From patchwork Wed Dec 18 13:04:36 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Qi Zheng <zhengqi.arch@bytedance.com>
X-Patchwork-Id: 13913611
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9E521E77187
	for <linux-mm@archiver.kernel.org>; Wed, 18 Dec 2024 13:05:13 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 093A56B007B; Wed, 18 Dec 2024 08:05:13 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 044176B0083; Wed, 18 Dec 2024 08:05:12 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E26A86B0085; Wed, 18 Dec 2024 08:05:12 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com
 [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id C601D6B007B
	for <linux-mm@kvack.org>; Wed, 18 Dec 2024 08:05:12 -0500 (EST)
Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 814CD80DD1
	for <linux-mm@kvack.org>; Wed, 18 Dec 2024 13:05:12 +0000 (UTC)
X-FDA: 82908099540.12.63A6607
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com
 [209.85.214.170])
	by imf06.hostedemail.com (Postfix) with ESMTP id 79DF3180005
	for <linux-mm@kvack.org>; Wed, 18 Dec 2024 13:04:47 +0000 (UTC)
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=bytedance.com header.s=google header.b=I7FqH+Uh;
	spf=pass (imf06.hostedemail.com: domain of zhengqi.arch@bytedance.com
 designates 209.85.214.170 as permitted sender)
 smtp.mailfrom=zhengqi.arch@bytedance.com;
	dmarc=pass (policy=quarantine) header.from=bytedance.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1734527075;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:references:dkim-signature;
	bh=WiEONMPazeHcIAONxAFAw/Gkcv+vbsaJIFc7nuITEBQ=;
	b=Dg8JO35baXKOtyoa8atQuhBg6Bq06x4W27mDH2i6pid+LXTfWF5N0InLQgkqA+QQp8bigY
	LXUsfMLumig7Msaz4hyD7DVVrzN4zAAXjqL3rvyprpf5kRQzLqp6dv/+ume/WBdiIpdStE
	wvBKNQ2J+vZzligTrLnEEqjp5USjmTU=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734527075; a=rsa-sha256;
	cv=none;
	b=TmRTZDm7wAtoIz6CzLQ1M+MQbyVyfyyUzx/cvvS/vceEWm3ZB1qcbKiLURWHfpNkFz04Av
	/bZT4lT8nLfzHhNvV6MVNC6NfdOKyWghIy2jTfsNypbbSB5mFD2NGEFuFEANM6rHSdylZw
	akyZgZQ6vbeVHuM0ERG7qL7VQL954Y4=
ARC-Authentication-Results: i=1;
	imf06.hostedemail.com;
	dkim=pass header.d=bytedance.com header.s=google header.b=I7FqH+Uh;
	spf=pass (imf06.hostedemail.com: domain of zhengqi.arch@bytedance.com
 designates 209.85.214.170 as permitted sender)
 smtp.mailfrom=zhengqi.arch@bytedance.com;
	dmarc=pass (policy=quarantine) header.from=bytedance.com
Received: by mail-pl1-f170.google.com with SMTP id
 d9443c01a7336-218c8aca5f1so23388225ad.0
        for <linux-mm@kvack.org>; Wed, 18 Dec 2024 05:05:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=bytedance.com; s=google; t=1734527108; x=1735131908; darn=kvack.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=WiEONMPazeHcIAONxAFAw/Gkcv+vbsaJIFc7nuITEBQ=;
        b=I7FqH+Uh0bhxgwJR3k+L50Uhd47oDk4kwtMYL39ngAmZ0FamzsJxmC3vZcZBUs12ig
         Owx539TMrgPsnZ9B//BTBYG32dMhdPY6QwmWoAL/rj4v5AAItGErzHondl0Kx6ZgJzwq
         OuP5Jq8Ruh5MkUkI2Z03/7J2XPY6b8/P7+i794kaV0xwJpdxcFMghZYuhriFhtGmoPRa
         VnPh9e6K9PeEYQjCjo9ILmEEDsxiLhGJKeP73Jp0sN5UsArszjFbgTDAJQYSkAHqnwWV
         3p2LpHcmJLmmSEFA4CbOb/kvJPfQ4DrVafAXPdTntaftZdR6tmkc6BoHc9FbVikYXcdD
         /Low==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734527108; x=1735131908;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WiEONMPazeHcIAONxAFAw/Gkcv+vbsaJIFc7nuITEBQ=;
        b=oaf2AG5kUWNh1gFGj2HZ3Jmd4iC8bwbO5BAlO0fD237zvmdggoA5erU5+Cyuwc1jjT
         BCUrgScZkH5u2cczyeo3mWDjcuvSS4VE2ZQAnHDKW8eyK+lsVsDuCfqMu+S8cU4crUoS
         n4mMum9FP8FK4LpATShq0D1O9GAwj4aHk4AaD4dt0F3qFZLAWL908NKrW5+lQEEHDJKj
         sC5JoE6sqpubQtsHAOMiCr5szpLhxNHK+anpzuRlRHZb4XgWHlKj6po1ABLySTxcPvE3
         87ffIbvGKYCsiohECx88EH1hVdMuqg4YEZXpWM5i2opTDkDUdni6yQ7LVc/ucjDhUc0l
         J6kg==
X-Gm-Message-State: AOJu0YwXANmRxIhXW8wI6ZSCOQ5XrSMF6eCSiDIs51uGwDcrj/On+T0G
	GyXYw36PJeMlgeRXuA19VRAPPc1YTvPZOpuhUc9BaVQfsyiTQhuhZzCG63HFhHM=
X-Gm-Gg: ASbGncu4ufmSIJd4ziqH/UAjbP4CuqiHVDWny346D6vA/mRGzbOFWm1i97Kf+bihlw7
	Yzj4I401cfmmapwFWLKxlxxWc/37ueY6y6B/JtErlFVa6TydksUYbODFMJzrtP2KwAzKca7EDrw
	bwoLX2LDqlbm+5GuoAduHS/aP9FmFD+jng8t/vt6QI+VjBxDvGqJ8KnOD85nq0QqSXU+EJ+KvA2
	+rwjgdYU7mLw8soU5GOYRbUuHzMD3ap0/+ArK+Fso3NrWAhb7CFmBDGuF4gogLmgOTPBMHTI9Ek
	fTxTHZl0Uq6mgKT4D1rKSA==
X-Google-Smtp-Source: 
 AGHT+IEcnHJkEaHNyly9J7O9EGZK0KKB7FcVZXYeiJvyZFmOr6EilhlGu4DwYJ0VLCmee1DoPSpVpQ==
X-Received: by 2002:a17:902:c44c:b0:216:69ca:772a with SMTP id
 d9443c01a7336-218d726d7d8mr35312535ad.53.1734527108178;
        Wed, 18 Dec 2024 05:05:08 -0800 (PST)
Received: from C02DW0BEMD6R.bytedance.net ([139.177.225.238])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-218a1db755dsm75751825ad.42.2024.12.18.05.05.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 Dec 2024 05:05:07 -0800 (PST)
From: Qi Zheng <zhengqi.arch@bytedance.com>
To: peterz@infradead.org,
	tglx@linutronix.de,
	david@redhat.com,
	jannh@google.com,
	hughd@google.com,
	yuzhao@google.com,
	willy@infradead.org,
	muchun.song@linux.dev,
	vbabka@kernel.org,
	lorenzo.stoakes@oracle.com,
	akpm@linux-foundation.org,
	rientjes@google.com,
	vishal.moola@gmail.com
Cc: linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	Qi Zheng <zhengqi.arch@bytedance.com>
Subject: [PATCH v2 00/15] move pagetable_*_dtor() to __tlb_remove_table()
Date: Wed, 18 Dec 2024 21:04:36 +0800
Message-Id: <cover.1734526570.git.zhengqi.arch@bytedance.com>
X-Mailer: git-send-email 2.24.3 (Apple Git-128)
MIME-Version: 1.0
X-Rspamd-Queue-Id: 79DF3180005
X-Rspam-User: 
X-Rspamd-Server: rspam07
X-Stat-Signature: m7c9cimbmm1pb8gowc5iioy848qatih4
X-HE-Tag: 1734527087-662703
X-HE-Meta: 
 U2FsdGVkX1+jqqOf2Q/Gtchk1gCmdyWMD4R5O7WeyKWevHnKK/CBn5mkVZ2LSz8M5OrZosdX/Bpik7ShVHBXVKOwENsXrr8Rr/usfm+/RIanLax6ipZX3v2SFj9NxmOc6Z5FRbupidc+FHKNrFHyquqPCCISE0QkerHK2Mj1QdLmfyuqaBlKTOXVhOqhPc6EIQQJXKGl8YDCYpiIw067Jc/MetvB5m7RrCkVu4S0An/4NetO9e2+QNwi24t8mrCjVaTOtOgbwMQKM+RCGehcHRICiRzFnc4n4KIWt4SqvH+c5h4djdYu+DSLgDRHuKyQ3OK2EgDD6Xkr4TnKynDRZlAERB3z9cDsWRIx5cPnDq+ehY0+RpHapaVlkcOd/NyJrthkFJoOA3TZ2FGEVj9+iNBHp7y1QMoZKm7gJiQDXHxezNLY/TuJELC1IL+IDVr8aQNtgtRdDu22lyF1/Zcdu7tOUw0FmJbg8ZxtcOl4mlrinz1u+Qv5oxQVR6n8plZJU/89b17ONuc2/4xv8EwvMj+obpOR5d9A/s4dZfJos0fYBRnA509q9mwttfveDJ6qg92tO59qc5HCfPjLUuU+zebCzOxGCwbwjMzm2ICbWQp9QlGeZv8Ehj0xrEVLms1CYRuyLM8pcvy/4Ra1lXrRtuvPuHxlTArHkCkAA8+kPSGIH1CMP74ljP1Vy/MgYh2AZN/n4IzcWK4i32Rn20SHU98svYmFMnwIiU4F5iQHVF+Zv1KCY1y0p7M4VYovzc2YfkcpngliQYTqqbPszCdw1cD9gMCTIC4uZgKqhsIIpZMrN8pl4aPTxsMoEiYaj/BDcWvAuxz6qd9JoY2f1KuLm4eGplJWomHZxBHiFNU5NemPfI80KZgmtcBbU9BLQIUN7/GGAOStIebv3Uj1zKB0fB4lIoDp5NndWG/j7x9uzAOm6NsC9tYBeibcH0plsdS6V1zr1nMql0zWBgUoh9e
 OUnIqIYR
 AO4bCNyh3S9mLRflVF0TuSndEl6Xawf0huR+bvdbD5wxPtlyxC8ZtZ5bEbA3r9ZhzLpFRgoB1NvmPqSdA998xDe93Wh0KK/I5PCpLqBXgh4rQT0VVekagV2dOX+iIfC1Oq2cGrS3HKSa99QZmK8qxQjBirB3i5P8WVWek4uJLoujpIXY79MzdCE4Tm9ucK5YQ7EVfl0wQf0cxhc4iCZ+rIhIv28n40mHf8+SocyTjSe2KOPDY16LHL7YR8h33uAzphX437m26TCPF5+N0oPoZsCoxSkcbG+UPQAl53kxcSGPE3jskSKicFKpU6AS7R8LR6hxpZYg2sCgIqAkzOlzPrhhFnjltFVAU6vDWRLxh0RU0PcpCPdJbcqbJsRd9+2UYk7IKXkelG1v3qTvyxA/XZ8Wj866wkTB+ZyguJCR0MTefgFszOcutY+HZVMoOeDrw1tMYyvsnFOsNqxvSD4W3fTRK28P+Q7mEak1XJJGroTwt2cdu6RoCT9D0Spqw0qJtk4wR
X-Bogosity: Ham, tests=bogofilter, spamicity=0.003488, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Changes in v2:
 - add [PATCH v2 13|14|15/15] (suggested by Peter Zijlstra)
 - add Originally-bys and Suggested-bys
 - rebase onto the next-20241218

Hi all,

As proposed [1] by Peter Zijlstra below, this patch series aims to move
pagetable_*_dtor() into __tlb_remove_table(). This will cleanup pagetable_*_dtor()
a bit and more gracefully fix the UAF issue [2] reported by syzbot.

```
Notably:

 - s390 pud isn't calling the existing pagetable_pud_[cd]tor()
 - none of the p4d things have pagetable_p4d_[cd]tor() (x86,arm64,s390,riscv)
   and they have inconsistent accounting
 - while much of the _ctor calls are in generic code, many of the _dtor
   calls are in arch code for hysterial raisins, this could easily be
   fixed
 - if we fix ptlock_free() to handle NULL, then all the _dtor()
   functions can use it, and we can observe they're all identical
   and can be folded

after all that cleanup, you can move the _dtor from *_free_tlb() into
tlb_remove_table() -- which for the above case, would then have it
called from __tlb_remove_table_free().
```

And hi Andrew, I developed the code based on the latest linux-next, so I reverted
the "mm: pgtable: make ptlock be freed by RCU" first. Once the review of this
patch series is completed, the "mm: pgtable: make ptlock be freed by RCU" can be
dropped directly from mm tree, and this revert patch will not be needed.

This series is based on next-20241218. And I tested this patch series on x86 and
only cross-compiled it on arm[|64], powerpc, riscv, s390 and sparc.

Comments and suggestions are welcome!

Thanks,
Qi

[1]. https://lore.kernel.org/all/20241211133433.GC12500@noisy.programming.kicks-ass.net/
[2]. https://lore.kernel.org/all/67548279.050a0220.a30f1.015b.GAE@google.com/

Qi Zheng (15):
  Revert "mm: pgtable: make ptlock be freed by RCU"
  mm: pgtable: introduce generic p4d_alloc_one() and p4d_free()
  arm64: pgtable: use mmu gather to free p4d level page table
  s390: pgtable: add statistics for PUD and P4D level page table
  mm: pgtable: introduce pagetable_dtor()
  arm: pgtable: move pagetable_dtor() to __tlb_remove_table()
  arm64: pgtable: move pagetable_dtor() to __tlb_remove_table()
  riscv: pgtable: move pagetable_dtor() to __tlb_remove_table()
  x86: pgtable: move pagetable_dtor() to __tlb_remove_table()
  s390: pgtable: also move pagetable_dtor() of PxD to
    __tlb_remove_table()
  mm: pgtable: introduce generic __tlb_remove_table()
  mm: pgtable: move __tlb_remove_table_one() in x86 to generic file
  mm: pgtable: remove tlb_remove_page_ptdesc()
  mm: pgtable: remove tlb_remove_ptdesc()
  mm: pgtable: introduce generic pagetable_dtor_free()

 Documentation/mm/split_page_table_lock.rst |  4 +-
 arch/arm/include/asm/tlb.h                 | 18 +-----
 arch/arm64/include/asm/pgalloc.h           | 17 +++---
 arch/arm64/include/asm/tlb.h               | 31 +++++-----
 arch/csky/include/asm/pgalloc.h            |  4 +-
 arch/hexagon/include/asm/pgalloc.h         |  4 +-
 arch/loongarch/include/asm/pgalloc.h       |  4 +-
 arch/m68k/include/asm/mcf_pgalloc.h        |  4 +-
 arch/m68k/include/asm/sun3_pgalloc.h       |  4 +-
 arch/m68k/mm/motorola.c                    |  2 +-
 arch/mips/include/asm/pgalloc.h            |  4 +-
 arch/nios2/include/asm/pgalloc.h           |  4 +-
 arch/openrisc/include/asm/pgalloc.h        |  4 +-
 arch/powerpc/include/asm/tlb.h             |  1 +
 arch/powerpc/mm/book3s64/mmu_context.c     |  2 +-
 arch/powerpc/mm/book3s64/pgtable.c         |  2 +-
 arch/powerpc/mm/pgtable-frag.c             |  4 +-
 arch/riscv/include/asm/pgalloc.h           | 57 ++++++++----------
 arch/riscv/include/asm/tlb.h               | 18 ------
 arch/riscv/mm/init.c                       |  4 +-
 arch/s390/include/asm/pgalloc.h            | 31 +++++++---
 arch/s390/include/asm/tlb.h                | 43 +++++++-------
 arch/s390/mm/pgalloc.c                     | 31 ++--------
 arch/sh/include/asm/pgalloc.h              |  4 +-
 arch/sparc/include/asm/tlb_32.h            |  1 +
 arch/sparc/include/asm/tlb_64.h            |  1 +
 arch/sparc/mm/init_64.c                    |  2 +-
 arch/sparc/mm/srmmu.c                      |  2 +-
 arch/um/include/asm/pgalloc.h              | 12 ++--
 arch/x86/include/asm/pgalloc.h             | 16 +++--
 arch/x86/include/asm/tlb.h                 | 33 -----------
 arch/x86/kernel/paravirt.c                 |  1 +
 arch/x86/mm/pgtable.c                      | 13 ++---
 include/asm-generic/pgalloc.h              | 68 +++++++++++++++++-----
 include/asm-generic/tlb.h                  | 23 ++++----
 include/linux/mm.h                         | 52 +++++++----------
 include/linux/mm_types.h                   |  9 +--
 mm/memory.c                                | 23 +++-----
 mm/mmu_gather.c                            | 19 +++++-
 39 files changed, 255 insertions(+), 321 deletions(-)