Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp230827pxb; Wed, 11 Nov 2020 02:07:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJyKlNhtAzmsC8FDSbDk86tOQqeCNd0tL6IS/xX207AOm1of/MRV6oQsgtTnbl9UPxZIllCE X-Received: by 2002:a05:6402:a57:: with SMTP id bt23mr3973193edb.62.1605089262344; Wed, 11 Nov 2020 02:07:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605089262; cv=none; d=google.com; s=arc-20160816; b=Csb6wSXYSWRKAev7z0+AZFybgRBkiH+CODRdP9w0KL8oTdbimkKSX1mLZ2Lvw+h+jL YWlKmCYyE7fw7/oMX3bQnXXG1FWdUtfGhl4mmmuzS7DMbiD/ANc2VoTzdMIsMyakJeEC wQ5KXxiMGFPSMJJF8zxOk00VvIVuREYmAmTU+RhW/CNk+np2BApAqS3dh1lxGi9K8S1T xyg424xk4FsWfBI7Ve7Z1h14eTDEqbtnUTGH7HHJgLHaddoxU/Ve1AcmcqYYItq7rxe2 oSz52O0hWUS2jOsC35uFgnY7FIa6Qw9VXaoGg1Ge/eu2kLI0EtykBAUQM2IswxcGpvxZ i1Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:organization :from:references:cc:to:subject:dkim-signature; bh=bNnwE/rGG9S0P+Kb0qM8Z9JriAsIW+8BA3E4vilBdmc=; b=FA7eUkJdo7lvmy21P3bZeFT26oCAtt4qH1sBxOw5s6NDTbR+DJfoAoE2RxaLq28h9q cRopPr9tWC9aaYF26aVaKVxXIKEQ4Wtoz/6zem286ykcqekXgUGiSCKFu07KCaj6VMJE G7ARMjAHAGbAkB9XWOhCDalL8Waonekuyie+9eaSdUR/DY1Vh+Tyyo9q8N7UJguLvU3J qbyqF+6x+Z75NN0CiO3i+gDALNCJqx+6soEcTK9S/mnRtf3WeuRiQBajb4EdMPQ2NH8x zwLT4M0OM/EuLHs08lyo/AbZCKkrPpqulC9MqaMC1bDMmwfjr1fFiqQrmTXgENHNAKer p4JA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BWViT7TO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x9si1289323edi.434.2020.11.11.02.07.18; Wed, 11 Nov 2020 02:07:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BWViT7TO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727239AbgKKKFc (ORCPT + 99 others); Wed, 11 Nov 2020 05:05:32 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:42475 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726054AbgKKKFb (ORCPT ); Wed, 11 Nov 2020 05:05:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1605089130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bNnwE/rGG9S0P+Kb0qM8Z9JriAsIW+8BA3E4vilBdmc=; b=BWViT7TOrJueHmjVq3vc2XeoMcIRDrNgWvja7O6AKrv5xmoXrkvgoiwH7y+2pakZLHolWL cqj2Mxivgod/rjZqkg+7JcHTT3VGctyuHuHFdFHgHc0y8FnEFPlBGcvYRPkpQ767nrSpov XWUpyiW8jL7nPhnUhAChSo1iDvwSX/0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-471-SuXopVekMZWZAFOiF4iqNQ-1; Wed, 11 Nov 2020 05:05:26 -0500 X-MC-Unique: SuXopVekMZWZAFOiF4iqNQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 40FDF188C129; Wed, 11 Nov 2020 10:05:24 +0000 (UTC) Received: from [10.36.114.151] (ovpn-114-151.ams2.redhat.com [10.36.114.151]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1CE016EF5B; Wed, 11 Nov 2020 10:05:21 +0000 (UTC) Subject: Re: [PATCH v1] mm/page_alloc: clear pages in alloc_contig_pages() with init_on_alloc=1 or __GFP_ZERO To: Vlastimil Babka , Michal Hocko Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , Alexander Potapenko , Mike Kravetz , Mike Rapoport , Oscar Salvador , Kees Cook , Michael Ellerman References: <20201110193240.25401-1-david@redhat.com> <20201111084738.GT12240@dhcp22.suse.cz> <4ebc711e-7fbc-62aa-b88f-3d6ffa9379ff@redhat.com> From: David Hildenbrand Organization: Red Hat GmbH Message-ID: <5e104380-c0b1-4911-b484-b6e1e1c46f7d@redhat.com> Date: Wed, 11 Nov 2020 11:05:21 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11.11.20 10:58, Vlastimil Babka wrote: > On 11/11/20 10:06 AM, David Hildenbrand wrote: >> On 11.11.20 09:47, Michal Hocko wrote: >>> On Tue 10-11-20 20:32:40, David Hildenbrand wrote: >>>> commit 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and >>>> init_on_free=1 boot options") resulted with init_on_alloc=1 in all pages >>>> leaving the buddy via alloc_pages() and friends to be >>>> initialized/cleared/zeroed on allocation. >>>> >>>> However, the same logic is currently not applied to >>>> alloc_contig_pages(): allocated pages leaving the buddy aren't cleared >>>> with init_on_alloc=1 and init_on_free=0. Let's also properly clear >>>> pages on that allocation path and add support for __GFP_ZERO. >>> >>> AFAIR we do not have any user for __GFP_ZERO right? Not that this is >> >> Sorry, I had extended information under "---" but accidentally >> regenerated the patch before sending it out. >> >> __GFP_ZERO is not used yet. It's intended to be used in >> https://lkml.kernel.org/r/20201029162718.29910-1-david@redhat.com >> and I can move that change into a separate patch if desired. >> >>> harmful but it is better to call that explicitly because a missing >>> implementation would be a real problem and as such a bug fix. >>> >>> I am also not sure handling init_on_free at the higher level is good. >>> As we have discussed recently the primary point of this feature is to >>> add clearing at very few well defined entry points rather than spill it over >>> many places. In this case the entry point for the allocator is >>> __isolate_free_page which removes pages from the page allocator. I >>> haven't checked how much this is used elsewhere but I would expect >>> init_on_alloc to be handled there. >> >> Well, this is the entry point to our range allocator, which lives in >> page_alloc.c - used by actual high-level allocators (CMA, gigantic >> pages, etc). It's just a matter of taste where we want to have that >> handling exactly inside our allocator. > > I agree alloc_contig_range() is fine as an entry point. Thanks, let's see if Michal insists of having this somewhere inside isolate_freepages_range() instead. -- Thanks, David / dhildenb