linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Mark Rutland <mark.rutland@arm.com>
To: Daniel Axtens <dja@axtens.net>
Cc: kasan-dev@googlegroups.com, linux-mm@kvack.org, x86@kernel.org,
	aryabinin@virtuozzo.com, glider@google.com, luto@kernel.org,
	linux-kernel@vger.kernel.org, dvyukov@google.com,
	linuxppc-dev@lists.ozlabs.org, gor@linux.ibm.com
Subject: Re: [PATCH v4 0/3] kasan: support backing vmalloc space with real shadow memory
Date: Thu, 15 Aug 2019 12:28:44 +0100	[thread overview]
Message-ID: <20190815112844.GC22153@lakrids.cambridge.arm.com> (raw)
In-Reply-To: <20190815001636.12235-1-dja@axtens.net>

On Thu, Aug 15, 2019 at 10:16:33AM +1000, Daniel Axtens wrote:
> Currently, vmalloc space is backed by the early shadow page. This
> means that kasan is incompatible with VMAP_STACK, and it also provides
> a hurdle for architectures that do not have a dedicated module space
> (like powerpc64).
> 
> This series provides a mechanism to back vmalloc space with real,
> dynamically allocated memory. I have only wired up x86, because that's
> the only currently supported arch I can work with easily, but it's
> very easy to wire up other architectures.

I'm happy to send patches for arm64 once we've settled some conflicting
rework going on for 52-bit VA support.

> 
> This has been discussed before in the context of VMAP_STACK:
>  - https://bugzilla.kernel.org/show_bug.cgi?id=202009
>  - https://lkml.org/lkml/2018/7/22/198
>  - https://lkml.org/lkml/2019/7/19/822
> 
> In terms of implementation details:
> 
> Most mappings in vmalloc space are small, requiring less than a full
> page of shadow space. Allocating a full shadow page per mapping would
> therefore be wasteful. Furthermore, to ensure that different mappings
> use different shadow pages, mappings would have to be aligned to
> KASAN_SHADOW_SCALE_SIZE * PAGE_SIZE.
> 
> Instead, share backing space across multiple mappings. Allocate
> a backing page the first time a mapping in vmalloc space uses a
> particular page of the shadow region. Keep this page around
> regardless of whether the mapping is later freed - in the mean time
> the page could have become shared by another vmalloc mapping.
> 
> This can in theory lead to unbounded memory growth, but the vmalloc
> allocator is pretty good at reusing addresses, so the practical memory
> usage appears to grow at first but then stay fairly stable.
> 
> If we run into practical memory exhaustion issues, I'm happy to
> consider hooking into the book-keeping that vmap does, but I am not
> convinced that it will be an issue.

FWIW, I haven't spotted such memory exhaustion after a week of Syzkaller
fuzzing with the last patchset, across 3 machines, so that sounds fine
to me.

Otherwise, this looks good to me now! For the x86 and fork patch, feel
free to add:

Acked-by: Mark Rutland <mark.rutland@arm.com>

Mark.

> 
> v1: https://lore.kernel.org/linux-mm/20190725055503.19507-1-dja@axtens.net/
> v2: https://lore.kernel.org/linux-mm/20190729142108.23343-1-dja@axtens.net/
>  Address review comments:
>  - Patch 1: use kasan_unpoison_shadow's built-in handling of
>             ranges that do not align to a full shadow byte
>  - Patch 3: prepopulate pgds rather than faulting things in
> v3: https://lore.kernel.org/linux-mm/20190731071550.31814-1-dja@axtens.net/
>  Address comments from Mark Rutland:
>  - kasan_populate_vmalloc is a better name
>  - handle concurrency correctly
>  - various nits and cleanups
>  - relax module alignment in KASAN_VMALLOC case
> v4: Changes to patch 1 only:
>  - Integrate Mark's rework, thanks Mark!
>  - handle the case where kasan_populate_shadow might fail
>  - poision shadow on free, allowing the alloc path to just
>      unpoision memory that it uses
> 
> Daniel Axtens (3):
>   kasan: support backing vmalloc space with real shadow memory
>   fork: support VMAP_STACK with KASAN_VMALLOC
>   x86/kasan: support KASAN_VMALLOC
> 
>  Documentation/dev-tools/kasan.rst | 60 +++++++++++++++++++++++++++
>  arch/Kconfig                      |  9 +++--
>  arch/x86/Kconfig                  |  1 +
>  arch/x86/mm/kasan_init_64.c       | 61 ++++++++++++++++++++++++++++
>  include/linux/kasan.h             | 24 +++++++++++
>  include/linux/moduleloader.h      |  2 +-
>  include/linux/vmalloc.h           | 12 ++++++
>  kernel/fork.c                     |  4 ++
>  lib/Kconfig.kasan                 | 16 ++++++++
>  lib/test_kasan.c                  | 26 ++++++++++++
>  mm/kasan/common.c                 | 67 +++++++++++++++++++++++++++++++
>  mm/kasan/generic_report.c         |  3 ++
>  mm/kasan/kasan.h                  |  1 +
>  mm/vmalloc.c                      | 28 ++++++++++++-
>  14 files changed, 308 insertions(+), 6 deletions(-)
> 
> -- 
> 2.20.1
> 


      parent reply	other threads:[~2019-08-15 11:28 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-15  0:16 [PATCH v4 0/3] kasan: support backing vmalloc space with real shadow memory Daniel Axtens
2019-08-15  0:16 ` [PATCH v4 1/3] " Daniel Axtens
2019-08-16  7:47   ` Christophe Leroy
2019-08-16 17:08     ` Mark Rutland
2019-08-16 17:41       ` Andy Lutomirski
2019-08-19 10:15         ` Mark Rutland
2019-08-19  3:58       ` Daniel Axtens
2019-08-19 22:20         ` Andy Lutomirski
2019-08-15  0:16 ` [PATCH v4 2/3] fork: support VMAP_STACK with KASAN_VMALLOC Daniel Axtens
2019-08-15  0:16 ` [PATCH v4 3/3] x86/kasan: support KASAN_VMALLOC Daniel Axtens
2019-08-16  8:04   ` Christophe Leroy
2019-08-15 11:28 ` Mark Rutland [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190815112844.GC22153@lakrids.cambridge.arm.com \
    --to=mark.rutland@arm.com \
    --cc=aryabinin@virtuozzo.com \
    --cc=dja@axtens.net \
    --cc=dvyukov@google.com \
    --cc=glider@google.com \
    --cc=gor@linux.ibm.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=luto@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).