From: Marco Elver <elver@google.com>
To: Peter Collingbourne <pcc@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
Alexander Potapenko <glider@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Evgenii Stepanov <eugenis@google.com>,
linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org,
kasan-dev@googlegroups.com
Subject: Re: [PATCH v3 1/3] kasan: use separate (un)poison implementation for integrated init
Date: Wed, 26 May 2021 12:12:22 +0200 [thread overview]
Message-ID: <YK4fBogA/rzxEF1f@elver.google.com> (raw)
In-Reply-To: <78af73393175c648b4eb10312825612f6e6889f6.1620849613.git.pcc@google.com>
On Wed, May 12, 2021 at 01:09PM -0700, Peter Collingbourne wrote:
[...]
> +void kasan_alloc_pages(struct page *page, unsigned int order, gfp_t flags);
> +void kasan_free_pages(struct page *page, unsigned int order);
> +
> #else /* CONFIG_KASAN_HW_TAGS */
>
> static inline bool kasan_enabled(void)
> {
> +#ifdef CONFIG_KASAN
> return true;
> +#else
> + return false;
> +#endif
> }
Just
return IS_ENABLED(CONFIG_KASAN);
> static inline bool kasan_has_integrated_init(void)
> @@ -113,8 +113,30 @@ static inline bool kasan_has_integrated_init(void)
> return false;
> }
>
> +static __always_inline void kasan_alloc_pages(struct page *page,
> + unsigned int order, gfp_t flags)
> +{
> + /* Only available for integrated init. */
> + BUILD_BUG();
> +}
> +
> +static __always_inline void kasan_free_pages(struct page *page,
> + unsigned int order)
> +{
> + /* Only available for integrated init. */
> + BUILD_BUG();
> +}
This *should* always work, as long as the compiler optimizes everything
like we expect.
But: In this case, I think this is sign that the interface design can be
improved. Can we just make kasan_{alloc,free}_pages() return a 'bool
__must_check' to indicate if kasan takes care of init?
The variants here would simply return kasan_has_integrated_init().
That way, there'd be no need for the BUILD_BUG()s and the interface
becomes harder to misuse by design.
Also, given that kasan_{alloc,free}_pages() initializes memory, this is
an opportunity to just give them a better name. Perhaps
/* Returns true if KASAN took care of initialization, false otherwise. */
bool __must_check kasan_alloc_pages_try_init(struct page *page, unsigned int order, gfp_t flags);
bool __must_check kasan_free_pages_try_init(struct page *page, unsigned int order);
[...]
> - init = want_init_on_free();
> - if (init && !kasan_has_integrated_init())
> - kernel_init_free_pages(page, 1 << order);
> - kasan_free_nondeferred_pages(page, order, init, fpi_flags);
> + if (kasan_has_integrated_init()) {
> + if (!skip_kasan_poison)
> + kasan_free_pages(page, order);
I think kasan_free_pages() could return a bool, and this would become
if (skip_kasan_poison || !kasan_free_pages(...)) {
...
> + } else {
> + bool init = want_init_on_free();
> +
> + if (init)
> + kernel_init_free_pages(page, 1 << order);
> + if (!skip_kasan_poison)
> + kasan_poison_pages(page, order, init);
> + }
>
> /*
> * arch_free_page() can make the page's contents inaccessible. s390
> @@ -2324,8 +2324,6 @@ static bool check_new_pages(struct page *page, unsigned int order)
> inline void post_alloc_hook(struct page *page, unsigned int order,
> gfp_t gfp_flags)
> {
> - bool init;
> -
> set_page_private(page, 0);
> set_page_refcounted(page);
>
> @@ -2344,10 +2342,16 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
> * kasan_alloc_pages and kernel_init_free_pages must be
> * kept together to avoid discrepancies in behavior.
> */
> - init = !want_init_on_free() && want_init_on_alloc(gfp_flags);
> - kasan_alloc_pages(page, order, init);
> - if (init && !kasan_has_integrated_init())
> - kernel_init_free_pages(page, 1 << order);
> + if (kasan_has_integrated_init()) {
> + kasan_alloc_pages(page, order, gfp_flags);
It looks to me that kasan_alloc_pages() could return a bool, and this
would become
if (!kasan_alloc_pages(...)) {
...
> + } else {
> + bool init =
> + !want_init_on_free() && want_init_on_alloc(gfp_flags);
> +
[ No need for line-break (for cases like this the kernel is fine with up
to 100 cols if it improves readability). ]
> + kasan_unpoison_pages(page, order, init);
> + if (init)
> + kernel_init_free_pages(page, 1 << order);
> + }
Thoughts?
Thanks,
-- Marco
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Marco Elver <elver@google.com>
To: Peter Collingbourne <pcc@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
Alexander Potapenko <glider@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Evgenii Stepanov <eugenis@google.com>,
linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org,
kasan-dev@googlegroups.com
Subject: Re: [PATCH v3 1/3] kasan: use separate (un)poison implementation for integrated init
Date: Wed, 26 May 2021 12:12:22 +0200 [thread overview]
Message-ID: <YK4fBogA/rzxEF1f@elver.google.com> (raw)
In-Reply-To: <78af73393175c648b4eb10312825612f6e6889f6.1620849613.git.pcc@google.com>
On Wed, May 12, 2021 at 01:09PM -0700, Peter Collingbourne wrote:
[...]
> +void kasan_alloc_pages(struct page *page, unsigned int order, gfp_t flags);
> +void kasan_free_pages(struct page *page, unsigned int order);
> +
> #else /* CONFIG_KASAN_HW_TAGS */
>
> static inline bool kasan_enabled(void)
> {
> +#ifdef CONFIG_KASAN
> return true;
> +#else
> + return false;
> +#endif
> }
Just
return IS_ENABLED(CONFIG_KASAN);
> static inline bool kasan_has_integrated_init(void)
> @@ -113,8 +113,30 @@ static inline bool kasan_has_integrated_init(void)
> return false;
> }
>
> +static __always_inline void kasan_alloc_pages(struct page *page,
> + unsigned int order, gfp_t flags)
> +{
> + /* Only available for integrated init. */
> + BUILD_BUG();
> +}
> +
> +static __always_inline void kasan_free_pages(struct page *page,
> + unsigned int order)
> +{
> + /* Only available for integrated init. */
> + BUILD_BUG();
> +}
This *should* always work, as long as the compiler optimizes everything
like we expect.
But: In this case, I think this is sign that the interface design can be
improved. Can we just make kasan_{alloc,free}_pages() return a 'bool
__must_check' to indicate if kasan takes care of init?
The variants here would simply return kasan_has_integrated_init().
That way, there'd be no need for the BUILD_BUG()s and the interface
becomes harder to misuse by design.
Also, given that kasan_{alloc,free}_pages() initializes memory, this is
an opportunity to just give them a better name. Perhaps
/* Returns true if KASAN took care of initialization, false otherwise. */
bool __must_check kasan_alloc_pages_try_init(struct page *page, unsigned int order, gfp_t flags);
bool __must_check kasan_free_pages_try_init(struct page *page, unsigned int order);
[...]
> - init = want_init_on_free();
> - if (init && !kasan_has_integrated_init())
> - kernel_init_free_pages(page, 1 << order);
> - kasan_free_nondeferred_pages(page, order, init, fpi_flags);
> + if (kasan_has_integrated_init()) {
> + if (!skip_kasan_poison)
> + kasan_free_pages(page, order);
I think kasan_free_pages() could return a bool, and this would become
if (skip_kasan_poison || !kasan_free_pages(...)) {
...
> + } else {
> + bool init = want_init_on_free();
> +
> + if (init)
> + kernel_init_free_pages(page, 1 << order);
> + if (!skip_kasan_poison)
> + kasan_poison_pages(page, order, init);
> + }
>
> /*
> * arch_free_page() can make the page's contents inaccessible. s390
> @@ -2324,8 +2324,6 @@ static bool check_new_pages(struct page *page, unsigned int order)
> inline void post_alloc_hook(struct page *page, unsigned int order,
> gfp_t gfp_flags)
> {
> - bool init;
> -
> set_page_private(page, 0);
> set_page_refcounted(page);
>
> @@ -2344,10 +2342,16 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
> * kasan_alloc_pages and kernel_init_free_pages must be
> * kept together to avoid discrepancies in behavior.
> */
> - init = !want_init_on_free() && want_init_on_alloc(gfp_flags);
> - kasan_alloc_pages(page, order, init);
> - if (init && !kasan_has_integrated_init())
> - kernel_init_free_pages(page, 1 << order);
> + if (kasan_has_integrated_init()) {
> + kasan_alloc_pages(page, order, gfp_flags);
It looks to me that kasan_alloc_pages() could return a bool, and this
would become
if (!kasan_alloc_pages(...)) {
...
> + } else {
> + bool init =
> + !want_init_on_free() && want_init_on_alloc(gfp_flags);
> +
[ No need for line-break (for cases like this the kernel is fine with up
to 100 cols if it improves readability). ]
> + kasan_unpoison_pages(page, order, init);
> + if (init)
> + kernel_init_free_pages(page, 1 << order);
> + }
Thoughts?
Thanks,
-- Marco
next prev parent reply other threads:[~2021-05-26 12:36 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-12 20:09 [PATCH v3 0/3] arm64: improve efficiency of setting tags for user pages Peter Collingbourne
2021-05-12 20:09 ` Peter Collingbourne
2021-05-12 20:09 ` [PATCH v3 1/3] kasan: use separate (un)poison implementation for integrated init Peter Collingbourne
2021-05-12 20:09 ` Peter Collingbourne
2021-05-25 22:00 ` Andrey Konovalov
2021-05-25 22:00 ` Andrey Konovalov
2021-05-28 1:04 ` Peter Collingbourne
2021-05-28 1:04 ` Peter Collingbourne
2021-05-26 10:12 ` Marco Elver [this message]
2021-05-26 10:12 ` Marco Elver
2021-05-26 19:27 ` Peter Collingbourne
2021-05-26 19:27 ` Peter Collingbourne
2021-05-26 19:54 ` Marco Elver
2021-05-26 19:54 ` Marco Elver
2021-05-12 20:09 ` [PATCH v3 2/3] arm64: mte: handle tags zeroing at page allocation time Peter Collingbourne
2021-05-12 20:09 ` Peter Collingbourne
2021-05-25 22:00 ` Andrey Konovalov
2021-05-25 22:00 ` Andrey Konovalov
2021-05-12 20:09 ` [PATCH v3 3/3] kasan: allow freed user page poisoning to be disabled with HW tags Peter Collingbourne
2021-05-12 20:09 ` Peter Collingbourne
2021-05-25 22:06 ` Andrey Konovalov
2021-05-25 22:06 ` Andrey Konovalov
2021-05-26 10:45 ` Jann Horn
2021-05-26 10:45 ` Jann Horn
2021-05-28 1:05 ` Peter Collingbourne
2021-05-28 1:05 ` Peter Collingbourne
2021-05-25 19:03 ` [PATCH v3 0/3] arm64: improve efficiency of setting tags for user pages Peter Collingbourne
2021-05-25 19:03 ` Peter Collingbourne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YK4fBogA/rzxEF1f@elver.google.com \
--to=elver@google.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=pcc@google.com \
--cc=vincenzo.frascino@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.