Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <efd5fb89-4f60-bee1-c183-5a9f89209718@redhat.com>
Date:   Tue, 16 May 2023 14:40:34 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
Subject: Re: [PATCH 1/3] mm: Move arch_do_swap_page() call to before
 swap_free()
Content-Language: en-US
To:     Peter Collingbourne <pcc@google.com>
Cc:     Catalin Marinas <catalin.marinas@arm.com>,
        =?UTF-8?B?UXVuLXdlaSBMaW4gKOael+e+pOW0tCk=?= 
        <Qun-wei.Lin@mediatek.com>, linux-arm-kernel@lists.infradead.org,
        linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        "surenb@google.com" <surenb@google.com>,
        =?UTF-8?B?Q2hpbndlbiBDaGFuZyAo5by16Yym5paHKQ==?= 
        <chinwen.chang@mediatek.com>,
        "kasan-dev@googlegroups.com" <kasan-dev@googlegroups.com>,
        =?UTF-8?B?S3Vhbi1ZaW5nIExlZSAo5p2O5Yag56mOKQ==?= 
        <Kuan-Ying.Lee@mediatek.com>,
        =?UTF-8?B?Q2FzcGVyIExpICjmnY7kuK3mpq4p?= <casper.li@mediatek.com>,
        "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
        vincenzo.frascino@arm.com,
        Alexandru Elisei <alexandru.elisei@arm.com>, will@kernel.org,
        eugenis@google.com, Steven Price <steven.price@arm.com>,
        stable@vger.kernel.org
References: <20230512235755.1589034-1-pcc@google.com>
 <20230512235755.1589034-2-pcc@google.com>
 <7471013e-4afb-e445-5985-2441155fc82c@redhat.com>
 <ZGLLSYuedMsViDQG@google.com>
From:   David Hildenbrand <david@redhat.com>
Organization: Red Hat
In-Reply-To: <ZGLLSYuedMsViDQG@google.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: bulk

On 16.05.23 02:16, Peter Collingbourne wrote:
> On Sat, May 13, 2023 at 05:29:53AM +0200, David Hildenbrand wrote:
>> On 13.05.23 01:57, Peter Collingbourne wrote:
>>> Commit c145e0b47c77 ("mm: streamline COW logic in do_swap_page()") moved
>>> the call to swap_free() before the call to set_pte_at(), which meant that
>>> the MTE tags could end up being freed before set_pte_at() had a chance
>>> to restore them. One other possibility was to hook arch_do_swap_page(),
>>> but this had a number of problems:
>>>
>>> - The call to the hook was also after swap_free().
>>>
>>> - The call to the hook was after the call to set_pte_at(), so there was a
>>>     racy window where uninitialized metadata may be exposed to userspace.
>>>     This likely also affects SPARC ADI, which implements this hook to
>>>     restore tags.
>>>
>>> - As a result of commit 1eba86c096e3 ("mm: change page type prior to
>>>     adding page table entry"), we were also passing the new PTE as the
>>>     oldpte argument, preventing the hook from knowing the swap index.
>>>
>>> Fix all of these problems by moving the arch_do_swap_page() call before
>>> the call to free_page(), and ensuring that we do not set orig_pte until
>>> after the call.
>>>
>>> Signed-off-by: Peter Collingbourne <pcc@google.com>
>>> Suggested-by: Catalin Marinas <catalin.marinas@arm.com>
>>> Link: https://linux-review.googlesource.com/id/I6470efa669e8bd2f841049b8c61020c510678965
>>> Cc: <stable@vger.kernel.org> # 6.1
>>> Fixes: ca827d55ebaa ("mm, swap: Add infrastructure for saving page metadata on swap")
>>> Fixes: 1eba86c096e3 ("mm: change page type prior to adding page table entry")
>>
>> I'm confused. You say c145e0b47c77 changed something (which was after above
>> commits), indicate that it fixes two other commits, and indicate "6.1" as
>> stable which does not apply to any of these commits.
> 
> Sorry, the situation is indeed a bit confusing.
> 
> - In order to make the arch_do_swap_page() hook suitable for fixing the
>    bug introduced by c145e0b47c77, patch 1 addresses a number of issues,
>    including fixing bugs introduced by ca827d55ebaa and 1eba86c096e3,
>    but we haven't fixed the c145e0b47c77 bug yet, so there's no Fixes:
>    tag for it yet.
> 
> - Patch 2, relying on the fixes in patch 1, makes MTE install an
>    arch_do_swap_page() hook (indirectly, by making arch_swap_restore()
>    also hook arch_do_swap_page()), thereby fixing the c145e0b47c77 bug.
> 

Oh. That's indeed confusing. Maybe that should all be squashed to have 
one logical fix for the overall problem. It's especially confusing 
because this patch here fixes the other two issues touches code moved by 
c145e0b47c77.

> - 6.1 is the first stable version in which all 3 commits in my Fixes: tags
>    are present, so that is the version that I've indicated in my stable
>    tag for this series. In theory patch 1 could be applied to older kernel
>    versions, but it wouldn't fix any problems that we are facing with MTE
>    (because it only fixes problems relating to the arch_do_swap_page()
>    hook, which older kernel versions don't hook with MTE), and there are
>    some merge conflicts if we go back further anyway. If the SPARC folks
>    (the previous only user of this hook) want to fix these issues with ADI,
>    they can propose their own backport.

Sometimes, it's a good idea to not specify a stable version and rather 
let the Fixes: tags imply that.

-- 
Thanks,

David / dhildenb