20020a252d20000000b00b75afb9a257mr14063323ybt.65.1679999616628; Tue, 28
 Mar 2023 03:33:36 -0700 (PDT)
MIME-Version: 1.0
References: <20230328095807.7014-1-songmuchun@bytedance.com> <20230328095807.7014-4-songmuchun@bytedance.com>
In-Reply-To: <20230328095807.7014-4-songmuchun@bytedance.com>
From: Marco Elver <elver@google.com>
Date: Tue, 28 Mar 2023 12:32:59 +0200
Message-ID: <CANpmjNNry_OxZJFAKSFf9Cpb2SCWM-__AF25BpGwOXpa+DJBUQ@mail.gmail.com>
Subject: Re: [PATCH 3/6] mm: kfence: make kfence_protect_page() void
To: Muchun Song <songmuchun@bytedance.com>
Cc: glider@google.com, dvyukov@google.com, akpm@linux-foundation.org, 
	jannh@google.com, sjpark@amazon.de, muchun.song@linux.dev, 
	kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: A28DB120010
X-Stat-Signature: q31pjdhffy6gozrmatn81kfns4853bmj
X-Rspam-User: 
X-Rspamd-Server: rspam08
X-HE-Tag: 1679999617-184584
X-HE-Meta: U2FsdGVkX1/VnwVWt4xr8ySyE3UEomoD0pyEVkotZk6dk+tK+/n5kE+VU0XSDvltPjXCqNS17OpAhy3UfEcuP9sYiL/ccin2jcrwvWLGJo4bRQOFUNYONRarr9rquYDkaghqgLEeqTji+MnAMk0mgCGsMIPP2CElctZmFrLTisnsxDsJKPZ8YkGh6/O2tSCZN2+45TtFitjdrt4ixVpJTqAZsH4h5SH+fe2wMysJ3mpLVitOX9I8OXXScM8nofyNji2XSccWOUrS9FKsLM/WI2bn/K58K6BS0awciX7XF7yJPjtCYTbFuQPHXljynMloguZjNyNt2OQKqS4UrBY9/l9v8KERhqa2xtCUzdiIFIxF40dVAJ7YxckDSr8McZsZZwdSJg/ekCBiv2A5WtOO8RTtTwmIcUiXBTcvkb/ZjLpHEa5/z4DdO4wIfq2kRRxpqESh3XCPtoY0yDmNrOYc0xMEeRwCNSNVwBaNb+zUTM3yd2tst90WzCRWwuWw9BsGev5/yeDrZ2x/aqPyVLWPN2ypaJQZUY8EYxBPpkhEkSs+k0ER5WJe24nOUzj8uTC33X+UnQo6mcAJvIchOYM+EYwUe3vaoFYASEXjKveHlrXLHsU4F1q0ZQEfyYaeENVl7q6OmsL3JLZxpHT0OcZMetRa73BafcqG09P40GVRzB8xhWyPnSjsFIHTUehNrwU+xK/dbquipfJT62XSo82aojIYW9USadDvGbFiLwLE2vWyR5/EwvZFDM67z1BDyoy5ZDFK3XnGmKcyEEWZ3bvUEoqTHOrtzqgO1yNaHR4YeOJqirTOfJTr6KmOQu4GxagJqtLJQYb70KJLTIAmAYKEzyCzv3sqwjy2C1rtH8sNdeK323FMKb9xf4E3OYBNMshikghBWbdjOmJomYemn2ZZob1KkL8FR8mxjn3j01LFsTzKhCkcHG6Tv4RkHhGp3WGlTaW+Ne5isOdT9mVPgjf
 iziLki/Z
 8wl4De8OB4hy+ewmQX8aPnU54OT6oaxLTfPgXfAsPCO5ckXGb7yrGZ2G4cLEli3OI8XuDEjSpyyED2noC0ZDOAoje5G+ERbzYNW0yRUa3KkTpcwoN7c+vd3gXs3ZudPq+SLDlPeVK5vmtp/bwL4VvlrKIqypNAaqMreaSQTUQBlFtd8fNIqxdp/sM3YLfP82B56yTgYLX6jAc7qu9DZp1YwgIRQ/OmzM4deAGUxMy3/uX1dLOdGV5vnkBd4mgrc4JLdtrJPD2ElEZ1vnnqJPWy40K42OrnLy+onswNfAlC1eobeaYxVQHk2p+JW7Iy2b1YaTDjK53jRwUs0uyl65fSQEjxfmevV9hbm7pkCPAhLxcZRvkTnKtNdHsbgpVG88+Vl+9g1xS2xTXBombC5c9LG+MOvDYH4x9NBb6N1yiY4/ztkgYWTrOf1e+Bw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, 28 Mar 2023 at 11:58, Muchun Song <songmuchun@bytedance.com> wrote:
>
> The arch_kfence_init_pool() make sure kfence pool is mapped with base page
> size (e.g. 4KB), so the following PTE lookup in kfence_protect_page() will
> always succeed. Then there is no way to stop kfence_protect_page() always
> returning true, so make it void to simplify the code.
>
> Signed-off-by: Muchun Song <songmuchun@bytedance.com>
> ---
>  arch/arm/include/asm/kfence.h     |   4 +-
>  arch/arm64/include/asm/kfence.h   |   4 +-
>  arch/parisc/include/asm/kfence.h  |   7 +-
>  arch/powerpc/include/asm/kfence.h |   8 +--
>  arch/riscv/include/asm/kfence.h   |   4 +-
>  arch/s390/include/asm/kfence.h    |   3 +-
>  arch/x86/include/asm/kfence.h     |   9 +--
>  mm/kfence/core.c                  | 142 +++++++++++++++++---------------------
>  8 files changed, 73 insertions(+), 108 deletions(-)
>
> diff --git a/arch/arm/include/asm/kfence.h b/arch/arm/include/asm/kfence.h
> index 7980d0f2271f..c30a5f8125e8 100644
> --- a/arch/arm/include/asm/kfence.h
> +++ b/arch/arm/include/asm/kfence.h
> @@ -43,11 +43,9 @@ static inline bool arch_kfence_init_pool(void)
>         return true;
>  }
>
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
>         set_memory_valid(addr, 1, !protect);
> -
> -       return true;
>  }
>
>  #endif /* __ASM_ARM_KFENCE_H */
> diff --git a/arch/arm64/include/asm/kfence.h b/arch/arm64/include/asm/kfence.h
> index a81937fae9f6..7717c6d98b6f 100644
> --- a/arch/arm64/include/asm/kfence.h
> +++ b/arch/arm64/include/asm/kfence.h
> @@ -12,11 +12,9 @@
>
>  static inline bool arch_kfence_init_pool(void) { return true; }
>
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
>         set_memory_valid(addr, 1, !protect);
> -
> -       return true;
>  }
>
>  #ifdef CONFIG_KFENCE
> diff --git a/arch/parisc/include/asm/kfence.h b/arch/parisc/include/asm/kfence.h
> index 6259e5ac1fea..290792009315 100644
> --- a/arch/parisc/include/asm/kfence.h
> +++ b/arch/parisc/include/asm/kfence.h
> @@ -19,13 +19,10 @@ static inline bool arch_kfence_init_pool(void)
>  }
>
>  /* Protect the given page and flush TLB. */
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
>         pte_t *pte = virt_to_kpte(addr);
>
> -       if (WARN_ON(!pte))
> -               return false;
> -
>         /*
>          * We need to avoid IPIs, as we may get KFENCE allocations or faults
>          * with interrupts disabled.
> @@ -37,8 +34,6 @@ static inline bool kfence_protect_page(unsigned long addr, bool protect)
>                 set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT));
>
>         flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
> -
> -       return true;
>  }
>
>  #endif /* _ASM_PARISC_KFENCE_H */
> diff --git a/arch/powerpc/include/asm/kfence.h b/arch/powerpc/include/asm/kfence.h
> index 6fd2b4d486c5..9d8502a7d0a4 100644
> --- a/arch/powerpc/include/asm/kfence.h
> +++ b/arch/powerpc/include/asm/kfence.h
> @@ -21,16 +21,14 @@ static inline bool arch_kfence_init_pool(void)
>  }
>
>  #ifdef CONFIG_PPC64
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
>         struct page *page = virt_to_page(addr);
>
>         __kernel_map_pages(page, 1, !protect);
> -
> -       return true;
>  }
>  #else
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
>         pte_t *kpte = virt_to_kpte(addr);
>
> @@ -40,8 +38,6 @@ static inline bool kfence_protect_page(unsigned long addr, bool protect)
>         } else {
>                 pte_update(&init_mm, addr, kpte, 0, _PAGE_PRESENT, 0);
>         }
> -
> -       return true;
>  }
>  #endif
>
> diff --git a/arch/riscv/include/asm/kfence.h b/arch/riscv/include/asm/kfence.h
> index d887a54042aa..1299f47170b5 100644
> --- a/arch/riscv/include/asm/kfence.h
> +++ b/arch/riscv/include/asm/kfence.h
> @@ -46,7 +46,7 @@ static inline bool arch_kfence_init_pool(void)
>         return true;
>  }
>
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
>         pte_t *pte = virt_to_kpte(addr);
>
> @@ -56,8 +56,6 @@ static inline bool kfence_protect_page(unsigned long addr, bool protect)
>                 set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT));
>
>         flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
> -
> -       return true;
>  }
>
>  #endif /* _ASM_RISCV_KFENCE_H */
> diff --git a/arch/s390/include/asm/kfence.h b/arch/s390/include/asm/kfence.h
> index d55ba878378b..6d7b3632d79c 100644
> --- a/arch/s390/include/asm/kfence.h
> +++ b/arch/s390/include/asm/kfence.h
> @@ -33,10 +33,9 @@ static __always_inline void kfence_split_mapping(void)
>  #endif
>  }
>
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
>         __kernel_map_pages(virt_to_page(addr), 1, !protect);
> -       return true;
>  }
>
>  #endif /* _ASM_S390_KFENCE_H */
> diff --git a/arch/x86/include/asm/kfence.h b/arch/x86/include/asm/kfence.h
> index ff5c7134a37a..6ffd4a078a71 100644
> --- a/arch/x86/include/asm/kfence.h
> +++ b/arch/x86/include/asm/kfence.h
> @@ -38,13 +38,9 @@ static inline bool arch_kfence_init_pool(void)
>  }
>
>  /* Protect the given page and flush TLB. */
> -static inline bool kfence_protect_page(unsigned long addr, bool protect)
> +static inline void kfence_protect_page(unsigned long addr, bool protect)
>  {
> -       unsigned int level;
> -       pte_t *pte = lookup_address(addr, &level);
> -
> -       if (WARN_ON(!pte || level != PG_LEVEL_4K))
> -               return false;
> +       pte_t *pte = virt_to_kpte(addr);

This WARN and bailing here has helped us catch an issue early before
[1] - and because KFENCE ought to be enabled as a debugging tool, the
philosophy is to be failure tolerant and not crash the system here,
hence the "return false".

[1] https://lore.kernel.org/lkml/Y3bCV6VckVUEF7Pq@elver.google.com/

We're relying on the architecture doing the "right thing", but it's
not entirely unlikely that the arch ends up doing the wrong thing due
to some bug like above (i.e. arch_kfence_init_pool() is faulty).

Nack.