From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=lBLU=KV=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-19.8 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1,
	USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26BBCC2B9F7
	for <linux-mm@archiver.kernel.org>; Wed, 26 May 2021 10:12:33 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D277E613AB
	for <linux-mm@archiver.kernel.org>; Wed, 26 May 2021 10:12:32 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D277E613AB
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 0E11B6B0070; Wed, 26 May 2021 06:12:32 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 090356B0071; Wed, 26 May 2021 06:12:32 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E4B066B0072; Wed, 26 May 2021 06:12:31 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0069.hostedemail.com [216.40.44.69])
	by kanga.kvack.org (Postfix) with ESMTP id A6AAD6B0070
	for <linux-mm@kvack.org>; Wed, 26 May 2021 06:12:31 -0400 (EDT)
Received: from smtpin38.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 3977F8249980
	for <linux-mm@kvack.org>; Wed, 26 May 2021 10:12:31 +0000 (UTC)
X-FDA: 78182967702.38.8D30BD2
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47])
	by imf15.hostedemail.com (Postfix) with ESMTP id C68B7A0001C8
	for <linux-mm@kvack.org>; Wed, 26 May 2021 10:12:26 +0000 (UTC)
Received: by mail-wm1-f47.google.com with SMTP id b191so394517wmd.1
        for <linux-mm@kvack.org>; Wed, 26 May 2021 03:12:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=ORUbrgb2hImgyzC/Ql6sac6MWYkFqD0t9FCM4LD49w4=;
        b=l6C2fhuJmUKv63+BBXr0nJgy6CTe7BixGMgvwO9M2FRsv/OGGMz3hPT4rjDoLbtClq
         yBRC1nQ5wDggGwN2vcXtatvWJXMvWUUxGuUefkCGRYehOWz9YofyfHhdXN+F9NReEO0P
         /MOJXRK2qbTcngPNpmoEN348bXWjTMvcLbNDL1rAAUr1RxdBWDr/uvb3bG7bK1TsMQX8
         ne+Y101/EDeEqPzSKfQXZ/cM+k+Ua54k6+bchRTMmuE8UyBVVIvBBIoiOzGzucIPpDF4
         5Y08lckwHE9bE7wzSzzjCzDw6FPh3S+yCZ6rG5GE6w3wnD9HivMewszPb4xTd7t+UXNI
         fvHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=ORUbrgb2hImgyzC/Ql6sac6MWYkFqD0t9FCM4LD49w4=;
        b=OsMpFuJll93gfXWXzoPQx2mNO+PwJScmqRxaNMqAbYHLDsZACGjkUgdILwOPNGPmtD
         RDsjHKaQOcFq+ihkGF+T+g9I5w88nE5CozACJHjk3IJ/5L2GPQ+HvRRoD7ZsV5DWH9jY
         +hWobnAFMMZkcup23N7rqTDZC/iRhiyhVrUflik5Twfv2niybBJw0+IMqcq9Ba/jLwaY
         7QyyAbFQqX1LvdSrn+haiPyLmgXBkuZhWw3lGzqEn3g4oFDcm1G0mgQLS+ytu0PjFvXz
         qOds/QKuoIk5qmVNaDJNYeSJJ0VJV0yci1kIbg77ClLmeGaB+u/InEf1zkGpGu40PMny
         uywg==
X-Gm-Message-State: AOAM532LXAhhyhAaCtWr15EdWctHAy97khzuHDk9NMZJmfPpO/mMOIPK
	TgwCtWfGeLTwYTQu4TZItVS+5Q==
X-Google-Smtp-Source: ABdhPJyfuVgkBn3qeKPgc7SD6M3E3x6Ghl2Mu01ryqrvqMyzTQhWBOMMhCyvFTQ8mtzo5Vanus/3Mw==
X-Received: by 2002:a7b:c446:: with SMTP id l6mr2541346wmi.75.1622023949427;
        Wed, 26 May 2021 03:12:29 -0700 (PDT)
Received: from elver.google.com ([2a00:79e0:15:13:cd98:de82:208c:cbdb])
        by smtp.gmail.com with ESMTPSA id u18sm6717455wmj.15.2021.05.26.03.12.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 26 May 2021 03:12:28 -0700 (PDT)
Date: Wed, 26 May 2021 12:12:22 +0200
From: Marco Elver <elver@google.com>
To: Peter Collingbourne <pcc@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
	Alexander Potapenko <glider@google.com>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Vincenzo Frascino <vincenzo.frascino@arm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Evgenii Stepanov <eugenis@google.com>, linux-mm@kvack.org,
	linux-arm-kernel@lists.infradead.org, kasan-dev@googlegroups.com
Subject: Re: [PATCH v3 1/3] kasan: use separate (un)poison implementation for
 integrated init
Message-ID: <YK4fBogA/rzxEF1f@elver.google.com>
References: <cover.1620849613.git.pcc@google.com>
 <78af73393175c648b4eb10312825612f6e6889f6.1620849613.git.pcc@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <78af73393175c648b4eb10312825612f6e6889f6.1620849613.git.pcc@google.com>
User-Agent: Mutt/2.0.5 (2021-01-21)
Authentication-Results: imf15.hostedemail.com;
	dkim=pass header.d=google.com header.s=20161025 header.b=l6C2fhuJ;
	spf=pass (imf15.hostedemail.com: domain of elver@google.com designates 209.85.128.47 as permitted sender) smtp.mailfrom=elver@google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-Rspamd-Server: rspam01
X-Rspamd-Queue-Id: C68B7A0001C8
X-Stat-Signature: 7u7epjdggrio8rzmnwjg8mgka479e7hq
X-HE-Tag: 1622023946-590779
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, May 12, 2021 at 01:09PM -0700, Peter Collingbourne wrote:
[...] 
> +void kasan_alloc_pages(struct page *page, unsigned int order, gfp_t flags);
> +void kasan_free_pages(struct page *page, unsigned int order);
> +
>  #else /* CONFIG_KASAN_HW_TAGS */
>  
>  static inline bool kasan_enabled(void)
>  {
> +#ifdef CONFIG_KASAN
>  	return true;
> +#else
> +	return false;
> +#endif
>  }

Just

	return IS_ENABLED(CONFIG_KASAN);

>  static inline bool kasan_has_integrated_init(void)
> @@ -113,8 +113,30 @@ static inline bool kasan_has_integrated_init(void)
>  	return false;
>  }
>  
> +static __always_inline void kasan_alloc_pages(struct page *page,
> +					      unsigned int order, gfp_t flags)
> +{
> +	/* Only available for integrated init. */
> +	BUILD_BUG();
> +}
> +
> +static __always_inline void kasan_free_pages(struct page *page,
> +					     unsigned int order)
> +{
> +	/* Only available for integrated init. */
> +	BUILD_BUG();
> +}

This *should* always work, as long as the compiler optimizes everything
like we expect.

But: In this case, I think this is sign that the interface design can be
improved. Can we just make kasan_{alloc,free}_pages() return a 'bool
__must_check' to indicate if kasan takes care of init?

The variants here would simply return kasan_has_integrated_init().

That way, there'd be no need for the BUILD_BUG()s and the interface
becomes harder to misuse by design.

Also, given that kasan_{alloc,free}_pages() initializes memory, this is
an opportunity to just give them a better name. Perhaps

	/* Returns true if KASAN took care of initialization, false otherwise. */
	bool __must_check kasan_alloc_pages_try_init(struct page *page, unsigned int order, gfp_t flags);
	bool __must_check kasan_free_pages_try_init(struct page *page, unsigned int order);

[...]
> -	init = want_init_on_free();
> -	if (init && !kasan_has_integrated_init())
> -		kernel_init_free_pages(page, 1 << order);
> -	kasan_free_nondeferred_pages(page, order, init, fpi_flags);
> +	if (kasan_has_integrated_init()) {
> +		if (!skip_kasan_poison)
> +			kasan_free_pages(page, order);

I think kasan_free_pages() could return a bool, and this would become

	if (skip_kasan_poison || !kasan_free_pages(...)) {
		...

> +	} else {
> +		bool init = want_init_on_free();
> +
> +		if (init)
> +			kernel_init_free_pages(page, 1 << order);
> +		if (!skip_kasan_poison)
> +			kasan_poison_pages(page, order, init);
> +	}
>  
>  	/*
>  	 * arch_free_page() can make the page's contents inaccessible.  s390
> @@ -2324,8 +2324,6 @@ static bool check_new_pages(struct page *page, unsigned int order)
>  inline void post_alloc_hook(struct page *page, unsigned int order,
>  				gfp_t gfp_flags)
>  {
> -	bool init;
> -
>  	set_page_private(page, 0);
>  	set_page_refcounted(page);
>  
> @@ -2344,10 +2342,16 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
>  	 * kasan_alloc_pages and kernel_init_free_pages must be
>  	 * kept together to avoid discrepancies in behavior.
>  	 */
> -	init = !want_init_on_free() && want_init_on_alloc(gfp_flags);
> -	kasan_alloc_pages(page, order, init);
> -	if (init && !kasan_has_integrated_init())
> -		kernel_init_free_pages(page, 1 << order);
> +	if (kasan_has_integrated_init()) {
> +		kasan_alloc_pages(page, order, gfp_flags);

It looks to me that kasan_alloc_pages() could return a bool, and this
would become

	if (!kasan_alloc_pages(...)) {
		...

> +	} else {
> +		bool init =
> +			!want_init_on_free() && want_init_on_alloc(gfp_flags);
> +

[ No need for line-break (for cases like this the kernel is fine with up
to 100 cols if it improves readability). ]

> +		kasan_unpoison_pages(page, order, init);
> +		if (init)
> +			kernel_init_free_pages(page, 1 << order);
> +	}

Thoughts?

Thanks,
-- Marco