From patchwork Tue Oct 26 17:38:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pasha Tatashin X-Patchwork-Id: 12585321 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01B6BC433FE for ; Tue, 26 Oct 2021 17:38:28 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4AAC76103C for ; Tue, 26 Oct 2021 17:38:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4AAC76103C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=soleen.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 93DC9940008; Tue, 26 Oct 2021 13:38:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8ED33940007; Tue, 26 Oct 2021 13:38:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7B5E9940008; Tue, 26 Oct 2021 13:38:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0080.hostedemail.com [216.40.44.80]) by kanga.kvack.org (Postfix) with ESMTP id 6A391940007 for ; Tue, 26 Oct 2021 13:38:26 -0400 (EDT) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 30F9782499B9 for ; Tue, 26 Oct 2021 17:38:26 +0000 (UTC) X-FDA: 78739297812.22.5DCC603 Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com [209.85.222.172]) by imf08.hostedemail.com (Postfix) with ESMTP id D098B300024A for ; Tue, 26 Oct 2021 17:38:18 +0000 (UTC) Received: by mail-qk1-f172.google.com with SMTP id bp7so15868184qkb.12 for ; Tue, 26 Oct 2021 10:38:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=1wFVuNwCQDYBl4y+oheYP9hytkXQV86RHdzyMeLYvHo=; b=DgmpiJ5a4TBPAgk9kfH34K6GHXyXVUok93gbxtPSDZBT9hSEB3TNmKPMh7S4AdUTiY vaIa4rtpH/4yK9n/egQL2T/v1rb+40jk3YhuPBIAeznL3+Vg1ti7X+Vcb+l1jLhx0iyU +BnmNbsW4WV1mWaqP2dMLeNKUDszdu82/Pyv1tELesYUa6S2ecc7KEe2/6n96YRqURfn GnbGn8c5PTRw1aLI869AqkjrrDCfAN8wCwfPF/cmo9xQRxFSIs2rL5owDcZcGOEVg2kx QD0pEfbdtm8G0v6vbHSs95Wq2qjtBZ6SlG3j7qJv/OZfm/WB5BBY6r44gUnhdUv1+LiI GxRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=1wFVuNwCQDYBl4y+oheYP9hytkXQV86RHdzyMeLYvHo=; b=6RLKzF0qKCd4nNyoJVfxyCXC+LKlWK55P4g0/jV7vx9LadPAa4NYVtxfH7z+ZDM9YX 2bS6B04qWOHkTmTQkT1rzJLAMxuypFbONgISlFaW14+Mozr0COtTaK5Ps1T45cOhe3m8 CTghDFoXtQ6mYYKtgf/Q4IWr07+4t5MFipaek5cm9Z6FutkrBXhWhUMpFDCnjL2nHTcw bTeuBFT8tYJi/P2RrqI/1Ca/E1WWmi+dTGjB1J80K7aYx5dKItWi1xeKwIL07ZYwh2ma FB+nnvRh+GVsMLu69FIPxOwU1mq9AfFoBWfDjiK2fPj/sluKbV+VK9FvrD7paJ74f7k7 /DmA== X-Gm-Message-State: AOAM533v0F0A5OORsM38waGa6wtXVLM0rUfTWrnnY/bzgzzGJMM8/LSY 9txS/lC0fx00rhZ4qDr8buIy6Q== X-Google-Smtp-Source: ABdhPJyMZJkPL/lBXsv80gSA7jyRMzmSsRuOz4irGOx6Nwzcx1LmjIDkWSNzBFsXqrtVX0RQFW5FWA== X-Received: by 2002:ae9:f813:: with SMTP id x19mr4851895qkh.198.1635269904891; Tue, 26 Oct 2021 10:38:24 -0700 (PDT) Received: from soleen.c.googlers.com.com (189.216.85.34.bc.googleusercontent.com. [34.85.216.189]) by smtp.gmail.com with ESMTPSA id bj37sm11001939qkb.49.2021.10.26.10.38.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Oct 2021 10:38:24 -0700 (PDT) From: Pasha Tatashin To: pasha.tatashin@soleen.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-m68k@lists.linux-m68k.org, anshuman.khandual@arm.com, willy@infradead.org, akpm@linux-foundation.org, william.kucharski@oracle.com, mike.kravetz@oracle.com, vbabka@suse.cz, geert@linux-m68k.org, schmitzmic@gmail.com, rostedt@goodmis.org, mingo@redhat.com, hannes@cmpxchg.org, guro@fb.com, songmuchun@bytedance.com, weixugc@google.com, gthelen@google.com Subject: [RFC 0/8] Hardening page _refcount Date: Tue, 26 Oct 2021 17:38:14 +0000 Message-Id: <20211026173822.502506-1-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog MIME-Version: 1.0 X-Stat-Signature: w3mhg8iw5pf1hq1jzi7bx4hd4dnyygwi X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: D098B300024A Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=soleen.com header.s=google header.b=DgmpiJ5a; dmarc=none; spf=pass (imf08.hostedemail.com: domain of pasha.tatashin@soleen.com designates 209.85.222.172 as permitted sender) smtp.mailfrom=pasha.tatashin@soleen.com X-HE-Tag: 1635269898-565108 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: It is hard to root cause _refcount problems, because they usually manifest after the damage has occurred. Yet, they can lead to catastrophic failures such memory corruptions. Improve debugability by adding more checks that ensure that page->_refcount never turns negative (i.e. double free does not happen, or free after freeze etc). - Check for overflow and underflow right from the functions that modify _refcount - Remove set_page_count(), so we do not unconditionally overwrite _refcount with an unrestrained value - Trace return values in all functions that modify _refcount Applies against v5.15-rc7. Boot tested in QEMU. Pasha Tatashin (8): mm: add overflow and underflow checks for page->_refcount mm/hugetlb: remove useless set_page_count() mm: Avoid using set_page_count() in set_page_recounted() mm: remove set_page_count() from page_frag_alloc_align mm: avoid using set_page_count() when pages are freed into allocator mm: rename init_page_count() -> page_ref_init() mm: remove set_page_count() mm: simplify page_ref_* functions arch/m68k/mm/motorola.c | 2 +- include/linux/mm.h | 2 +- include/linux/page_ref.h | 116 ++++++++++++++++---------------- include/trace/events/page_ref.h | 66 +++++++++++------- mm/debug_page_ref.c | 22 ++---- mm/hugetlb.c | 2 +- mm/internal.h | 5 +- mm/page_alloc.c | 19 ++++-- 8 files changed, 125 insertions(+), 109 deletions(-)