From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "will@kernel.org" <will@kernel.org>, "rppt@kernel.org" <rppt@kernel.org>
Cc: "benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"david@redhat.com" <david@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"paulus@samba.org" <paulus@samba.org>,
"pavel@ucw.cz" <pavel@ucw.cz>, "hpa@zytor.com" <hpa@zytor.com>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"cl@linux.com" <cl@linux.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
"x86@kernel.org" <x86@kernel.org>,
"rppt@linux.ibm.com" <rppt@linux.ibm.com>,
"borntraeger@de.ibm.com" <borntraeger@de.ibm.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"rientjes@google.com" <rientjes@google.com>,
"Brown, Len" <len.brown@intel.com>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"hca@linux.ibm.com" <hca@linux.ibm.com>,
"bp@alien8.de" <bp@alien8.de>,
"luto@kernel.org" <luto@kernel.org>,
"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>,
"kirill@shutemov.name" <kirill@shutemov.name>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"rjw@rjwysocki.net" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"penberg@kernel.org" <penberg@kernel.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: [PATCH 0/4] arch, mm: improve robustness of direct map manipulation
Date: Wed, 28 Oct 2020 21:03:31 +0000 [thread overview]
Message-ID: <9e77d0a939eda3029d6ae89bd14d7f1465b0559d.camel@intel.com> (raw)
In-Reply-To: <20201028113059.GG1428094@kernel.org>
On Wed, 2020-10-28 at 13:30 +0200, Mike Rapoport wrote:
> On Wed, Oct 28, 2020 at 11:20:12AM +0000, Will Deacon wrote:
> > On Tue, Oct 27, 2020 at 10:38:16AM +0200, Mike Rapoport wrote:
> > > On Mon, Oct 26, 2020 at 06:05:30PM +0000, Edgecombe, Rick P
> > > wrote:
> > > > On Mon, 2020-10-26 at 11:05 +0200, Mike Rapoport wrote:
> > > > > On Mon, Oct 26, 2020 at 01:13:52AM +0000, Edgecombe, Rick P
> > > > > wrote:
> > > > > > On Sun, 2020-10-25 at 12:15 +0200, Mike Rapoport wrote:
> > > > > > > Indeed, for architectures that define
> > > > > > > CONFIG_ARCH_HAS_SET_DIRECT_MAP
> > > > > > > it is
> > > > > > > possible that __kernel_map_pages() would fail, but since
> > > > > > > this
> > > > > > > function is
> > > > > > > void, the failure will go unnoticed.
> > > > > >
> > > > > > Could you elaborate on how this could happen? Do you mean
> > > > > > during
> > > > > > runtime today or if something new was introduced?
> > > > >
> > > > > A failure in__kernel_map_pages() may happen today. For
> > > > > instance, on
> > > > > x86
> > > > > if the kernel is built with DEBUG_PAGEALLOC.
> > > > >
> > > > > __kernel_map_pages(page, 1, 0);
> > > > >
> > > > > will need to split, say, 2M page and during the split an
> > > > > allocation
> > > > > of
> > > > > page table could fail.
> > > >
> > > > On x86 at least, DEBUG_PAGEALLOC expects to never have to break
> > > > a page
> > > > on the direct map and even disables locking in cpa because it
> > > > assumes
> > > > this. If this is happening somehow anyway then we should
> > > > probably fix
> > > > that. Even if it's a debug feature, it will not be as useful if
> > > > it is
> > > > causing its own crashes.
> > > >
> > > > I'm still wondering if there is something I'm missing here. It
> > > > seems
> > > > like you are saying there is a bug in some arch's, so let's add
> > > > a WARN
> > > > in cross-arch code to log it as it crashes. A warn and making
> > > > things
> > > > clearer seem like good ideas, but if there is a bug we should
> > > > fix it.
> > > > The code around the callers still functionally assume re-
> > > > mapping can't
> > > > fail.
> > >
> > > Oh, I've meant x86 kernel *without* DEBUG_PAGEALLOC, and indeed
> > > the call
> > > that unmaps pages back in safe_copy_page will just reset a 4K
> > > page to
> > > NP because whatever made it NP at the first place already did the
> > > split.
> > >
> > > Still, on arm64 with DEBUG_PAGEALLOC=n there is a possibility of
> > > a race
> > > between map/unmap dance in __vunmap() and safe_copy_page() that
> > > may
> > > cause access to unmapped memory:
> > >
> > > __vunmap()
> > > vm_remove_mappings()
> > > set_direct_map_invalid()
> > > safe_copy_page()
> > > __kernel_map_pages()
> > > return
> > > do_copy_page() -> fault
> > >
> > > This is a theoretical bug, but it is still not nice :)
> > >
> >
> > Just to clarify: this patch series fixes this problem, right?
>
> Yes.
>
Well, now I'm confused again.
As David pointed, __vunmap() should not be executing simultaneously
with the hibernate operation because hibernate can't snapshot while
data it needs to save is still updating. If a thread was paused when a
page was in an "invalid" state, it should be remapped by hibernate
before the copy.
To level set, before reading this mail, my takeaways from the
discussions on potential hibernate/debug page alloc problems were:
Potential RISC-V issue:
Doesn't have hibernate support
Potential ARM issue:
The logic around when it's cpa determines pages might be unmapped looks
correct for current callers.
Potential x86 page break issue:
Seems to be ok for now, but a new set_memory_np() caller could violate
assumptions in hibernate.
Non-obvious thorny logic:
General agreement it would be good to separate dependencies.
Behavior of V1 of this patchset:
No functional change other than addition of a warn in hibernate.
So "does this fix the problem", "yes" leaves me a bit confused... Not
saying there couldn't be any problems, especially due to the thorniness
and cross arch stride, but what is it exactly and how does this series
fix it?
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2020-10-28 21:04 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-25 10:15 [PATCH 0/4] arch, mm: improve robustness of direct map manipulation Mike Rapoport
2020-10-25 10:15 ` [PATCH 1/4] mm: introduce debug_pagealloc_map_pages() helper Mike Rapoport
2020-10-26 11:05 ` David Hildenbrand
2020-10-26 11:54 ` Mike Rapoport
2020-10-26 11:55 ` David Hildenbrand
2020-10-25 10:15 ` [PATCH 2/4] PM: hibernate: improve robustness of mapping pages in the direct map Mike Rapoport
2020-10-26 0:38 ` Edgecombe, Rick P
2020-10-26 9:15 ` Mike Rapoport
2020-10-26 18:57 ` Edgecombe, Rick P
2020-10-27 8:49 ` Mike Rapoport
2020-10-27 22:44 ` Edgecombe, Rick P
2020-10-28 9:41 ` Mike Rapoport
2020-10-27 1:10 ` Edgecombe, Rick P
2020-10-28 21:15 ` Edgecombe, Rick P
2020-10-29 7:54 ` Mike Rapoport
2020-10-29 23:19 ` Edgecombe, Rick P
2020-11-01 17:02 ` Mike Rapoport
2020-10-25 10:15 ` [PATCH 3/4] arch, mm: restore dependency of __kernel_map_pages() of DEBUG_PAGEALLOC Mike Rapoport
2020-10-25 10:15 ` [PATCH 4/4] arch, mm: make kernel_page_present() always available Mike Rapoport
2020-10-26 0:54 ` Edgecombe, Rick P
2020-10-26 9:31 ` Mike Rapoport
2020-10-26 1:13 ` [PATCH 0/4] arch, mm: improve robustness of direct map manipulation Edgecombe, Rick P
2020-10-26 9:05 ` Mike Rapoport
2020-10-26 18:05 ` Edgecombe, Rick P
2020-10-27 8:38 ` Mike Rapoport
2020-10-27 8:46 ` David Hildenbrand
2020-10-27 9:47 ` Mike Rapoport
2020-10-27 10:34 ` David Hildenbrand
2020-10-28 11:09 ` Mike Rapoport
2020-10-28 11:17 ` David Hildenbrand
2020-10-28 12:22 ` Mike Rapoport
2020-10-28 18:31 ` Edgecombe, Rick P
2020-10-28 11:20 ` Will Deacon
2020-10-28 11:30 ` Mike Rapoport
2020-10-28 21:03 ` Edgecombe, Rick P [this message]
2020-10-29 8:12 ` Mike Rapoport
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 8:15 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e77d0a939eda3029d6ae89bd14d7f1465b0559d.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=akpm@linux-foundation.org \
--cc=aou@eecs.berkeley.edu \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=david@redhat.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kirill@shutemov.name \
--cc=len.brown@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=paulus@samba.org \
--cc=pavel@ucw.cz \
--cc=penberg@kernel.org \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=rjw@rjwysocki.net \
--cc=rppt@kernel.org \
--cc=rppt@linux.ibm.com \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).