Received: by 10.192.165.148 with SMTP id m20csp1199094imm;
        Wed, 25 Apr 2018 14:20:31 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpiBWFZTlxCzeIL7xLoM9d9O8i1kLXUZNWv+LUP6NzdTBx5D06/6E1Cv/GpQ8ZGu4vzCeKD
X-Received: by 2002:a17:902:bb84:: with SMTP id m4-v6mr977721pls.339.1524691231307;
        Wed, 25 Apr 2018 14:20:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524691231; cv=none;
        d=google.com; s=arc-20160816;
        b=tZMsKT7DfH9+Sy9xW3PvJKZyzKBapgQLxPsLfqCGkLSJCe/kZ7IT2c4mx+tmVzYVjQ
         zbU/HYau0X2eFpFdEncbGW+uNCxhQGkymQ3TxddTiFUUoVe216D6OlzDNtfR8MGH9PSd
         PEFBfxAw64BHEYrjgnR1FncFrZzUq/KKkHAohPiTptPQ2LyRWlkJ5i3aIMq5C8K0qQs1
         kGU2Ox0OOCaUz6+PTkN+q55W5n7/9G42ElxSxGM5RMhcpsyCX0gjM3F88t5OTlFFj3SY
         Cn/WVKImWib5sLCVL4c3tW1Z1LdBv3yWIgixlfMy2SyCl/lKq8xzIayhQ9UDfgPpfY8r
         m1bQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature
         :arc-authentication-results;
        bh=qCy4ZclzLSBQPnxQbGtmjdiLvuzBolUkO/O+/E+3t/o=;
        b=kMYNwP2EAz+fA6XKEp8lGxycDde4FfkLcZH8a9kPHXyiF4fO6AfU8iNDuIeKgZXHc4
         0ZO8CL2RveLFsM0xW5EhmVIZmnpeNvGBnjg085AMq4tBEWIAGVZxRTSAKGhNnUOLDoWQ
         veLnHMq3RME/UGej+OsspGL6DFnXRuzohUBjDFNDV9LQyyJTIDmSzb+hb3iNGyb2ig1N
         Vxa59unb2sdRmadczEgVxV5hJzk+gsucyIrzrQLyOoP1aEChbFne2GI7sa03nUx13iFZ
         O/FIViUFSjvOTY4ockrlWH3fUgjc396hFGPp49hsgS1hLUKQOG1RqQAvdQpbQ6ddbw0X
         1ROQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=tE8xMnAd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p11si14809377pfj.294.2018.04.25.14.20.16;
        Wed, 25 Apr 2018 14:20:31 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=tE8xMnAd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753389AbeDYVSp (ORCPT <rfc822;crosarcplusplustest@gmail.com>
        + 99 others); Wed, 25 Apr 2018 17:18:45 -0400
Received: from mail-pf0-f196.google.com ([209.85.192.196]:45689 "EHLO
        mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751356AbeDYVSo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 Apr 2018 17:18:44 -0400
Received: by mail-pf0-f196.google.com with SMTP id l27so16288900pfk.12
        for <linux-kernel@vger.kernel.org>; Wed, 25 Apr 2018 14:18:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:in-reply-to:message-id:references
         :user-agent:mime-version;
        bh=qCy4ZclzLSBQPnxQbGtmjdiLvuzBolUkO/O+/E+3t/o=;
        b=tE8xMnAdJ5KlHly9PyRSiAnQXM8fR8RCCn2qvVKD2y/Yf2c2GenlD23MMoRN1fsdQX
         5tj/wxEdMerN1xTMwes5sILMalss+eP9tmTKvJGuQSTaZz6J0awj3qx9HcU+pun+DuO8
         Zh98fTv4TM5GqjdRHA8rS+6iQP29k3+4USnUaqn97yh4td3kMnrHdKnwjiB2iC4UrjDR
         ITezttHkra9pqEmUJy/LuO/QRrT8A3VIceVrFiKbcZVNMzVi/XP+Mz8qi4mqHxVl3NWz
         KjETpMa6Pt/N4x+56CNZCF7lSoaHtqOGVntu0mhocVegFGxXv4OhycdjVDy2hLsKjNw1
         VvVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id
         :references:user-agent:mime-version;
        bh=qCy4ZclzLSBQPnxQbGtmjdiLvuzBolUkO/O+/E+3t/o=;
        b=VHPYYYyaPbZA+pc0gEdyJaLHoHYCNmEMy43/LcELjFDNYCLHF50JZ1/bd694ypDt9O
         wGA8RW2+jlyJ/8NH+ov9omcOMjcytC5aAjPX7nYbaVPDCkTdntiCNTiZ0F2JnFxbSGD7
         m9CvYAFcvgm2LO066/K8unRv9fO02WPqMxT6UYB3lImS5qRYpN3Ung3OU6g4L6T1Kpt/
         pW5jcaLGvPjRnd7Mx0s4i12H6tXcqWkIRU90oTt0p+jw+4XhCRMly5nbMJb1D2NUjpEx
         Zhn5NDD/I/llsGBY+jve8OlnxZ2ZJzKsSfwJqN1pwZ66ztJGeq4VXxXhvx0zHnE0ACZv
         eNGQ==
X-Gm-Message-State: ALQs6tALxenhNXGMCmbl/ZXcTUxRQrcDR91lT1MACY8F1D6LbL9nYXWa
        hMghzfhTjOu3MAzC7EHLSVP1gg==
X-Received: by 2002:a17:902:60cd:: with SMTP id k13-v6mr31413505pln.44.1524691123428;
        Wed, 25 Apr 2018 14:18:43 -0700 (PDT)
Received: from [2620:15c:17:3:3a5:23a7:5e32:4598] ([2620:15c:17:3:3a5:23a7:5e32:4598])
        by smtp.gmail.com with ESMTPSA id 83sm35038701pfv.131.2018.04.25.14.18.42
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 25 Apr 2018 14:18:42 -0700 (PDT)
Date:   Wed, 25 Apr 2018 14:18:42 -0700 (PDT)
From:   David Rientjes <rientjes@google.com>
X-X-Sender: rientjes@chino.kir.corp.google.com
To:     Mikulas Patocka <mpatocka@redhat.com>
cc:     Randy Dunlap <rdunlap@infradead.org>,
        Michal Hocko <mhocko@kernel.org>,
        Matthew Wilcox <willy@infradead.org>,
        David Miller <davem@davemloft.net>,
        Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org,
        eric.dumazet@gmail.com, edumazet@google.com,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        mst@redhat.com, jasowang@redhat.com,
        virtualization@lists.linux-foundation.org, dm-devel@redhat.com,
        Vlastimil Babka <vbabka@suse.cz>
Subject: Re: [PATCH v5] fault-injection: introduce kvmalloc fallback
 options
In-Reply-To: <alpine.LRH.2.02.1804251656300.9428@file01.intranet.prod.int.rdu2.redhat.com>
Message-ID: <alpine.DEB.2.21.1804251417470.166306@chino.kir.corp.google.com>
References: <20180421144757.GC14610@bombadil.infradead.org> <alpine.LRH.2.02.1804221733520.7995@file01.intranet.prod.int.rdu2.redhat.com> <20180423151545.GU17484@dhcp22.suse.cz> <alpine.LRH.2.02.1804232003100.2299@file01.intranet.prod.int.rdu2.redhat.com>
 <20180424125121.GA17484@dhcp22.suse.cz> <alpine.LRH.2.02.1804241142340.15660@file01.intranet.prod.int.rdu2.redhat.com> <20180424162906.GM17484@dhcp22.suse.cz> <alpine.LRH.2.02.1804241250350.28995@file01.intranet.prod.int.rdu2.redhat.com>
 <20180424170349.GQ17484@dhcp22.suse.cz> <alpine.LRH.2.02.1804241319390.28995@file01.intranet.prod.int.rdu2.redhat.com> <20180424173836.GR17484@dhcp22.suse.cz> <alpine.LRH.2.02.1804251556060.30569@file01.intranet.prod.int.rdu2.redhat.com>
 <1114eda5-9b1f-4db8-2090-556b4a37c532@infradead.org> <alpine.LRH.2.02.1804251656300.9428@file01.intranet.prod.int.rdu2.redhat.com>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 25 Apr 2018, Mikulas Patocka wrote:

> From: Mikulas Patocka <mpatocka@redhat.com>
> Subject: [PATCH] fault-injection: introduce kvmalloc fallback options
> 
> This patch introduces a fault-injection option "kvmalloc_fallback". This
> option makes kvmalloc randomly fall back to vmalloc.
> 
> Unfortunately, some kernel code has bugs - it uses kvmalloc and then
> uses DMA-API on the returned memory or frees it with kfree. Such bugs were
> found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific
> code. This options helps to test for these bugs.
> 
> The patch introduces a config option FAIL_KVMALLOC_FALLBACK_PROBABILITY.
> It can be enabled in distribution debug kernels, so that kvmalloc abuse
> can be tested by the users. The default can be overridden with
> "kvmalloc_fallback" parameter or in /sys/kernel/debug/kvmalloc_fallback/.
> 

Do we really need the new config option?  This could just be manually 
tunable via fault injection IIUC.

> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
> 
> ---
>  Documentation/fault-injection/fault-injection.txt |    7 +++++
>  include/linux/fault-inject.h                      |    9 +++---
>  kernel/futex.c                                    |    2 -
>  lib/Kconfig.debug                                 |   15 +++++++++++
>  mm/failslab.c                                     |    2 -
>  mm/page_alloc.c                                   |    2 -
>  mm/util.c                                         |   30 ++++++++++++++++++++++
>  7 files changed, 60 insertions(+), 7 deletions(-)
> 
> Index: linux-2.6/Documentation/fault-injection/fault-injection.txt
> ===================================================================
> --- linux-2.6.orig/Documentation/fault-injection/fault-injection.txt	2018-04-16 21:08:34.000000000 +0200
> +++ linux-2.6/Documentation/fault-injection/fault-injection.txt	2018-04-25 21:36:36.000000000 +0200
> @@ -15,6 +15,12 @@ o fail_page_alloc
>  
>    injects page allocation failures. (alloc_pages(), get_free_pages(), ...)
>  
> +o kvmalloc_fallback
> +
> +  makes the function kvmalloc randomly fall back to vmalloc. This could be used
> +  to detects bugs such as using DMA-API on the result of kvmalloc or freeing
> +  the result of kvmalloc with free.
> +
>  o fail_futex
>  
>    injects futex deadlock and uaddr fault errors.
> @@ -167,6 +173,7 @@ use the boot option:
>  
>  	failslab=
>  	fail_page_alloc=
> +	kvmalloc_fallback=
>  	fail_make_request=
>  	fail_futex=
>  	mmc_core.fail_request=<interval>,<probability>,<space>,<times>
> Index: linux-2.6/include/linux/fault-inject.h
> ===================================================================
> --- linux-2.6.orig/include/linux/fault-inject.h	2018-04-16 21:08:36.000000000 +0200
> +++ linux-2.6/include/linux/fault-inject.h	2018-04-25 21:38:22.000000000 +0200
> @@ -31,17 +31,18 @@ struct fault_attr {
>  	struct dentry *dname;
>  };
>  
> -#define FAULT_ATTR_INITIALIZER {					\
> +#define FAULT_ATTR_INITIALIZER(p) {					\
> +		.probability = (p),					\
>  		.interval = 1,						\
> -		.times = ATOMIC_INIT(1),				\
> +		.times = ATOMIC_INIT((p) ? -1 : 1),			\
> +		.verbose = (p) ? 0 : 2,					\
>  		.require_end = ULONG_MAX,				\
>  		.stacktrace_depth = 32,					\
>  		.ratelimit_state = RATELIMIT_STATE_INIT_DISABLED,	\
> -		.verbose = 2,						\
>  		.dname = NULL,						\
>  	}
>  
> -#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER
> +#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER(0)
>  int setup_fault_attr(struct fault_attr *attr, char *str);
>  bool should_fail(struct fault_attr *attr, ssize_t size);
>  
> Index: linux-2.6/lib/Kconfig.debug
> ===================================================================
> --- linux-2.6.orig/lib/Kconfig.debug	2018-04-25 15:56:16.000000000 +0200
> +++ linux-2.6/lib/Kconfig.debug	2018-04-25 21:39:45.000000000 +0200
> @@ -1527,6 +1527,21 @@ config FAIL_PAGE_ALLOC
>  	help
>  	  Provide fault-injection capability for alloc_pages().
>  
> +config FAIL_KVMALLOC_FALLBACK_PROBABILITY
> +	int "Default kvmalloc fallback probability"
> +	depends on FAULT_INJECTION
> +	range 0 100
> +	default "0"
> +	help
> +	  This option will make kvmalloc randomly fall back to vmalloc.
> +	  Normally, kvmalloc falls back to vmalloc only rarely, if memory
> +	  is fragmented.
> +
> +	  This option helps to detect hard-to-reproduce driver bugs, for
> +	  example using DMA API on the result of kvmalloc.
> +
> +	  The default may be overridden with the kvmalloc_fallback parameter.
> +
>  config FAIL_MAKE_REQUEST
>  	bool "Fault-injection capability for disk IO"
>  	depends on FAULT_INJECTION && BLOCK
> Index: linux-2.6/mm/util.c
> ===================================================================
> --- linux-2.6.orig/mm/util.c	2018-04-25 15:48:39.000000000 +0200
> +++ linux-2.6/mm/util.c	2018-04-25 21:43:31.000000000 +0200
> @@ -14,6 +14,7 @@
>  #include <linux/hugetlb.h>
>  #include <linux/vmalloc.h>
>  #include <linux/userfaultfd_k.h>
> +#include <linux/fault-inject.h>
>  
>  #include <asm/sections.h>
>  #include <linux/uaccess.h>
> @@ -377,6 +378,29 @@ unsigned long vm_mmap(struct file *file,
>  }
>  EXPORT_SYMBOL(vm_mmap);
>  
> +#ifdef CONFIG_FAULT_INJECTION
> +
> +static struct fault_attr kvmalloc_fallback =
> +	FAULT_ATTR_INITIALIZER(CONFIG_FAIL_KVMALLOC_FALLBACK_PROBABILITY);
> +
> +static int __init setup_kvmalloc_fallback(char *str)
> +{
> +	return setup_fault_attr(&kvmalloc_fallback, str);
> +}
> +
> +__setup("kvmalloc_fallback=", setup_kvmalloc_fallback);
> +
> +#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS
> +static int __init kvmalloc_fallback_debugfs_init(void)
> +{
> +	fault_create_debugfs_attr("kvmalloc_fallback", NULL, &kvmalloc_fallback);
> +	return 0;
> +}
> +late_initcall(kvmalloc_fallback_debugfs_init);
> +#endif
> +
> +#endif
> +
>  /**
>   * kvmalloc_node - attempt to allocate physically contiguous memory, but upon
>   * failure, fall back to non-contiguous (vmalloc) allocation.
> @@ -404,6 +428,11 @@ void *kvmalloc_node(size_t size, gfp_t f
>  	 */
>  	WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL);
>  
> +#ifdef CONFIG_FAULT_INJECTION
> +	if (should_fail(&kvmalloc_fallback, size))
> +		goto do_vmalloc;
> +#endif
> +
>  	/*
>  	 * We want to attempt a large physically contiguous block first because
>  	 * it is less likely to fragment multiple larger blocks and therefore
> @@ -427,6 +456,7 @@ void *kvmalloc_node(size_t size, gfp_t f
>  	if (ret || size <= PAGE_SIZE)
>  		return ret;
>  
> +do_vmalloc: __maybe_unused
>  	return __vmalloc_node_flags_caller(size, node, flags,
>  			__builtin_return_address(0));
>  }
> Index: linux-2.6/kernel/futex.c
> ===================================================================
> --- linux-2.6.orig/kernel/futex.c	2018-02-14 20:24:42.000000000 +0100
> +++ linux-2.6/kernel/futex.c	2018-04-25 21:11:33.000000000 +0200
> @@ -288,7 +288,7 @@ static struct {
>  
>  	bool ignore_private;
>  } fail_futex = {
> -	.attr = FAULT_ATTR_INITIALIZER,
> +	.attr = FAULT_ATTR_INITIALIZER(0),
>  	.ignore_private = false,
>  };
>  
> Index: linux-2.6/mm/failslab.c
> ===================================================================
> --- linux-2.6.orig/mm/failslab.c	2018-04-16 21:08:36.000000000 +0200
> +++ linux-2.6/mm/failslab.c	2018-04-25 21:11:40.000000000 +0200
> @@ -9,7 +9,7 @@ static struct {
>  	bool ignore_gfp_reclaim;
>  	bool cache_filter;
>  } failslab = {
> -	.attr = FAULT_ATTR_INITIALIZER,
> +	.attr = FAULT_ATTR_INITIALIZER(0),
>  	.ignore_gfp_reclaim = true,
>  	.cache_filter = false,
>  };
> Index: linux-2.6/mm/page_alloc.c
> ===================================================================
> --- linux-2.6.orig/mm/page_alloc.c	2018-04-16 21:08:36.000000000 +0200
> +++ linux-2.6/mm/page_alloc.c	2018-04-25 21:11:47.000000000 +0200
> @@ -3055,7 +3055,7 @@ static struct {
>  	bool ignore_gfp_reclaim;
>  	u32 min_order;
>  } fail_page_alloc = {
> -	.attr = FAULT_ATTR_INITIALIZER,
> +	.attr = FAULT_ATTR_INITIALIZER(0),
>  	.ignore_gfp_reclaim = true,
>  	.ignore_gfp_highmem = true,
>  	.min_order = 1,
> 
>