Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp723058pxb; Fri, 28 Jan 2022 08:38:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJzIAyJj1rVrJZc86/z6bUV4/lAujEah+2bNngfEo/Z53nQQXqu0NKdPk5fH7mBrAgthvPWm X-Received: by 2002:a17:906:489b:: with SMTP id v27mr1571495ejq.120.1643387888956; Fri, 28 Jan 2022 08:38:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643387888; cv=none; d=google.com; s=arc-20160816; b=noeT6q+1WsQuRV5+4IKfJHxefsNsEOhccTBjf8sv3gV2PdVf4f5n2y/0cgbKC6em/B ZvlMr52XZA6MJ5384AGbYjt9hFxIMsUFqMppKerVNUSIc3JbBaWQPLuuI/qMfCZVFlED owG3LSAERhCXRtz6NsKUaGQmHAf18YBTixjLlFBY9EmNM/bLTiYb7hlmNe7t58rjH2o7 1tB5MrPPU7cF5ydZzSyWNq+ZOnCqGJf5uJAfyCYM0mztK9/wZgqebvFGOt702rVRDhjH tkIrwEt/EjQysv9cBzZyUI7wCVoKdRcaHNPLwelQytOKzQwfj9s/x2TU4vi7yU7+/5iK 1Okw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=BFb8NFrlSpLTas5OqZUZmins6ncV7W5Rmo5+3meVR3g=; b=DqAo+1prCDcVJTsHPMWBq8gZv+NnNHSvKjJKzChnY/SqiTn4UBxPFDYmyBg4pSRH+Z 1O2Bo2zQbQLvSrUB+wRDAcgQj71PRXwZ3a9reD0GgCNDSjjRUbyxBB3JxYONx4+7JMdR QlBBpDElvjfApmdCyaVxWWRhL/4xystyAnKc4ICcP68xob8JdlNhToE3Vwsaw0cDu/1G QS9qQx5vU0+xYwIhk2jK+ibDEqadyhi2cRpq+SzpXfy6zII4WUCVviNt47NzSWOhWbaQ 1M/NBIKCaxIZk0erBdmHB5lYIX91ZusjhUSM+/85DLXo5bnICShcUI8f2KsxOfKDFbgI dn4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=Y1M+Bf1w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h14si3743346edl.217.2022.01.28.08.37.44; Fri, 28 Jan 2022 08:38:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=Y1M+Bf1w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245629AbiA0Tjc (ORCPT + 99 others); Thu, 27 Jan 2022 14:39:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240050AbiA0Tja (ORCPT ); Thu, 27 Jan 2022 14:39:30 -0500 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79FF1C061714 for ; Thu, 27 Jan 2022 11:39:30 -0800 (PST) Received: by mail-ej1-x62a.google.com with SMTP id ah7so8243082ejc.4 for ; Thu, 27 Jan 2022 11:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BFb8NFrlSpLTas5OqZUZmins6ncV7W5Rmo5+3meVR3g=; b=Y1M+Bf1wwslphNC9H9x0VpVivB/SCcil9aYfoAVt13yg5Ovnt7H3lIEMuriqtFhlpv ekrnPLi/jLCjKpYhcBiKQBI9U8Q2idhM5Y2jnY5rVDWUw1D6PturF4Qp5HxF07TKCc1Z hVPZC4maBNEUCfeGSOEebJPeP6XLJ/2fdS8qKWy0JeBADfPYrbrLx2OhCFPxksMVJcQc pfFFyD8UgurIoPS2TtPatrHLxpKUCG+aG2YLdtHhjbazAXLDlRPMwy5COPM6VtOcVKhi 0rl/2OvACuxdK0d4eD5XYawWhm3ABq00YjIyLHYSPCUVqI1G0PbJJKlCvEeYhPk9CmHS MKfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BFb8NFrlSpLTas5OqZUZmins6ncV7W5Rmo5+3meVR3g=; b=uWeOikz6qygq0OnYKiSXNAVqbwbarNj00YOuvJ5Ik2v/MujixmIAEWbrp79lNijXu/ 4OEQoAS1vEEFPDnMaYnMW0MVpN7qrhV5eag6MQW10Xbhe+YusVjHpC1w6H6kuiiGixSA j+FRhrxqBJcMTKs83gSW8PaOpFzn3oQeGag/FPYNj1UttDL+0jOexvegl5CAgO0OCd+k 2g1RcbgvH1dlQQSrAXY/+CUT4Ow5AREN+J/VUT3ueawIKpfwdNBG6H0o2Dojt7muoiTH nkVcY1QyCuq2rjhgoJo1gUZ+UiBbKXrPdgtwYVvPUzoBPDAFYn2BPVbXfaUK4nQRSk06 jBgw== X-Gm-Message-State: AOAM530unqjZIPIMuj6ZfokeMWp1IFKsA70Srt5oH3fbuba59KnfDhCB K2e1Klj1RsdEqTW1/fbT2Vuh5mIJ/NTPNUidxuVEiA== X-Received: by 2002:a17:906:dc92:: with SMTP id cs18mr4099175ejc.590.1643312369033; Thu, 27 Jan 2022 11:39:29 -0800 (PST) MIME-Version: 1.0 References: <20220126183429.1840447-1-pasha.tatashin@soleen.com> <20220126183429.1840447-2-pasha.tatashin@soleen.com> In-Reply-To: From: Pasha Tatashin Date: Thu, 27 Jan 2022 14:38:52 -0500 Message-ID: Subject: Re: [PATCH v3 1/9] mm: add overflow and underflow checks for page->_refcount To: Vlastimil Babka Cc: Matthew Wilcox , LKML , linux-mm , linux-m68k@lists.linux-m68k.org, Anshuman Khandual , Andrew Morton , william.kucharski@oracle.com, Mike Kravetz , Geert Uytterhoeven , schmitzmic@gmail.com, Steven Rostedt , Ingo Molnar , Johannes Weiner , Roman Gushchin , Muchun Song , Wei Xu , Greg Thelen , David Rientjes , Paul Turner , Hugh Dickins Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > This is not only about chasing a bug. This also about preventing > > memory corruption and information leaking that are caused by ref_count > > bugs from happening. > > So you mean it like a security hardening feature, not just debugging? To me > it's dubious to put security hardening under CONFIG_DEBUG_VM. I think it's > just Fedora that uses DEBUG_VM in general production kernels? In our (Google) internal kernel, I added another macro: PAGE_REF_BUG(cond, page) to replace VM_BUG_ON_PAGE() in page_ref.h. The new macro keeps the asserts always enabled. I was thinking of adding something like this to the upstream kernel as well, however, I am worried about performance implications of having extra conditions in these routines, so I think we would need yet another config which decouples DEBUG_VM and some security crucial VM asserts. However, to reduce controversial discussions, I decided not to do this as part of this series, and perhaps do it as a follow-up work. Pasha