From patchwork Sat Jul 22 23:15:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pasha Tatashin X-Patchwork-Id: 124395 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp1025799vqg; Sat, 22 Jul 2023 16:54:56 -0700 (PDT) X-Google-Smtp-Source: APBJJlGifGPE1j48JSQbUVjGgWtNDLg6CzrDssvI6DpZ7TKyPVF9Mff/wNcChE9cKlQx2a9nvSm1 X-Received: by 2002:a17:906:53cd:b0:992:4250:545b with SMTP id p13-20020a17090653cd00b009924250545bmr5552001ejo.47.1690070096391; Sat, 22 Jul 2023 16:54:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690070096; cv=none; d=google.com; s=arc-20160816; b=HzgT0sogqOIbq3J+IANw5etBeVxwqwCt/V7WyFMyezGOzv01AP2ebXUVhdJKok9CUG bGjOmE0VtavN61XBAd9zEwBRBkFj4XLqyn1ozfQr97/eD93WTgR8n0kxgHsNbVI2Fw0f uN99ERx75MY6MgNDejpv/KymmhZJTa5dByFKPa6QQC4eyrPOSCB2AyU0utZye220l9gZ gFiODfdLnVDdIVuTNpf0eVTm2vs/3kC32cVtXJHNq0Wj0S2sEM/5uTiwur3liMylH/rH SOXf+drEpMsn4XbGBgHFOFUI3ZWKyT0b1qnshsLqq9nBaAXA0/RRbo5H6DX7oBjX7uXC XkVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=Dz1WtFDUN503GFfPrb86//foDSemE6Fx12xrK89H/vw=; fh=3XGqB7GeKQXfJDuGsLK5misCy7INHiOlYLYaXu6kEJM=; b=F07M3GIIabaBaxgFLgEKtsL9aqn2yTJpbqP9Wt74BcyvnI89wiahNDmNXC+IIcqSup PpIkvm/gDaVVIGfLMxXWkiyuwKr/9sHwzKCjWgbivuAkYIx65VSaZ7Z9P5BeilA18DY7 jGLAjyU8/jwKKGS0sgbDAert1YQl1B3EQ9BytFN22nyz9HB7PwqOPDD9ysZfNVULCuQT o5/FvicbyReGLOeZOcY4Tg/DZ91WGobQSDarGsv/m6HKFrliVUqlgPkUfEipNGtBXrzO Iage7oXfu7u2Rrzjyitg5ghrzxWhviaCzcTohOX8xOX/a6U+qtqbJuGW7mF/Mvk7cSZL ktCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b="bY/thvLc"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lo13-20020a170906fa0d00b00991ec5525f7si4490721ejb.50.2023.07.22.16.54.32; Sat, 22 Jul 2023 16:54:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b="bY/thvLc"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229663AbjGVXPW (ORCPT + 99 others); Sat, 22 Jul 2023 19:15:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229572AbjGVXPT (ORCPT ); Sat, 22 Jul 2023 19:15:19 -0400 Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 510FA171E for ; Sat, 22 Jul 2023 16:15:16 -0700 (PDT) Received: by mail-qk1-x733.google.com with SMTP id af79cd13be357-765942d497fso290114285a.1 for ; Sat, 22 Jul 2023 16:15:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1690067715; x=1690672515; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Dz1WtFDUN503GFfPrb86//foDSemE6Fx12xrK89H/vw=; b=bY/thvLcgkc1kW1AiaCtDdgCl0GfMZRm3ZXHre3bwwItwa2QFP+rNHHQro/QmoOQff SI+ax91vPJVjZuEexwJ+NcNiJvh4ZD341RywPTp5zViX/QpyMlKvE3BatWDge2b9aXYf XRzErIo70NKB3/0lov6evFqbdQDftwlrF7WGfTt7v1ErLh86yDMTI1f/NmNREfl6eeu9 JT2qhvs7omUMVpT19OxD5mhUoM7yVse9sNIt+segHAFkLEZSDmqFDZIBfzvQJAbRxmEO dHiDwjGBelZXtngdm3adx169KFbtYBzX1XRUx1NX2rbo7fGIjG9wank6BOnumMU7frS0 bjlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690067715; x=1690672515; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dz1WtFDUN503GFfPrb86//foDSemE6Fx12xrK89H/vw=; b=GuZELCji62BoaD+pivhe9uULynUWnNT03GVGTCOZKM1cOcu3dZQMryAq8bJ/nBBvFI tiqZFIF1jCt6i4Qsz0TejX91eb7baFnOrJ6qi60cXsoXlGTiS1cF/LqoMLpCIUfOEKVD FzCM2WgQxXEb8s2we95Ai0//8nMR623iPfqXQxOBl6HqxImw3us1XQxYLu5BA4LUUng/ 0zeElVwg86kRhCDJT2fZThQta4ZADUwC2xXQUbbmda6EN7PNL0G5otwgyl6bPp7Uv+ti AN1tnwGjItrkNIiDnLYL0rNVihpEhcwwcTGe4zg0zkJJ1p4q0fh3wXZyx6DBLKVIgY// 2T0Q== X-Gm-Message-State: ABy/qLYf40g8dqJBd+LHIHbzQOcy1PKnsGAr/q38T5RjITS9w63/Etlr vYwP/RIrylzzlHS5TEAKBHBARBb901N3MN4jLjc= X-Received: by 2002:a05:620a:158f:b0:767:e27d:99fe with SMTP id d15-20020a05620a158f00b00767e27d99femr3915518qkk.29.1690067715304; Sat, 22 Jul 2023 16:15:15 -0700 (PDT) Received: from soleen.c.googlers.com.com (193.132.150.34.bc.googleusercontent.com. [34.150.132.193]) by smtp.gmail.com with ESMTPSA id u21-20020ae9c015000000b007675c4b530fsm2075957qkk.28.2023.07.22.16.15.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Jul 2023 16:15:14 -0700 (PDT) From: Pasha Tatashin To: pasha.tatashin@soleen.com, akpm@linux-foundation.org, corbet@lwn.net, linux-mm@kvack.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, rick.p.edgecombe@intel.com Subject: [PATCH v2 1/3] mm/page_table_check: Do WARN_ON instead of BUG_ON Date: Sat, 22 Jul 2023 23:15:06 +0000 Message-ID: <20230722231508.1030269-2-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog In-Reply-To: <20230722231508.1030269-1-pasha.tatashin@soleen.com> References: <20230722231508.1030269-1-pasha.tatashin@soleen.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772166941067937122 X-GMAIL-MSGID: 1772166941067937122 Currently, page_table_check when detects errors panics the kernel. Instead, print a warning as it is more useful compared to unconditionally crashing the machine. However, once a warning is detected, the counting of page_table_check becomes unbalanced, therefore, disable its activity until the next boot. In case of where machine hardening requires a more secure environment, it is still possible to crash machine on page_table_check errors via panic_on_warn sysctl option. Signed-off-by: Pasha Tatashin --- mm/page_table_check.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/mm/page_table_check.c b/mm/page_table_check.c index 93ec7690a0d8..ad4447e999f8 100644 --- a/mm/page_table_check.c +++ b/mm/page_table_check.c @@ -22,6 +22,12 @@ static bool __page_table_check_enabled __initdata = DEFINE_STATIC_KEY_TRUE(page_table_check_disabled); EXPORT_SYMBOL(page_table_check_disabled); +#define PAGE_TABLE_CHECK_WARN(v) \ + do { \ + if (WARN_ON_ONCE(v)) \ + static_branch_enable(&page_table_check_disabled); \ + } while (false) + static int __init early_page_table_check_param(char *buf) { return kstrtobool(buf, &__page_table_check_enabled); @@ -50,7 +56,8 @@ struct page_ext_operations page_table_check_ops = { static struct page_table_check *get_page_table_check(struct page_ext *page_ext) { - BUG_ON(!page_ext); + PAGE_TABLE_CHECK_WARN(!page_ext); + return (void *)(page_ext) + page_table_check_ops.offset; } @@ -72,18 +79,18 @@ static void page_table_check_clear(struct mm_struct *mm, unsigned long addr, page = pfn_to_page(pfn); page_ext = page_ext_get(page); - BUG_ON(PageSlab(page)); + PAGE_TABLE_CHECK_WARN(PageSlab(page)); anon = PageAnon(page); for (i = 0; i < pgcnt; i++) { struct page_table_check *ptc = get_page_table_check(page_ext); if (anon) { - BUG_ON(atomic_read(&ptc->file_map_count)); - BUG_ON(atomic_dec_return(&ptc->anon_map_count) < 0); + PAGE_TABLE_CHECK_WARN(atomic_read(&ptc->file_map_count)); + PAGE_TABLE_CHECK_WARN(atomic_dec_return(&ptc->anon_map_count) < 0); } else { - BUG_ON(atomic_read(&ptc->anon_map_count)); - BUG_ON(atomic_dec_return(&ptc->file_map_count) < 0); + PAGE_TABLE_CHECK_WARN(atomic_read(&ptc->anon_map_count)); + PAGE_TABLE_CHECK_WARN(atomic_dec_return(&ptc->file_map_count) < 0); } page_ext = page_ext_next(page_ext); } @@ -110,18 +117,18 @@ static void page_table_check_set(struct mm_struct *mm, unsigned long addr, page = pfn_to_page(pfn); page_ext = page_ext_get(page); - BUG_ON(PageSlab(page)); + PAGE_TABLE_CHECK_WARN(PageSlab(page)); anon = PageAnon(page); for (i = 0; i < pgcnt; i++) { struct page_table_check *ptc = get_page_table_check(page_ext); if (anon) { - BUG_ON(atomic_read(&ptc->file_map_count)); - BUG_ON(atomic_inc_return(&ptc->anon_map_count) > 1 && rw); + PAGE_TABLE_CHECK_WARN(atomic_read(&ptc->file_map_count)); + PAGE_TABLE_CHECK_WARN(atomic_inc_return(&ptc->anon_map_count) > 1 && rw); } else { - BUG_ON(atomic_read(&ptc->anon_map_count)); - BUG_ON(atomic_inc_return(&ptc->file_map_count) < 0); + PAGE_TABLE_CHECK_WARN(atomic_read(&ptc->anon_map_count)); + PAGE_TABLE_CHECK_WARN(atomic_inc_return(&ptc->file_map_count) < 0); } page_ext = page_ext_next(page_ext); } @@ -137,15 +144,15 @@ void __page_table_check_zero(struct page *page, unsigned int order) struct page_ext *page_ext; unsigned long i; - BUG_ON(PageSlab(page)); + PAGE_TABLE_CHECK_WARN(PageSlab(page)); page_ext = page_ext_get(page); - BUG_ON(!page_ext); + PAGE_TABLE_CHECK_WARN(!page_ext); for (i = 0; i < (1ul << order); i++) { struct page_table_check *ptc = get_page_table_check(page_ext); - BUG_ON(atomic_read(&ptc->anon_map_count)); - BUG_ON(atomic_read(&ptc->file_map_count)); + PAGE_TABLE_CHECK_WARN(atomic_read(&ptc->anon_map_count)); + PAGE_TABLE_CHECK_WARN(atomic_read(&ptc->file_map_count)); page_ext = page_ext_next(page_ext); } page_ext_put(page_ext); From patchwork Sat Jul 22 23:15:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pasha Tatashin X-Patchwork-Id: 124394 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp1025742vqg; Sat, 22 Jul 2023 16:54:37 -0700 (PDT) X-Google-Smtp-Source: APBJJlFzlnilmKo4MqXWReo+U2uIzdiOyQGpNjdpskC21oAK+G91033NiAslTBhrmrhHScW7t3gA X-Received: by 2002:a17:906:1c9:b0:989:74a:39ff with SMTP id 9-20020a17090601c900b00989074a39ffmr5350210ejj.49.1690070076965; Sat, 22 Jul 2023 16:54:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690070076; cv=none; d=google.com; s=arc-20160816; b=Z/AlMlwHU944mmH81YBRtcymiZ7WGEucD6ZocrAHtU+A5QvnC1akqW/PinVrto5lkG BEzOoOSOmvkyAgE7dbW4OPIG9qQMVbBiROYNpEACaaYABMdonkVTQiV+35F2jaIs0ugY kKUPI7HMssiK3StWPAkQsn/BEca4tiP+loMrnCRvVkhI+p+cz2O+pWV/zygYaIdXhv0O Q8CW5XHC5E6zOOXnfj16SD3m89eYfSv2HrskZsYQQ3kXG7mhqmRBzk5SUlHSb70sZzJr wqF+u+L7LXfyGTm45ahy8+EPkobLcczmV80VS48Oc343iL+8lyfV6k8w34C3ZwlarQjR dA3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=AN03s9OeFU4xgplmqM3lIZ6LlOvPnGJDa4y5aw2r6PE=; fh=3XGqB7GeKQXfJDuGsLK5misCy7INHiOlYLYaXu6kEJM=; b=LKJYFLklc0L6A4he8KaJSJugqcjSMOfnW7KszFFAReqHMhuJJHsCxIjmA3dCgeYRpQ 3vMurG2JCIcEMY5PFN8aiCKx2IKpU9OU4NI5jupJNF1Y7lSGdwOu8o0tH+eIHkOC5n3e oZQ/Mu2q/+wz2Khyd4lvn4OwZlmlQMPvN7lma04WUZPyBW8uQnpjjrd12YYRI3pWq77/ PTdo0xPlPoK5d+dxiQQzymf/zLes3Sht5tt98z148FMhH3LwN7Dj4KvDti64caqedCwv kG3+9let74HI+EfbstF/827o0I92vxGdrHsvdu5ra7IxBp03Ra4oFytOiFIdu11yW2E5 tODA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=GEwr0q4z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s9-20020a1709060c0900b00992feaebee8si4228581ejf.943.2023.07.22.16.54.05; Sat, 22 Jul 2023 16:54:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=GEwr0q4z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229699AbjGVXPY (ORCPT + 99 others); Sat, 22 Jul 2023 19:15:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229656AbjGVXPU (ORCPT ); Sat, 22 Jul 2023 19:15:20 -0400 Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C71401FCB for ; Sat, 22 Jul 2023 16:15:16 -0700 (PDT) Received: by mail-qv1-xf2e.google.com with SMTP id 6a1803df08f44-63cf40716ffso4257616d6.2 for ; Sat, 22 Jul 2023 16:15:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1690067716; x=1690672516; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=AN03s9OeFU4xgplmqM3lIZ6LlOvPnGJDa4y5aw2r6PE=; b=GEwr0q4z/KJrBbjpH9m4mksCYYGzhmQBkldWwvlrkzZPNUFMo+33zYjKWn236Rz5Jh mNrrcz1WM/1Zm1p4HZjzbp2iOD9Y5Thnv6+TJ4aBxLzCWX9PTygswuQC8+LqS2O5UYva zr3rAoGqN/oYoVNT6hMhFhQCZXGMeXDs3m3dALlQzfV5RH0/CbpIDYZ9GLKnBfbJeNrA fUkGhNpwdYXj8QTjTKXHA8gCo10j3oZij5KaRCcRWldrqMIvfZjg/UXbGDHeJUE/BZk9 3Wus6jWqwnVJyxWj53YeX8o6cUJ+8Ed98IR/js9MS6gJHzN9MVBtaCE912d72lqlkRm2 duUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690067716; x=1690672516; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AN03s9OeFU4xgplmqM3lIZ6LlOvPnGJDa4y5aw2r6PE=; b=k8l+cT8hgIt30QzcxjdKyvAzfJNpWtx4Il2yb66zLe+AXya06dofP3xYskXO9QJWTy mqphkyOsS4q6UUtvYI/siLnpazgcBNB5VLi38XArb2eXl91kYV+si7KYyqwGbjoVxi04 i8vJ9u68OH/CuD9pROTRq74BpLCjDhEUNuugByhQHPKPjjtlG2UN6WS3MWYIt2cl52yc 2uNElDEERWPoUUCs4XOGFAADxZ+N1+mtNR/Qoz+pMMtH2dwbqzqXwdTUoCHdLFRzEnDe eRt+edirZjWy7MncQm8046+e8WOl1NpJjRrpwQNdnBrR7/inBZp0f2XvJCkwIskzxciT 1nPw== X-Gm-Message-State: ABy/qLZKRo7HkWC6PxIf8f3k1zPfoDCo/JvFPSvIwwhwnf+9ScnmPJrB 9zfj31REtUTwM0pQ8Fz4qs1aAg== X-Received: by 2002:a0c:e049:0:b0:632:80f:4728 with SMTP id y9-20020a0ce049000000b00632080f4728mr3778989qvk.27.1690067715976; Sat, 22 Jul 2023 16:15:15 -0700 (PDT) Received: from soleen.c.googlers.com.com (193.132.150.34.bc.googleusercontent.com. [34.150.132.193]) by smtp.gmail.com with ESMTPSA id u21-20020ae9c015000000b007675c4b530fsm2075957qkk.28.2023.07.22.16.15.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Jul 2023 16:15:15 -0700 (PDT) From: Pasha Tatashin To: pasha.tatashin@soleen.com, akpm@linux-foundation.org, corbet@lwn.net, linux-mm@kvack.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, rick.p.edgecombe@intel.com Subject: [PATCH v2 2/3] doc/vm: add information about page_table_check warn_on behavior Date: Sat, 22 Jul 2023 23:15:07 +0000 Message-ID: <20230722231508.1030269-3-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog In-Reply-To: <20230722231508.1030269-1-pasha.tatashin@soleen.com> References: <20230722231508.1030269-1-pasha.tatashin@soleen.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772166921002256505 X-GMAIL-MSGID: 1772166921002256505 The default behavior of page table check was changed from panicking kernel to printing a warning. Add a note how to still panic the kernel when error is detected. Signed-off-by: Pasha Tatashin --- Documentation/mm/page_table_check.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Documentation/mm/page_table_check.rst b/Documentation/mm/page_table_check.rst index c12838ce6b8d..f534c80ee9c9 100644 --- a/Documentation/mm/page_table_check.rst +++ b/Documentation/mm/page_table_check.rst @@ -14,13 +14,14 @@ Page table check performs extra verifications at the time when new pages become accessible from the userspace by getting their page table entries (PTEs PMDs etc.) added into the table. -In case of detected corruption, the kernel is crashed. There is a small +In case of detected corruption, a warning is printed. There is a small performance and memory overhead associated with the page table check. Therefore, it is disabled by default, but can be optionally enabled on systems where the extra hardening outweighs the performance costs. Also, because page table check is synchronous, it can help with debugging double map memory corruption issues, by crashing kernel at the time wrong mapping occurs instead of later which is -often the case with memory corruptions bugs. +often the case with memory corruptions bugs. In order to crash kernel sysctl +panic_on_warn should be set to 1. Double mapping detection logic ============================== From patchwork Sat Jul 22 23:15:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pasha Tatashin X-Patchwork-Id: 124393 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp1022421vqg; Sat, 22 Jul 2023 16:39:17 -0700 (PDT) X-Google-Smtp-Source: APBJJlH4bXCIoU0Kv9TVyzlgvatvlySG82cfOjaHLmMV3U6uYEmmZqJSOHwUkSvsWReRRJVMJ9Wi X-Received: by 2002:a05:6a21:32a5:b0:134:37bb:89be with SMTP id yt37-20020a056a2132a500b0013437bb89bemr5585112pzb.57.1690069156870; Sat, 22 Jul 2023 16:39:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690069156; cv=none; d=google.com; s=arc-20160816; b=XoQcPUm4rGvVXfyQYsgsW5vQIhj3uMJTRz2k95hz/feUI4UMrcX24WezNi9l4Pm9pz raDiM7QpF12i6vSkRaC65dxbEqcPlMNssIVX+iId2RLF0exeNMZ4ybilyx5CIq0OwFaq cSNCPzs+6XqRGZCCPfzffyMch1HXtaSxEgQUb74uBldwZm7aa9WwFXXW0qnjfbrszm0a Cab32mJ+8s41XLt1fWHeUWFYj3VCnoq4bTa6w8PdLyTfi5NfrytdyT2xpDdIVRLaBBIf nmv1VvEfdSbEMMAH1xhQdL78zkQLpWBVhOKjjzJnWJ9hG01OJ64RhLiqT3bmDx7lJYih f5fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=jqX+omN+4AV/jEW9gJWFZdBmlFQeDD8EFviSI3KwL+8=; fh=3XGqB7GeKQXfJDuGsLK5misCy7INHiOlYLYaXu6kEJM=; b=IiqGOtW4IZ5M6a5gvgigtz0a6siULye6LDGkPmNuZxgoWiJqjGXZDsvHQLfWIRJ6pG IHU+zyR+h9GSpTupzXo9h9qsG0e1H7xV+xfC+gff0Aro7MjMhgORrZ/PrK+nXhY3XobU yEFKEHSaCHRpUdARg6hHc69rzhO+5y3QGpHCzVNjBnNtADl9my6aREDSHq9lDvtFpnKx I072Vr2SXGQ0fIdNpothlBN7PbfuuPCQ75jN9d5Rl53uYJ+CnqA6bpg8mck+bFdry/s1 vXqurIrf5S4sAUdy2KXC0nz3GnQKK8kT0MTgOg+5OGh9gmvHO4kmNR9fLkBfS3rbA1M+ Wh/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=h4VGOvKM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y193-20020a638aca000000b0056334973c45si5908380pgd.826.2023.07.22.16.38.54; Sat, 22 Jul 2023 16:39:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=h4VGOvKM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229708AbjGVXP0 (ORCPT + 99 others); Sat, 22 Jul 2023 19:15:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229666AbjGVXPU (ORCPT ); Sat, 22 Jul 2023 19:15:20 -0400 Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 926641708 for ; Sat, 22 Jul 2023 16:15:17 -0700 (PDT) Received: by mail-qk1-x731.google.com with SMTP id af79cd13be357-76ad842d12fso245745785a.3 for ; Sat, 22 Jul 2023 16:15:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1690067716; x=1690672516; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jqX+omN+4AV/jEW9gJWFZdBmlFQeDD8EFviSI3KwL+8=; b=h4VGOvKMgez+/NKOawppSiHt7934PF71iQ7qv8jvSgyoGVHQdeSp1JgcRIsn2D88hx g2qwPAuZJScjWF75Ou+qLGKjKOMoBD6KgtLtf0HDYfqszmZ+yCoggVBesEXvtWMjVL8g JpUjuA4gJbUNFr73GuH0FlWZrgf5yI6+x2LMQdtPiA8g0Av/6cdf1+CYfjPWtybKpcP9 eVd7uPFytoOlTw5R5xKtG9M76QYaPDi/SS5XihMN3binOTlJbuopN24pguAFSUKmGTZV KDBH4hbi0ALobtUZ6mlYQTvapei1p+n2u+rufzxhHrLS/TA6KLItQHUFRHlM6LpiyDgq m73w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690067716; x=1690672516; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jqX+omN+4AV/jEW9gJWFZdBmlFQeDD8EFviSI3KwL+8=; b=eLenBmQTUY3EHLJWA8o1sEZTyNYppcTihuAIeEjq3zMkQjUwNaCfOLvq8VC3DF6aKU FHTnt+K1ToK39UE3zzFBzmHySNI/sM9XgwDzup+hxafgEa7TFcC82TxaSCzApEvVHSiq tCZ1/+9mFcgMpmfQJ0I609Lrp4aKP3Tjj+B+0PjDM+4qdlmzdogxaDnM57J1asxv9s5G cOIqGDc0MYRh4HfrwJ8hGX0+XKsyXA4cnX8Oq5hHE+aOHhMS8ZC0kJd5zeMSP5pVepiS 9yWbH9oCmMsu3y8V57NtW8dSF3qWuzDPp8gjLECRQdnm9hBad2K/xAsoNEHAPE7toB24 cvOg== X-Gm-Message-State: ABy/qLY4a6WU46dqcASOd835b7GG1oE2P4N1Lc/cCC8uovMtTqSpE2f+ CsnMq22/ymN2r6GhBxL7sdgNdA== X-Received: by 2002:a05:620a:2807:b0:75b:23a0:e7e9 with SMTP id f7-20020a05620a280700b0075b23a0e7e9mr4800481qkp.74.1690067716634; Sat, 22 Jul 2023 16:15:16 -0700 (PDT) Received: from soleen.c.googlers.com.com (193.132.150.34.bc.googleusercontent.com. [34.150.132.193]) by smtp.gmail.com with ESMTPSA id u21-20020ae9c015000000b007675c4b530fsm2075957qkk.28.2023.07.22.16.15.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Jul 2023 16:15:16 -0700 (PDT) From: Pasha Tatashin To: pasha.tatashin@soleen.com, akpm@linux-foundation.org, corbet@lwn.net, linux-mm@kvack.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, rick.p.edgecombe@intel.com Subject: [PATCH v2 3/3] mm/page_table_check: Check writable zero page in page table check Date: Sat, 22 Jul 2023 23:15:08 +0000 Message-ID: <20230722231508.1030269-4-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog In-Reply-To: <20230722231508.1030269-1-pasha.tatashin@soleen.com> References: <20230722231508.1030269-1-pasha.tatashin@soleen.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772165956096486867 X-GMAIL-MSGID: 1772165956096486867 From: Rick Edgecombe The zero page should remain all zero, so that it can be mapped as read-only for read faults of memory that should be zeroed. If it is ever mapped writable to userspace, it could become non-zero and so other apps would unexpectedly get non-zero data. So the zero page should never be mapped writable to userspace. Check for this condition in page_table_check_set(). Signed-off-by: Rick Edgecombe Signed-off-by: Pasha Tatashin --- mm/page_table_check.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/page_table_check.c b/mm/page_table_check.c index ad4447e999f8..db1ed36f7203 100644 --- a/mm/page_table_check.c +++ b/mm/page_table_check.c @@ -114,6 +114,8 @@ static void page_table_check_set(struct mm_struct *mm, unsigned long addr, if (!pfn_valid(pfn)) return; + PAGE_TABLE_CHECK_WARN(is_zero_pfn(pfn) && rw); + page = pfn_to_page(pfn); page_ext = page_ext_get(page);