From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 420CCC64E90 for ; Mon, 30 Nov 2020 11:02:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0DBF7207F7 for ; Mon, 30 Nov 2020 11:02:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728899AbgK3LCp (ORCPT ); Mon, 30 Nov 2020 06:02:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:38664 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726345AbgK3LCo (ORCPT ); Mon, 30 Nov 2020 06:02:44 -0500 Received: from gaia (unknown [95.146.230.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 730F02087C; Mon, 30 Nov 2020 11:02:02 +0000 (UTC) Date: Mon, 30 Nov 2020 11:01:59 +0000 From: Catalin Marinas To: Anshuman Khandual Cc: Christophe Leroy , linux-mm@kvack.org, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, steven.price@arm.com, gerald.schaefer@linux.ibm.com, vgupta@synopsys.com, paul.walmsley@sifive.com Subject: Re: [PATCH 1/2] mm/debug_vm_pgtable/basic: Add validation for dirtiness after write protect Message-ID: <20201130110159.GB3902@gaia> References: <1606453584-15399-1-git-send-email-anshuman.khandual@arm.com> <1606453584-15399-2-git-send-email-anshuman.khandual@arm.com> <20201127094421.GA25070@gaia> <9d9e5c8b-08f6-9ed4-074c-3dafc8fa3717@arm.com> <20201130093841.GA3902@gaia> <171a4e71-b1ab-3ff5-7088-54781d960b2a@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <171a4e71-b1ab-3ff5-7088-54781d960b2a@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 30, 2020 at 04:28:20PM +0530, Anshuman Khandual wrote: > On 11/30/20 3:08 PM, Catalin Marinas wrote: > > On Mon, Nov 30, 2020 at 09:55:00AM +0530, Anshuman Khandual wrote: > >> On 11/27/20 3:14 PM, Catalin Marinas wrote: > >>> On Fri, Nov 27, 2020 at 09:22:24AM +0100, Christophe Leroy wrote: > >>>> Le 27/11/2020 à 06:06, Anshuman Khandual a écrit : > >>>>> This adds validation tests for dirtiness after write protect conversion for > >>>>> each page table level. This is important for platforms such as arm64 that > >>>>> removes the hardware dirty bit while making it an write protected one. This > >>>>> also fixes pxx_wrprotect() related typos in the documentation file. > >>>> > >>>>> diff --git a/mm/debug_vm_pgtable.c b/mm/debug_vm_pgtable.c > >>>>> index c05d9dcf7891..a5be11210597 100644 > >>>>> --- a/mm/debug_vm_pgtable.c > >>>>> +++ b/mm/debug_vm_pgtable.c > >>>>> @@ -70,6 +70,7 @@ static void __init pte_basic_tests(unsigned long pfn, pgprot_t prot) > >>>>> WARN_ON(pte_young(pte_mkold(pte_mkyoung(pte)))); > >>>>> WARN_ON(pte_dirty(pte_mkclean(pte_mkdirty(pte)))); > >>>>> WARN_ON(pte_write(pte_wrprotect(pte_mkwrite(pte)))); > >>>>> + WARN_ON(pte_dirty(pte_wrprotect(pte))); > >>>> > >>>> Wondering what you are testing here exactly. > >>>> > >>>> Do you expect that if PTE has the dirty bit, it gets cleared by > >>>> pte_wrprotect() ? > >>>> > >>>> Powerpc doesn't do that, it only clears the RW bit but the dirty > >>>> bit remains if it is set, until you call pte_mkclean() explicitely. > >>> > >>> Arm64 has an unusual way of setting a hardware dirty "bit", it actually > >>> clears the PTE_RDONLY bit. The pte_wrprotect() sets the PTE_RDONLY bit > >>> back and we can lose the dirty information. Will found this and posted > >>> patches to fix the arm64 pte_wprotect() to set a software PTE_DIRTY if > >>> !PTE_RDONLY (we do this for ptep_set_wrprotect() already). My concern > >>> was that we may inadvertently make a fresh/clean pte dirty with such > >>> change, hence the suggestion for the test. > >>> > >>> That said, I think we also need a test in the other direction, > >>> pte_wrprotect() should preserve any dirty information: > >>> > >>> WARN_ON(!pte_dirty(pte_wrprotect(pte_mkdirty(pte)))); > >> > >> This seems like a generic enough principle which all platforms should > >> adhere to. But the proposed test WARN_ON(pte_dirty(pte_wrprotect(pte))) > >> might fail on some platforms if the page table entry came in as a dirty > >> one and pte_wrprotect() is not expected to alter the dirty state. > > > > Ah, so do we have architectures where entries in protection_map[] are > > already dirty? If those are valid, maybe the check should be: > > Okay, I did not imply that actually. The current position for these new > tests in respective pxx_basic_tests() functions is right at the end and > hence the pxx might have already gone through some changes from the time > it was originally created with pfn_pxx(). The entry here is not starting > from the beginning. It is not expected as well, per design. So dirty bit > might or might not be there depending on all the previous test sequences > leading upto these new ones. > > IIUC, Christophe mentioned the fact that on platforms like powerpc, dirty > bit just remains unchanged during pte_wprotect(). So the current test > WARN_ON(pte_dirty(pte_wrprotect(pte))) will not work on powerpc if the > previous tests leading upto that point has got the dirty bit set. This is > irrespective of how it was created with pfn_pte() from protection_map[] > originally at the beginning. [...] > To achieve this, we could move the test right at the beginning just after > the pxx gets created from protection_map[], with a comment explaining the > rationale. OK, this makes sense. Thanks for the clarification. -- Catalin