From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=q3d4=PO=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 59AF1C433F5
	for <linux-mm@archiver.kernel.org>; Tue, 26 Oct 2021 18:24:51 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D5B6161040
	for <linux-mm@archiver.kernel.org>; Tue, 26 Oct 2021 18:24:50 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D5B6161040
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 5D401940008; Tue, 26 Oct 2021 14:24:50 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 55C1E940007; Tue, 26 Oct 2021 14:24:50 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4236B940008; Tue, 26 Oct 2021 14:24:50 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0024.hostedemail.com [216.40.44.24])
	by kanga.kvack.org (Postfix) with ESMTP id 2EC14940007
	for <linux-mm@kvack.org>; Tue, 26 Oct 2021 14:24:50 -0400 (EDT)
Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id E0DA131ED2
	for <linux-mm@kvack.org>; Tue, 26 Oct 2021 18:24:49 +0000 (UTC)
X-FDA: 78739414698.02.903241B
Received: from casper.infradead.org (casper.infradead.org [90.155.50.34])
	by imf20.hostedemail.com (Postfix) with ESMTP id DF31DD000644
	for <linux-mm@kvack.org>; Tue, 26 Oct 2021 18:24:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=SKVPRp8QWsSk8ZgHZrLxDGZRN/Q7dRClGxVumXlu1ZY=; b=Teyeqh7Huw8bhKcMXPttBtp+gS
	837G3HJeGdTiA3TWiiaF5haLIYRjemb4QNAnOiBIPNDPNT5vdroNeVd+fPTz4hLqKjl95jU6kEKB7
	ul6MNswaA78pepRxTDWjuKNTvZzrheO0pIko4nPDsZf+s7MPQjmZO0ShuR5uapfV+GRO/2I7ZubdB
	PAIakkdwrraDDIveZyrpXtQF0M83ZrPeSeUsyBpSzM8qgcO6Js7UuodGGvmQ5XMeTHI6brXiuy8CR
	vAk0SPV5woUbBB9B3jD8PKy4MRNPgkxHwDj6Ieik55P5sKgh28LIo6VTmRFHqdpbaOos8XmjDYZ2X
	iLFOSolg==;
Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux))
	id 1mfR6p-00H4T7-BN; Tue, 26 Oct 2021 18:23:54 +0000
Date: Tue, 26 Oct 2021 19:23:39 +0100
From: Matthew Wilcox <willy@infradead.org>
To: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-m68k@lists.linux-m68k.org, anshuman.khandual@arm.com,
	akpm@linux-foundation.org, william.kucharski@oracle.com,
	mike.kravetz@oracle.com, vbabka@suse.cz, geert@linux-m68k.org,
	schmitzmic@gmail.com, rostedt@goodmis.org, mingo@redhat.com,
	hannes@cmpxchg.org, guro@fb.com, songmuchun@bytedance.com,
	weixugc@google.com, gthelen@google.com
Subject: Re: [RFC 0/8] Hardening page _refcount
Message-ID: <YXhHq52jDrU61V4E@casper.infradead.org>
References: <20211026173822.502506-1-pasha.tatashin@soleen.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20211026173822.502506-1-pasha.tatashin@soleen.com>
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: DF31DD000644
X-Stat-Signature: iy6afcu3w4o6wyn77fy6zhkdu45yq16f
Authentication-Results: imf20.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=Teyeqh7H;
	dmarc=none;
	spf=none (imf20.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org
X-HE-Tag: 1635272683-648118
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, Oct 26, 2021 at 05:38:14PM +0000, Pasha Tatashin wrote:
> It is hard to root cause _refcount problems, because they usually
> manifest after the damage has occurred.  Yet, they can lead to
> catastrophic failures such memory corruptions.
> 
> Improve debugability by adding more checks that ensure that
> page->_refcount never turns negative (i.e. double free does not
> happen, or free after freeze etc).
> 
> - Check for overflow and underflow right from the functions that
>   modify _refcount
> - Remove set_page_count(), so we do not unconditionally overwrite
>   _refcount with an unrestrained value
> - Trace return values in all functions that modify _refcount

I think this is overkill.  Won't we get exactly the same protection
by simply testing that page->_refcount == 0 in set_page_count()?
Anything which triggers that BUG_ON would already be buggy because
it can race with speculative gets.