| Message ID | 20211221154650.1047963-1-pasha.tatashin@soleen.com (mailing list archive) |
|---|---|
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by smtp.lore.kernel.org (Postfix) with ESMTP id 8816CC433F5
for <linux-mm@archiver.kernel.org>; Tue, 21 Dec 2021 15:46:55 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id DF0A56B0089; Tue, 21 Dec 2021 10:46:54 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
id D9EC26B0093; Tue, 21 Dec 2021 10:46:54 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id C3F576B0095; Tue, 21 Dec 2021 10:46:54 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0063.hostedemail.com
[216.40.44.63])
by kanga.kvack.org (Postfix) with ESMTP id B63096B0089
for <linux-mm@kvack.org>; Tue, 21 Dec 2021 10:46:54 -0500 (EST)
Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com
[10.5.19.251])
by forelay05.hostedemail.com (Postfix) with ESMTP id 7A2AA181AC9C6
for <linux-mm@kvack.org>; Tue, 21 Dec 2021 15:46:54 +0000 (UTC)
X-FDA: 78942229548.18.2ED9805
Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com
[209.85.222.176])
by imf08.hostedemail.com (Postfix) with ESMTP id 76950160024
for <linux-mm@kvack.org>; Tue, 21 Dec 2021 15:46:47 +0000 (UTC)
Received: by mail-qk1-f176.google.com with SMTP id 69so415049qkd.6
for <linux-mm@kvack.org>; Tue, 21 Dec 2021 07:46:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=soleen.com; s=google;
h=from:to:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=Wp/HeccXa9xnTA9O/FUGVCpEIiwdVnEDZtGGmdBcjUY=;
b=YiSDTG779I8cLW6rhRB0yFATVSL1P9IPB+kFleWPODdnIr9LmHHJNricj9Yzvf5SiW
h1jJfg3YuoibR8YlBFmLb0ugestSp4/kLe2TqRd5aZxX55zJCDhnqmQVH9Pg9VXODXBy
EA2rn/44IZ4myCtSliYeH0eLCzZYJHFNNCjkb21DRh09G2foKG7o7QgssPFbPFOradyT
xDxqlP+Gal58Y6IuTDSkpVu/NNW4P9/1pHSbrMRW63ANlaKtfciArBErBLWlUd20/u2O
Af/lSDDyQ4+OJZ2w1iZOCM10P0xOWDURmLXhTlYL33rZhWiZXuwpjmw7VXyywaqq/EEt
7o3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=Wp/HeccXa9xnTA9O/FUGVCpEIiwdVnEDZtGGmdBcjUY=;
b=LXwq0Vvd1Y9ptS3qDe7bYZjZ1fodbBUtMZochv0ckv72UQwoqo8DYjpgIY/hqF48l0
WfG7BzwZH4GePD9w43FN0TMVuJqPpvHbK03dYgMJODJblHUT7J1iAVO6m7jegwy1Fuky
1NQcl2DO4RxT9SX8/1scMJDaUhwT3akKt7Tm1qeuiCzlpsqV+X3fUpc5scZzpQFnkkqG
SnjI4+/HDhVoyFmrgkD0YqZk6l4NtXfRYItctzzR+ZIQ2QMLiUq02n9D4ZJBi3mwM390
SLQoSj1iNVhmSjxnPeFHgkWz0VYh9wm40bpM7qz+o9doWoER3r1LOb49QOiLOxRnokAW
VaYQ==
X-Gm-Message-State: AOAM532rykkCyyiu0hjTFtpuVdmX03GZLZPIEji/LZg53BCSguqc035/
OWdsQoyJwxv9eUm2kMUl7IfURw==
X-Google-Smtp-Source:
ABdhPJzRe1rSX6L6kfzO5qYlXvQTw38d6ZvmTR80h9v01mVt4zM0d9lkFGV2fQx/Z9dZDortQdz1Vg==
X-Received: by 2002:a05:620a:28d1:: with SMTP id
l17mr2398209qkp.525.1640101613100;
Tue, 21 Dec 2021 07:46:53 -0800 (PST)
Received: from soleen.c.googlers.com.com
(189.216.85.34.bc.googleusercontent.com. [34.85.216.189])
by smtp.gmail.com with ESMTPSA id
d20sm224588qtg.73.2021.12.21.07.46.52
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 21 Dec 2021 07:46:52 -0800 (PST)
From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: pasha.tatashin@soleen.com,
linux-kernel@vger.kernel.org,
linux-mm@kvack.org,
linux-doc@vger.kernel.org,
akpm@linux-foundation.org,
rientjes@google.com,
pjt@google.com,
weixugc@google.com,
gthelen@google.com,
mingo@redhat.com,
corbet@lwn.net,
will@kernel.org,
rppt@kernel.org,
keescook@chromium.org,
tglx@linutronix.de,
peterz@infradead.org,
masahiroy@kernel.org,
samitolvanen@google.com,
dave.hansen@linux.intel.com,
x86@kernel.org,
frederic@kernel.org,
hpa@zytor.com,
aneesh.kumar@linux.ibm.com,
jirislaby@kernel.org,
songmuchun@bytedance.com,
qydwhotmail@gmail.com,
hughd@google.com
Subject: [PATCH v3 0/4] page table check
Date: Tue, 21 Dec 2021 15:46:46 +0000
Message-Id: <20211221154650.1047963-1-pasha.tatashin@soleen.com>
X-Mailer: git-send-email 2.34.1.307.g9b7440fafd-goog
MIME-Version: 1.0
X-Rspamd-Queue-Id: 76950160024
X-Stat-Signature: a8aowqibe6gy6ibnkhpam1efpm1njj6a
Authentication-Results: imf08.hostedemail.com;
dkim=pass header.d=soleen.com header.s=google header.b=YiSDTG77;
dmarc=none;
spf=pass (imf08.hostedemail.com: domain of pasha.tatashin@soleen.com
designates 209.85.222.176 as permitted sender)
smtp.mailfrom=pasha.tatashin@soleen.com
X-Rspamd-Server: rspam11
X-HE-Tag: 1640101607-187181
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
|
| Series | page table check | expand |
From: Pasha Tatashin <tatashin@google.com> Changelog: v3: - Updated "mm: change page type prior to adding page table entry" to also include the other cases where we update page table prior to struct page. Thanks Hugh Dickins for this review comment. v2: - Fixed bug reported by Fushan Wen The root cause was that in do_swap_page() we first add page table entry and only later change its type to anon. - Added EXPORT_SYMBOL() to functions which are called from set_pte_* type functions. - Replaced DEFINE_STATIC_KEY_TRUE_RO with DEFINE_STATIC_KEY_TRUE to fix issue with module load/unload as reported and root caused by Jiri Slaby v1: - Added ptep_clear() to mm/debug_vm_pgtable.c (thanks Anshuman Khandual) - Addressed documentation comments from Jonathan Corbet. Ensure that some memory corruptions are prevented by checking at the time of insertion of entries into user page tables that there is no illegal sharing. We have recently found a problem [1] that existed in kernel since 4.14. The problem was caused by broken page ref count and led to memory leaking from one process into another. The problem was accidentally detected by studying a dump of one process and noticing that one page contains memory that should not belong to this process. There are some other page->_refcount related problems that were recently fixed: [2], [3] which potentially could also lead to illegal sharing. In addition to hardening refcount [4] itself, this work is an attempt to prevent this class of memory corruption issues. It uses a simple state machine that is independent from regular MM logic to check for illegal sharing at time pages are inserted and removed from page tables. [1] https://lore.kernel.org/all/xr9335nxwc5y.fsf@gthelen2.svl.corp.google.com [2] https://lore.kernel.org/all/1582661774-30925-2-git-send-email-akaher@vmware.com [3] https://lore.kernel.org/all/20210622021423.154662-3-mike.kravetz@oracle.com [4] https://lore.kernel.org/all/20211221150140.988298-1-pasha.tatashin@soleen.com Previous versions: v2: https://lore.kernel.org/all/20211204182314.1470076-1-pasha.tatashin@soleen.com v1: https://lore.kernel.org/all/20211123214814.3756047-1-pasha.tatashin@soleen.com/ RFC: https://lore.kernel.org/all/20211116220038.116484-1-pasha.tatashin@soleen.com Pasha Tatashin (4): mm: change page type prior to adding page table entry mm: ptep_clear() page table helper mm: page table check x86: mm: add x86_64 support for page table check Documentation/vm/arch_pgtable_helpers.rst | 6 +- Documentation/vm/index.rst | 1 + Documentation/vm/page_table_check.rst | 56 +++++ MAINTAINERS | 9 + arch/Kconfig | 3 + arch/x86/Kconfig | 1 + arch/x86/include/asm/pgtable.h | 29 ++- include/linux/page_table_check.h | 147 ++++++++++++ include/linux/pgtable.h | 8 + mm/Kconfig.debug | 24 ++ mm/Makefile | 1 + mm/debug_vm_pgtable.c | 2 +- mm/hugetlb.c | 6 +- mm/khugepaged.c | 12 +- mm/memory.c | 9 +- mm/migrate.c | 5 +- mm/page_alloc.c | 4 + mm/page_ext.c | 4 + mm/page_table_check.c | 270 ++++++++++++++++++++++ mm/swapfile.c | 4 +- 20 files changed, 574 insertions(+), 27 deletions(-) create mode 100644 Documentation/vm/page_table_check.rst create mode 100644 include/linux/page_table_check.h create mode 100644 mm/page_table_check.c