Received: by 10.192.165.148 with SMTP id m20csp1199094imm; Wed, 25 Apr 2018 14:20:31 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpiBWFZTlxCzeIL7xLoM9d9O8i1kLXUZNWv+LUP6NzdTBx5D06/6E1Cv/GpQ8ZGu4vzCeKD X-Received: by 2002:a17:902:bb84:: with SMTP id m4-v6mr977721pls.339.1524691231307; Wed, 25 Apr 2018 14:20:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524691231; cv=none; d=google.com; s=arc-20160816; b=tZMsKT7DfH9+Sy9xW3PvJKZyzKBapgQLxPsLfqCGkLSJCe/kZ7IT2c4mx+tmVzYVjQ zbU/HYau0X2eFpFdEncbGW+uNCxhQGkymQ3TxddTiFUUoVe216D6OlzDNtfR8MGH9PSd PEFBfxAw64BHEYrjgnR1FncFrZzUq/KKkHAohPiTptPQ2LyRWlkJ5i3aIMq5C8K0qQs1 kGU2Ox0OOCaUz6+PTkN+q55W5n7/9G42ElxSxGM5RMhcpsyCX0gjM3F88t5OTlFFj3SY Cn/WVKImWib5sLCVL4c3tW1Z1LdBv3yWIgixlfMy2SyCl/lKq8xzIayhQ9UDfgPpfY8r m1bQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=qCy4ZclzLSBQPnxQbGtmjdiLvuzBolUkO/O+/E+3t/o=; b=kMYNwP2EAz+fA6XKEp8lGxycDde4FfkLcZH8a9kPHXyiF4fO6AfU8iNDuIeKgZXHc4 0ZO8CL2RveLFsM0xW5EhmVIZmnpeNvGBnjg085AMq4tBEWIAGVZxRTSAKGhNnUOLDoWQ veLnHMq3RME/UGej+OsspGL6DFnXRuzohUBjDFNDV9LQyyJTIDmSzb+hb3iNGyb2ig1N Vxa59unb2sdRmadczEgVxV5hJzk+gsucyIrzrQLyOoP1aEChbFne2GI7sa03nUx13iFZ O/FIViUFSjvOTY4ockrlWH3fUgjc396hFGPp49hsgS1hLUKQOG1RqQAvdQpbQ6ddbw0X 1ROQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tE8xMnAd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p11si14809377pfj.294.2018.04.25.14.20.16; Wed, 25 Apr 2018 14:20:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tE8xMnAd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753389AbeDYVSp (ORCPT + 99 others); Wed, 25 Apr 2018 17:18:45 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:45689 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751356AbeDYVSo (ORCPT ); Wed, 25 Apr 2018 17:18:44 -0400 Received: by mail-pf0-f196.google.com with SMTP id l27so16288900pfk.12 for ; Wed, 25 Apr 2018 14:18:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:mime-version; bh=qCy4ZclzLSBQPnxQbGtmjdiLvuzBolUkO/O+/E+3t/o=; b=tE8xMnAdJ5KlHly9PyRSiAnQXM8fR8RCCn2qvVKD2y/Yf2c2GenlD23MMoRN1fsdQX 5tj/wxEdMerN1xTMwes5sILMalss+eP9tmTKvJGuQSTaZz6J0awj3qx9HcU+pun+DuO8 Zh98fTv4TM5GqjdRHA8rS+6iQP29k3+4USnUaqn97yh4td3kMnrHdKnwjiB2iC4UrjDR ITezttHkra9pqEmUJy/LuO/QRrT8A3VIceVrFiKbcZVNMzVi/XP+Mz8qi4mqHxVl3NWz KjETpMa6Pt/N4x+56CNZCF7lSoaHtqOGVntu0mhocVegFGxXv4OhycdjVDy2hLsKjNw1 VvVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:user-agent:mime-version; bh=qCy4ZclzLSBQPnxQbGtmjdiLvuzBolUkO/O+/E+3t/o=; b=VHPYYYyaPbZA+pc0gEdyJaLHoHYCNmEMy43/LcELjFDNYCLHF50JZ1/bd694ypDt9O wGA8RW2+jlyJ/8NH+ov9omcOMjcytC5aAjPX7nYbaVPDCkTdntiCNTiZ0F2JnFxbSGD7 m9CvYAFcvgm2LO066/K8unRv9fO02WPqMxT6UYB3lImS5qRYpN3Ung3OU6g4L6T1Kpt/ pW5jcaLGvPjRnd7Mx0s4i12H6tXcqWkIRU90oTt0p+jw+4XhCRMly5nbMJb1D2NUjpEx Zhn5NDD/I/llsGBY+jve8OlnxZ2ZJzKsSfwJqN1pwZ66ztJGeq4VXxXhvx0zHnE0ACZv eNGQ== X-Gm-Message-State: ALQs6tALxenhNXGMCmbl/ZXcTUxRQrcDR91lT1MACY8F1D6LbL9nYXWa hMghzfhTjOu3MAzC7EHLSVP1gg== X-Received: by 2002:a17:902:60cd:: with SMTP id k13-v6mr31413505pln.44.1524691123428; Wed, 25 Apr 2018 14:18:43 -0700 (PDT) Received: from [2620:15c:17:3:3a5:23a7:5e32:4598] ([2620:15c:17:3:3a5:23a7:5e32:4598]) by smtp.gmail.com with ESMTPSA id 83sm35038701pfv.131.2018.04.25.14.18.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 25 Apr 2018 14:18:42 -0700 (PDT) Date: Wed, 25 Apr 2018 14:18:42 -0700 (PDT) From: David Rientjes X-X-Sender: rientjes@chino.kir.corp.google.com To: Mikulas Patocka cc: Randy Dunlap , Michal Hocko , Matthew Wilcox , David Miller , Andrew Morton , linux-mm@kvack.org, eric.dumazet@gmail.com, edumazet@google.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, mst@redhat.com, jasowang@redhat.com, virtualization@lists.linux-foundation.org, dm-devel@redhat.com, Vlastimil Babka Subject: Re: [PATCH v5] fault-injection: introduce kvmalloc fallback options In-Reply-To: Message-ID: References: <20180421144757.GC14610@bombadil.infradead.org> <20180423151545.GU17484@dhcp22.suse.cz> <20180424125121.GA17484@dhcp22.suse.cz> <20180424162906.GM17484@dhcp22.suse.cz> <20180424170349.GQ17484@dhcp22.suse.cz> <20180424173836.GR17484@dhcp22.suse.cz> <1114eda5-9b1f-4db8-2090-556b4a37c532@infradead.org> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 25 Apr 2018, Mikulas Patocka wrote: > From: Mikulas Patocka > Subject: [PATCH] fault-injection: introduce kvmalloc fallback options > > This patch introduces a fault-injection option "kvmalloc_fallback". This > option makes kvmalloc randomly fall back to vmalloc. > > Unfortunately, some kernel code has bugs - it uses kvmalloc and then > uses DMA-API on the returned memory or frees it with kfree. Such bugs were > found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific > code. This options helps to test for these bugs. > > The patch introduces a config option FAIL_KVMALLOC_FALLBACK_PROBABILITY. > It can be enabled in distribution debug kernels, so that kvmalloc abuse > can be tested by the users. The default can be overridden with > "kvmalloc_fallback" parameter or in /sys/kernel/debug/kvmalloc_fallback/. > Do we really need the new config option? This could just be manually tunable via fault injection IIUC. > Signed-off-by: Mikulas Patocka > > --- > Documentation/fault-injection/fault-injection.txt | 7 +++++ > include/linux/fault-inject.h | 9 +++--- > kernel/futex.c | 2 - > lib/Kconfig.debug | 15 +++++++++++ > mm/failslab.c | 2 - > mm/page_alloc.c | 2 - > mm/util.c | 30 ++++++++++++++++++++++ > 7 files changed, 60 insertions(+), 7 deletions(-) > > Index: linux-2.6/Documentation/fault-injection/fault-injection.txt > =================================================================== > --- linux-2.6.orig/Documentation/fault-injection/fault-injection.txt 2018-04-16 21:08:34.000000000 +0200 > +++ linux-2.6/Documentation/fault-injection/fault-injection.txt 2018-04-25 21:36:36.000000000 +0200 > @@ -15,6 +15,12 @@ o fail_page_alloc > > injects page allocation failures. (alloc_pages(), get_free_pages(), ...) > > +o kvmalloc_fallback > + > + makes the function kvmalloc randomly fall back to vmalloc. This could be used > + to detects bugs such as using DMA-API on the result of kvmalloc or freeing > + the result of kvmalloc with free. > + > o fail_futex > > injects futex deadlock and uaddr fault errors. > @@ -167,6 +173,7 @@ use the boot option: > > failslab= > fail_page_alloc= > + kvmalloc_fallback= > fail_make_request= > fail_futex= > mmc_core.fail_request=,,, > Index: linux-2.6/include/linux/fault-inject.h > =================================================================== > --- linux-2.6.orig/include/linux/fault-inject.h 2018-04-16 21:08:36.000000000 +0200 > +++ linux-2.6/include/linux/fault-inject.h 2018-04-25 21:38:22.000000000 +0200 > @@ -31,17 +31,18 @@ struct fault_attr { > struct dentry *dname; > }; > > -#define FAULT_ATTR_INITIALIZER { \ > +#define FAULT_ATTR_INITIALIZER(p) { \ > + .probability = (p), \ > .interval = 1, \ > - .times = ATOMIC_INIT(1), \ > + .times = ATOMIC_INIT((p) ? -1 : 1), \ > + .verbose = (p) ? 0 : 2, \ > .require_end = ULONG_MAX, \ > .stacktrace_depth = 32, \ > .ratelimit_state = RATELIMIT_STATE_INIT_DISABLED, \ > - .verbose = 2, \ > .dname = NULL, \ > } > > -#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER > +#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER(0) > int setup_fault_attr(struct fault_attr *attr, char *str); > bool should_fail(struct fault_attr *attr, ssize_t size); > > Index: linux-2.6/lib/Kconfig.debug > =================================================================== > --- linux-2.6.orig/lib/Kconfig.debug 2018-04-25 15:56:16.000000000 +0200 > +++ linux-2.6/lib/Kconfig.debug 2018-04-25 21:39:45.000000000 +0200 > @@ -1527,6 +1527,21 @@ config FAIL_PAGE_ALLOC > help > Provide fault-injection capability for alloc_pages(). > > +config FAIL_KVMALLOC_FALLBACK_PROBABILITY > + int "Default kvmalloc fallback probability" > + depends on FAULT_INJECTION > + range 0 100 > + default "0" > + help > + This option will make kvmalloc randomly fall back to vmalloc. > + Normally, kvmalloc falls back to vmalloc only rarely, if memory > + is fragmented. > + > + This option helps to detect hard-to-reproduce driver bugs, for > + example using DMA API on the result of kvmalloc. > + > + The default may be overridden with the kvmalloc_fallback parameter. > + > config FAIL_MAKE_REQUEST > bool "Fault-injection capability for disk IO" > depends on FAULT_INJECTION && BLOCK > Index: linux-2.6/mm/util.c > =================================================================== > --- linux-2.6.orig/mm/util.c 2018-04-25 15:48:39.000000000 +0200 > +++ linux-2.6/mm/util.c 2018-04-25 21:43:31.000000000 +0200 > @@ -14,6 +14,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -377,6 +378,29 @@ unsigned long vm_mmap(struct file *file, > } > EXPORT_SYMBOL(vm_mmap); > > +#ifdef CONFIG_FAULT_INJECTION > + > +static struct fault_attr kvmalloc_fallback = > + FAULT_ATTR_INITIALIZER(CONFIG_FAIL_KVMALLOC_FALLBACK_PROBABILITY); > + > +static int __init setup_kvmalloc_fallback(char *str) > +{ > + return setup_fault_attr(&kvmalloc_fallback, str); > +} > + > +__setup("kvmalloc_fallback=", setup_kvmalloc_fallback); > + > +#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS > +static int __init kvmalloc_fallback_debugfs_init(void) > +{ > + fault_create_debugfs_attr("kvmalloc_fallback", NULL, &kvmalloc_fallback); > + return 0; > +} > +late_initcall(kvmalloc_fallback_debugfs_init); > +#endif > + > +#endif > + > /** > * kvmalloc_node - attempt to allocate physically contiguous memory, but upon > * failure, fall back to non-contiguous (vmalloc) allocation. > @@ -404,6 +428,11 @@ void *kvmalloc_node(size_t size, gfp_t f > */ > WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL); > > +#ifdef CONFIG_FAULT_INJECTION > + if (should_fail(&kvmalloc_fallback, size)) > + goto do_vmalloc; > +#endif > + > /* > * We want to attempt a large physically contiguous block first because > * it is less likely to fragment multiple larger blocks and therefore > @@ -427,6 +456,7 @@ void *kvmalloc_node(size_t size, gfp_t f > if (ret || size <= PAGE_SIZE) > return ret; > > +do_vmalloc: __maybe_unused > return __vmalloc_node_flags_caller(size, node, flags, > __builtin_return_address(0)); > } > Index: linux-2.6/kernel/futex.c > =================================================================== > --- linux-2.6.orig/kernel/futex.c 2018-02-14 20:24:42.000000000 +0100 > +++ linux-2.6/kernel/futex.c 2018-04-25 21:11:33.000000000 +0200 > @@ -288,7 +288,7 @@ static struct { > > bool ignore_private; > } fail_futex = { > - .attr = FAULT_ATTR_INITIALIZER, > + .attr = FAULT_ATTR_INITIALIZER(0), > .ignore_private = false, > }; > > Index: linux-2.6/mm/failslab.c > =================================================================== > --- linux-2.6.orig/mm/failslab.c 2018-04-16 21:08:36.000000000 +0200 > +++ linux-2.6/mm/failslab.c 2018-04-25 21:11:40.000000000 +0200 > @@ -9,7 +9,7 @@ static struct { > bool ignore_gfp_reclaim; > bool cache_filter; > } failslab = { > - .attr = FAULT_ATTR_INITIALIZER, > + .attr = FAULT_ATTR_INITIALIZER(0), > .ignore_gfp_reclaim = true, > .cache_filter = false, > }; > Index: linux-2.6/mm/page_alloc.c > =================================================================== > --- linux-2.6.orig/mm/page_alloc.c 2018-04-16 21:08:36.000000000 +0200 > +++ linux-2.6/mm/page_alloc.c 2018-04-25 21:11:47.000000000 +0200 > @@ -3055,7 +3055,7 @@ static struct { > bool ignore_gfp_reclaim; > u32 min_order; > } fail_page_alloc = { > - .attr = FAULT_ATTR_INITIALIZER, > + .attr = FAULT_ATTR_INITIALIZER(0), > .ignore_gfp_reclaim = true, > .ignore_gfp_highmem = true, > .min_order = 1, > >