From: Matthew Wilcox <willy@infradead.org>
To: Jann Horn <jannh@google.com>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org,
cgroups@vger.kernel.org, linux-kselftest@vger.kernel.org,
akpm@linux-foundation.org, corbet@lwn.net, derek.kiernan@amd.com,
dragan.cvetic@amd.com, arnd@arndb.de, gregkh@linuxfoundation.org,
viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz,
tj@kernel.org, hannes@cmpxchg.org, mhocko@kernel.org,
roman.gushchin@linux.dev, shakeel.butt@linux.dev,
muchun.song@linux.dev, Liam.Howlett@oracle.com, vbabka@suse.cz,
shuah@kernel.org, vegard.nossum@oracle.com,
vattunuru@marvell.com, schalla@marvell.com, david@redhat.com,
osalvador@suse.de, usama.anjum@collabora.com, andrii@kernel.org,
ryan.roberts@arm.com, peterx@redhat.com, oleg@redhat.com,
tandersen@netflix.com, rientjes@google.com, gthelen@google.com,
linux-hardening@vger.kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [RFCv1 0/6] Page Detective
Date: Tue, 19 Nov 2024 18:51:23 +0000 [thread overview]
Message-ID: <ZzzeK8Fi_GlXPzjc@casper.infradead.org> (raw)
In-Reply-To: <CAG48ez0NzMbwnbvMO7KbUROZq5ne7fhiau49v7oyxwPrYL=P6Q@mail.gmail.com>
On Tue, Nov 19, 2024 at 01:52:00PM +0100, Jann Horn wrote:
> > I will take reference, as we already do that for memcg purpose, but
> > have not included dump_page().
>
> Note that taking a reference on the page does not make all of
> dump_page() fine; in particular, my understanding is that
> folio_mapping() requires that the page is locked in order to return a
> stable pointer, and some of the code in dump_mapping() would probably
> also require some other locks - probably at least on the inode and
> maybe also on the dentry, I think? Otherwise the inode's dentry list
> can probably change concurrently, and the dentry's name pointer can
> change too.
First important thing is that we snapshot the page. So while we may
have a torn snapshot of the page, it can't change under us any more,
so we don't have to worry about it being swizzled one way and then
swizzled back.
Second thing is that I think using folio_mapping() is actually wrong.
We don't want the swap mapping if it's an anon page that's in the
swapcache. We'd be fine just doing mapping = folio->mapping (we'd need
to add a check for movable, but I think that's fine). Anyway, we know
the folio isn't ksm or anon at the point that we call dump_mapping()
because there's a chain of "else" statements. So I think we're fine
because we can't switch between anon & file while holding a refcount.
Having a refcount on the folio will prevent the folio from being allocated
to anything else again. It will not protect the mapping from being torn
down (the folio can be truncated from the mapping, then the mapping can
be freed, and the memory reused). As you say, the dentry can be renamed
as well.
This patch series makes me nervous. I'd rather see it done as a bpf
script or drgn script, but if it is going to be done in C, I'd really
like to see more auditing of the safety here. It feels like the kind
of hack that one deploys internally to debug a hard-to-hit condition,
rather than the kind of code that we like to ship upstream.
next prev parent reply other threads:[~2024-11-19 18:51 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-16 17:59 Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 1/6] mm: Make get_vma_name() function public Pasha Tatashin
2024-11-18 10:26 ` Lorenzo Stoakes
2024-11-18 20:40 ` Pasha Tatashin
2024-11-18 20:44 ` Matthew Wilcox
2024-11-18 22:26 ` Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 2/6] pagewalk: Add a page table walker for init_mm page table Pasha Tatashin
2024-11-18 6:49 ` Christoph Hellwig
2024-11-18 10:32 ` Lorenzo Stoakes
2024-11-18 20:42 ` Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 3/6] mm: Add a dump_page variant that accept log level argument Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 4/6] misc/page_detective: Introduce Page Detective Pasha Tatashin
2024-11-16 22:20 ` Jonathan Corbet
2024-11-18 20:43 ` Pasha Tatashin
2024-11-18 11:11 ` Lorenzo Stoakes
2024-11-18 21:55 ` Jann Horn
2024-11-16 17:59 ` [RFCv1 5/6] misc/page_detective: enable loadable module Pasha Tatashin
2024-11-16 17:59 ` [RFCv1 6/6] selftests/page_detective: Introduce self tests for Page Detective Pasha Tatashin
2024-11-17 6:25 ` Muhammad Usama Anjum
2024-11-18 20:27 ` Pasha Tatashin
2024-11-18 11:17 ` [RFCv1 0/6] " Lorenzo Stoakes
2024-11-18 12:53 ` Jann Horn
2024-11-18 22:24 ` Pasha Tatashin
2024-11-19 0:39 ` Jann Horn
2024-11-19 1:29 ` Pasha Tatashin
2024-11-19 12:52 ` Jann Horn
2024-11-19 15:14 ` Pasha Tatashin
2024-11-19 15:53 ` Jann Horn
2024-11-19 18:51 ` Matthew Wilcox [this message]
2024-11-18 19:11 ` Roman Gushchin
2024-11-18 22:08 ` Pasha Tatashin
2024-11-19 1:09 ` Greg KH
2024-11-19 15:08 ` Pasha Tatashin
2024-11-19 18:23 ` Roman Gushchin
2024-11-19 19:30 ` Pasha Tatashin
2024-11-19 19:35 ` Yosry Ahmed
2024-11-19 20:57 ` Roman Gushchin
2024-11-20 16:13 ` Pasha Tatashin
2024-11-20 17:33 ` Yosry Ahmed
2024-11-20 17:46 ` Pasha Tatashin
2024-11-20 15:29 ` Andi Kleen
2024-11-20 16:40 ` Pasha Tatashin
2024-11-20 19:14 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzzeK8Fi_GlXPzjc@casper.infradead.org \
--to=willy@infradead.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=andrii@kernel.org \
--cc=arnd@arndb.de \
--cc=brauner@kernel.org \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=david@redhat.com \
--cc=derek.kiernan@amd.com \
--cc=dragan.cvetic@amd.com \
--cc=gregkh@linuxfoundation.org \
--cc=gthelen@google.com \
--cc=hannes@cmpxchg.org \
--cc=jack@suse.cz \
--cc=jannh@google.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mhocko@kernel.org \
--cc=muchun.song@linux.dev \
--cc=oleg@redhat.com \
--cc=osalvador@suse.de \
--cc=pasha.tatashin@soleen.com \
--cc=peterx@redhat.com \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=ryan.roberts@arm.com \
--cc=schalla@marvell.com \
--cc=shakeel.butt@linux.dev \
--cc=shuah@kernel.org \
--cc=tandersen@netflix.com \
--cc=tj@kernel.org \
--cc=usama.anjum@collabora.com \
--cc=vattunuru@marvell.com \
--cc=vbabka@suse.cz \
--cc=vegard.nossum@oracle.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox