Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3537556pxb; Mon, 24 Jan 2022 11:41:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJyzcyBaCepRALsS8chAsOn5MU/VQIHsKO7c2nQBIE6vEdvtC09GbXv8D5IiV9eIj06XRd+K X-Received: by 2002:a17:902:9001:b0:14a:a1b2:1e6d with SMTP id a1-20020a170902900100b0014aa1b21e6dmr15634205plp.124.1643053312713; Mon, 24 Jan 2022 11:41:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643053312; cv=none; d=google.com; s=arc-20160816; b=XNVEs58bjK43BmuvUOwErOonEyHIiGZamY6Phx3UUWDRv5in+Vz32LsQaH+kWm2Thn L0YJ2iQFkZLmMJNNLNLX4o5dw+dKXpGScGN0QZMp5QhGfQd9VNe+WhXQWefMMmJjRMe7 GUbsmOAyuPv8i9mq3/4+DG98A6c33f3b70MFtKcnE0ay8CRoOilhHjZ55vSdpn9B8u0+ jmp6fFssSEyKIIuFyP7XF6AKkpoHKIfG2tgjwhRZTgn6LZCnIXAFTxfELEZC6osqYWv6 05OyJKqroK44VFVDGO8iJ59WXUvDPAKT9beKLzM5Yxd9LOsmIsoGv3HqCUEj90ILODrG sRTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=xryK/mEgi9MgM4urrErNLEfDy5dITW8r2qeFkYk3a0c=; b=sZaXVYnaRh2jWRttd2Rh2OeOrfMkfr9ETcwUseB7zrw+OY66lGjTGqlFzUyCiH5L7F uX+Yt6+dXdJAZAFTlzNpweQw5Wwro8l90fHSwIz5c/TH2S1R5WVVCfGsLD+mDkSH8EIb q1Vj78ROJ9vJuCGhdAm/gSernRICTo2K8MDjNBzJ7EQjviVlJJyc82odr0nW9EjhSbXl psBS+GzEKKJCP5H9pur80ECoBWRNXJVBjFTQyaTVZdjZIZ0gfLkXYCfWGWj9Vi/sXnRH Q7DzaEbKDw506m3xzjfSGH/qv39SOLIgLXeZt1jzqNpLcfAZqADE0E8o+h1s+Ym6aPSu pThw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=qei7F8QN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mm21si203725pjb.144.2022.01.24.11.41.39; Mon, 24 Jan 2022 11:41:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=qei7F8QN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244518AbiAXRZr (ORCPT + 99 others); Mon, 24 Jan 2022 12:25:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232076AbiAXRZq (ORCPT ); Mon, 24 Jan 2022 12:25:46 -0500 Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1443AC06173B; Mon, 24 Jan 2022 09:25:46 -0800 (PST) Received: by mail-io1-xd2b.google.com with SMTP id w7so20412514ioj.5; Mon, 24 Jan 2022 09:25:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xryK/mEgi9MgM4urrErNLEfDy5dITW8r2qeFkYk3a0c=; b=qei7F8QNutg9V2rXEzUW7gnZppcqvD7+oKb9evsAApMMCgAScr35oSnti9hkeqMIEu lb9CT69JKpgXHKiIKO5QvzDPsluVr0r00TQSeYQCVgpFBJ0k8qZSBCBgv+MqNfldTbZd Mi1O1wWBWNEqBadRKGMfzz6Ffd/LNi9pYYxiWvsXGE2A1pO7/cpCMeuE7bugLS+3HG2n 7oG+s8OJnfP1j1MQEpeRUOj/mSglD/aIFWL3IRhHY0WpePTJgnegdHqYvifCVCO3qVlS qp/s5GjoANHv+3RoF9pol4gZAtTaHGK06ywBdWBLXvgEYzZxnIsU4dh7wouWhlc9018q N6Lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xryK/mEgi9MgM4urrErNLEfDy5dITW8r2qeFkYk3a0c=; b=nTOiRDiezEN7l0yy3HjarNIov4vU0dUbEP3DKcfRMEUBUN6aweXyggJhce48jiLbAw HsWeTzQuFHxtoQQkkzN7NbTqIcvICgh+ECaVQMhNIOpXZzgxRhax+WF496kbFPuzLhfw CrQVe3SdcJ+JnV/XN3077uPmV+8yuJY3Efha7y/J+LeR+HAqW2SMCw8bAoSO7EKAsn2d F+Dmbmy2gPcbUATj9V0E/ODPszxWAmpQCj3CbBQv4V2hh4KXTp6BeI/f8iqXmTHbakc4 EiZaoMweekVzalbm/CduKOKovX6RkgNu/o8ALaJ3N3XqiZzKzwICY0AuB73MFH63SVNa 6C0w== X-Gm-Message-State: AOAM530Rk28G6i6nY32I0GVAkL/UdoEto+bK5eslH7TGZvPK4Ip9QHbf 2yaSjxcTrOpek3mF86rVSNhoJGuVbN/lTbGUJTM= X-Received: by 2002:a05:6602:1646:: with SMTP id y6mr8654444iow.99.1643045145518; Mon, 24 Jan 2022 09:25:45 -0800 (PST) MIME-Version: 1.0 References: <20220120020148.1632253-1-pcc@google.com> In-Reply-To: From: Andrey Konovalov Date: Mon, 24 Jan 2022 18:25:34 +0100 Message-ID: Subject: Re: [PATCH v3] mm: use compare-exchange operation to set KASAN page tag To: Peter Collingbourne Cc: Andrew Morton , Linux Memory Management List , LKML , Peter Zijlstra , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 24, 2022 at 6:22 PM Andrey Konovalov wrote: > > On Thu, Jan 20, 2022 at 3:02 AM Peter Collingbourne wrote: > > > > It has been reported that the tag setting operation on newly-allocated > > pages can cause the page flags to be corrupted when performed > > concurrently with other flag updates as a result of the use of > > non-atomic operations. Fix the problem by using a compare-exchange > > loop to update the tag. > > > > Signed-off-by: Peter Collingbourne > > Link: https://linux-review.googlesource.com/id/I456b24a2b9067d93968d43b4bb3351c0cec63101 > > Fixes: 2813b9c02962 ("kasan, mm, arm64: tag non slab memory allocated via pagealloc") > > Cc: stable@vger.kernel.org > > --- > > v3: > > - use try_cmpxchg() as suggested by Peter Zijlstra on another > > patch > > > > v2: > > - use READ_ONCE() > > > > include/linux/mm.h | 17 ++++++++++++----- > > 1 file changed, 12 insertions(+), 5 deletions(-) > > > > diff --git a/include/linux/mm.h b/include/linux/mm.h > > index c768a7c81b0b..87473fe52c3f 100644 > > --- a/include/linux/mm.h > > +++ b/include/linux/mm.h > > @@ -1531,11 +1531,18 @@ static inline u8 page_kasan_tag(const struct page *page) > > > > static inline void page_kasan_tag_set(struct page *page, u8 tag) > > { > > - if (kasan_enabled()) { > > - tag ^= 0xff; > > - page->flags &= ~(KASAN_TAG_MASK << KASAN_TAG_PGSHIFT); > > - page->flags |= (tag & KASAN_TAG_MASK) << KASAN_TAG_PGSHIFT; > > - } > > + unsigned long old_flags, flags; > > + > > + if (!kasan_enabled()) > > + return; > > + > > + tag ^= 0xff; > > + old_flags = READ_ONCE(page->flags); > > + do { > > + flags = old_flags; > > + flags &= ~(KASAN_TAG_MASK << KASAN_TAG_PGSHIFT); > > + flags |= (tag & KASAN_TAG_MASK) << KASAN_TAG_PGSHIFT; > > + } while (unlikely(!try_cmpxchg(&page->flags, &old_flags, flags))); > > } > > > > static inline void page_kasan_tag_reset(struct page *page) > > -- > > 2.34.1.703.g22d0c6ccf7-goog > > > > Reviewed-by: Andrey Konovalov > > FWIW, try_cmpxchg() doesn't seem to be doing annotated atomic accesses > when accessing old_flags, so using READ_ONCE() in page_kasan_tag_set() > seems pointless after all. Ah, nevermind. For a second I thought that try_cmpxchg() is actually accessing page->flags through its second argument.