Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp890473pxb; Wed, 27 Oct 2021 14:33:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzI58HsIHNfLd63rGwm7GJyyZaNRSwVd6wMn1TFCfDRBZTSk4dUnnQANkETpmpPyZn3L6+0 X-Received: by 2002:a17:90b:4a8d:: with SMTP id lp13mr8457981pjb.240.1635370414095; Wed, 27 Oct 2021 14:33:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635370414; cv=none; d=google.com; s=arc-20160816; b=0tRDorM/3v+0Yk6uDtI6MUb6JHygkdBzRKCOph0kMbPyf8K9eDLYt6StlsDH6h0kRl uKIrxCCzcpZ+iFzomEFTN/V1zTe0OjlVHIA/ksYpNb6HFwiMs7D9UHmbfccHGMZAOnpn SO29mQ13SfJCKnpGa8nmAyUY8XQgE0jt86tfBWZ2z5rso51QQMi+qHmA5IdDXoh2GNQb /rnWm4fk2hVSKUywIs17FfA0bJISDTclyLw+gHujPssGymezb/dWxAR2wuth7Ik1AOAR 2J18w6YKIDU7r2FgbSQSp7pVBvCFXwZa8uiqWm07GYfa855BQ2Jo8turkZ2BniSOKImd dGHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=eTPGGY5lRCDLBi6dC5IO32LUKxcN06wIGk1r7lIVLSo=; b=FF8pGj8xLmIkBGJ/EzfSF5GgNfFVaf/NiG+Me8qSIbq3sFHLvb+zPFqbxmrsZsYF3Y VK5ZRj+ZpgwMxEdMVfZF0jXANKhZOCHkH+sG/24l6Eofrs3Rd7ialR/Iq/a+AFIhaj/e UiYdoTCSP1uyKaZE4GVAhKC6bQiYF2lpdJYB9Jo7fjRuc53BiIbRkPr+vzuuA5piox5W achGVTJ0apPGZdz1Zh+y44HXD9G7GKUodIltwmkBmNx20LEy/A5OUhlDZKuFZ63tvKHc BRbTiInCp1FEEtu/Np9vEgC3TI03eX1xLoEQXdehiXcAokAnd4EVIZrLT7jWo+koOKWO BwNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=d3wjkgrf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k7si1246404plk.445.2021.10.27.14.33.21; Wed, 27 Oct 2021 14:33:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=d3wjkgrf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238360AbhJ0SaG (ORCPT + 97 others); Wed, 27 Oct 2021 14:30:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238290AbhJ0SaF (ORCPT ); Wed, 27 Oct 2021 14:30:05 -0400 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8A7DC061570 for ; Wed, 27 Oct 2021 11:27:39 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id i26so4319316ljg.7 for ; Wed, 27 Oct 2021 11:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eTPGGY5lRCDLBi6dC5IO32LUKxcN06wIGk1r7lIVLSo=; b=d3wjkgrfbqcygeWm6K/TtNmo32Mpi/IvWJLl5UmypGRAf01wECJBMI5oO6ZlCl7qfg kXxZKIMk1Hd3etghlMO0DF8OBeeQDZqxG+A97FEd+MR+G92uCtX7rGbLKD1qhsQW00VE hKRgadi2AztZburwCJd4Z1+tzPZJDoqhKJCrDO2EiSdQgweRWRn4fVv5+GX4swPMf7FH 8iQF+zzjdnwFD2o7TqZRU///noJZNQruC4Z4+YkOpzMF287IW/ePgpl8ewJBYjODSmR0 pluAlAFLYSCqFcxQsw935K3sqFD7E4hV/QSA5u0DJaCDiLZRcgpwlDdd2ADfdA231iih jsxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eTPGGY5lRCDLBi6dC5IO32LUKxcN06wIGk1r7lIVLSo=; b=P+W8lOdLu/tBHrfbY4o+1ady2XHCAWMkq5jb/EcC3Omz21m4nL5eaoF8gEIBdo1bqZ OeFr+0YCccknHx+kLqDsgJA/WT4WO02lKBlBuS6alziPPBqlQ4PuVIyI4+XB9e/0+rdl NM48htALZqzsx8Ggyc1OdGYOuCWpwwrrPW6hqMesn73kBmexGGpmMeTvh6gQDwRLra1J yfR/B5X325NqIbA2SdR8fEueuH+mnppi3Q8ZIkKLm2w564b5eTdV5AAf0ceWdhb+RFlj sJSkNpsjxtmtoza5sKHlpJwUhm/qU6Kwv+d3pN/HhD96xRWeRIv59I+MC/T1p/emS8HT t/uQ== X-Gm-Message-State: AOAM531MNIhcTeZWg/95/Y1QW1MstiE1RcVCrbNxNCiVu0meuiY/Jafl 8QKkLUMmCNt4xYxJ3Nf4qxcNO7dNujRNw651etC96g== X-Received: by 2002:a2e:810c:: with SMTP id d12mr34769148ljg.177.1635359258205; Wed, 27 Oct 2021 11:27:38 -0700 (PDT) MIME-Version: 1.0 References: <20211026173822.502506-1-pasha.tatashin@soleen.com> <20211026173822.502506-4-pasha.tatashin@soleen.com> <7b131cb1-68d8-6746-f9c1-2b01d4838869@nvidia.com> In-Reply-To: From: Pasha Tatashin Date: Wed, 27 Oct 2021 14:27:01 -0400 Message-ID: Subject: Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() To: John Hubbard Cc: LKML , linux-mm , linux-m68k@lists.linux-m68k.org, Anshuman Khandual , Matthew Wilcox , Andrew Morton , william.kucharski@oracle.com, Mike Kravetz , Vlastimil Babka , Geert Uytterhoeven , schmitzmic@gmail.com, Steven Rostedt , Ingo Molnar , Johannes Weiner , Roman Gushchin , Muchun Song , weixugc@google.com, Greg Thelen Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 27, 2021 at 1:12 AM John Hubbard wrote: > > On 10/26/21 11:21, Pasha Tatashin wrote: > > It must return the same thing, if it does not we have a bug in our > > kernel which may lead to memory corruptions and security holes. > > > > So today we have this: > > VM_BUG_ON_PAGE(page_ref_count(page), page); -> check ref_count is 0 > > < What if something modified here? Hmm..> > > set_page_count(page, 1); -> Yet we reset it to 1. > > > > With my proposed change: > > VM_BUG_ON_PAGE(page_ref_count(page), page); -> check ref_count is 0 > > refcnt = page_ref_inc_return(page); -> ref_count better be 1. > > VM_BUG_ON_PAGE(refcnt != 1, page); -> Verify that it is 1. > > > > Yes, you are just repeating what the diffs say. > > But it's still not good to have this function name doing something completely > different than its name indicates. I see, I can rename it to: 'set_page_recounted/get_page_recounted' ? > > >> > >> I understand where this patchset is going, but this intermediate step is > >> not a good move. > >> > >> Also, for the overall series, if you want to change from > >> "set_page_count()" to "inc_and_verify_val_equals_one()", then the way to > >> do that is *not* to depend solely on VM_BUG*() to verify. Instead, > >> return something like -EBUSY if incrementing the value results in a > >> surprise, and let the caller decide how to handle it. > > > > Actually, -EBUSY would be OK if the problems were because we failed to > > modify refcount for some reason, but if we modified refcount and got > > an unexpected value (i.e underflow/overflow) we better report it right > > away instead of waiting for memory corruption to happen. > > > > Having the caller do the BUG() or VM_BUG*() is not a significant delay. We cannot guarantee that new callers in the future will check return values, the idea behind this work is to ensure that we are always protected from refcount underflow/overflow and invalid refcount modifications by set_refcount. Pasha