From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3A1DC5519F for ; Mon, 30 Nov 2020 09:38:50 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 5111620825 for ; Mon, 30 Nov 2020 09:38:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5111620825 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 886D38D0002; Mon, 30 Nov 2020 04:38:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 837208D0001; Mon, 30 Nov 2020 04:38:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 74C928D0002; Mon, 30 Nov 2020 04:38:49 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0236.hostedemail.com [216.40.44.236]) by kanga.kvack.org (Postfix) with ESMTP id 5C5238D0001 for ; Mon, 30 Nov 2020 04:38:49 -0500 (EST) Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 0C7C31DFF for ; Mon, 30 Nov 2020 09:38:49 +0000 (UTC) X-FDA: 77540585178.28.badge72_05137c5273a0 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin28.hostedemail.com (Postfix) with ESMTP id D68905DD1 for ; Mon, 30 Nov 2020 09:38:48 +0000 (UTC) X-HE-Tag: badge72_05137c5273a0 X-Filterd-Recvd-Size: 4667 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf02.hostedemail.com (Postfix) with ESMTP for ; Mon, 30 Nov 2020 09:38:48 +0000 (UTC) Received: from gaia (unknown [95.146.230.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5A5C12076E; Mon, 30 Nov 2020 09:38:45 +0000 (UTC) Date: Mon, 30 Nov 2020 09:38:42 +0000 From: Catalin Marinas To: Anshuman Khandual Cc: Christophe Leroy , linux-mm@kvack.org, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, steven.price@arm.com, gerald.schaefer@linux.ibm.com, vgupta@synopsys.com, paul.walmsley@sifive.com Subject: Re: [PATCH 1/2] mm/debug_vm_pgtable/basic: Add validation for dirtiness after write protect Message-ID: <20201130093841.GA3902@gaia> References: <1606453584-15399-1-git-send-email-anshuman.khandual@arm.com> <1606453584-15399-2-git-send-email-anshuman.khandual@arm.com> <20201127094421.GA25070@gaia> <9d9e5c8b-08f6-9ed4-074c-3dafc8fa3717@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <9d9e5c8b-08f6-9ed4-074c-3dafc8fa3717@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Nov 30, 2020 at 09:55:00AM +0530, Anshuman Khandual wrote: > On 11/27/20 3:14 PM, Catalin Marinas wrote: > > On Fri, Nov 27, 2020 at 09:22:24AM +0100, Christophe Leroy wrote: > >> Le 27/11/2020 =E0 06:06, Anshuman Khandual a =E9crit=A0: > >>> This adds validation tests for dirtiness after write protect conver= sion for > >>> each page table level. This is important for platforms such as arm6= 4 that > >>> removes the hardware dirty bit while making it an write protected o= ne. This > >>> also fixes pxx_wrprotect() related typos in the documentation file. > >> > >>> diff --git a/mm/debug_vm_pgtable.c b/mm/debug_vm_pgtable.c > >>> index c05d9dcf7891..a5be11210597 100644 > >>> --- a/mm/debug_vm_pgtable.c > >>> +++ b/mm/debug_vm_pgtable.c > >>> @@ -70,6 +70,7 @@ static void __init pte_basic_tests(unsigned long = pfn, pgprot_t prot) > >>> WARN_ON(pte_young(pte_mkold(pte_mkyoung(pte)))); > >>> WARN_ON(pte_dirty(pte_mkclean(pte_mkdirty(pte)))); > >>> WARN_ON(pte_write(pte_wrprotect(pte_mkwrite(pte)))); > >>> + WARN_ON(pte_dirty(pte_wrprotect(pte))); > >> > >> Wondering what you are testing here exactly. > >> > >> Do you expect that if PTE has the dirty bit, it gets cleared by > >> pte_wrprotect() ? > >> > >> Powerpc doesn't do that, it only clears the RW bit but the dirty > >> bit remains if it is set, until you call pte_mkclean() explicitely. > >=20 > > Arm64 has an unusual way of setting a hardware dirty "bit", it actual= ly > > clears the PTE_RDONLY bit. The pte_wrprotect() sets the PTE_RDONLY bi= t > > back and we can lose the dirty information. Will found this and poste= d > > patches to fix the arm64 pte_wprotect() to set a software PTE_DIRTY i= f > > !PTE_RDONLY (we do this for ptep_set_wrprotect() already). My concern > > was that we may inadvertently make a fresh/clean pte dirty with such > > change, hence the suggestion for the test. > >=20 > > That said, I think we also need a test in the other direction, > > pte_wrprotect() should preserve any dirty information: > >=20 > > WARN_ON(!pte_dirty(pte_wrprotect(pte_mkdirty(pte)))); >=20 > This seems like a generic enough principle which all platforms should > adhere to. But the proposed test WARN_ON(pte_dirty(pte_wrprotect(pte))) > might fail on some platforms if the page table entry came in as a dirty > one and pte_wrprotect() is not expected to alter the dirty state. Ah, so do we have architectures where entries in protection_map[] are already dirty? If those are valid, maybe the check should be: WARN_ON(!pte_dirty(pte) && pte_dirty(pte_wrprotect(pte))); > Instead, should we just add the following two tests, which would ensure > that pte_wrprotect() never alters the dirty state of a page table entry= . >=20 > WARN_ON(!pte_dirty(pte_wrprotect(pte_mkdirty(pte)))); > WARN_ON(pte_dirty(pte_wrprotect(pte_mkclean(pte)))); These should be added as additional tests. However, my initial thought was to check whether pte_wrprotect() on a new pte created from a protection_map[] entry directly would inadvertently dirty it. On arm64, that means a protection_map[] entry missing PTE_RDONLY. A pte_mkclean() would set PTE_RDONLY, so we'd miss such check. --=20 Catalin