From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BE03C433DB for ; Thu, 18 Feb 2021 19:46:33 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9ECDF64EAF for ; Thu, 18 Feb 2021 19:46:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9ECDF64EAF Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 132786B0006; Thu, 18 Feb 2021 14:46:32 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0E3AD6B006C; Thu, 18 Feb 2021 14:46:32 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F13B96B006E; Thu, 18 Feb 2021 14:46:31 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0042.hostedemail.com [216.40.44.42]) by kanga.kvack.org (Postfix) with ESMTP id DCD8E6B0006 for ; Thu, 18 Feb 2021 14:46:31 -0500 (EST) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 98ED152C5 for ; Thu, 18 Feb 2021 19:46:31 +0000 (UTC) X-FDA: 77832420582.27.5CF14BD Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by imf01.hostedemail.com (Postfix) with ESMTP id 5D056200034B for ; Thu, 18 Feb 2021 19:46:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613677590; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+ZmGAzUC+8dwc8omdud3uVAWf0zcvuutIq5VHsAV4q0=; b=MK360Jwkvs8EQWcgmw7fj/uTTbYVdrRd28iq6u4x9NyveBgSV1sCp5fvmOo2tIZDHEAqDN nJqmRkyMYFmsdJN9YYLWzXh77SquoDBtJhhuXNEepLSpn4cMZupN0tdpEb08hqUlZbVDOp jAgIOFgPGZBIHsTMu6Lq4bkJQpMCue8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-601-55MMnnLmMF2NSFx3LYxoGg-1; Thu, 18 Feb 2021 14:46:25 -0500 X-MC-Unique: 55MMnnLmMF2NSFx3LYxoGg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B8721C297; Thu, 18 Feb 2021 19:46:22 +0000 (UTC) Received: from [10.36.114.59] (ovpn-114-59.ams2.redhat.com [10.36.114.59]) by smtp.corp.redhat.com (Postfix) with ESMTP id AB0E410016DB; Thu, 18 Feb 2021 19:46:18 +0000 (UTC) Subject: Re: [PATCH] mm, kasan: don't poison boot memory To: Andrey Konovalov Cc: Andrew Morton , Catalin Marinas , Vincenzo Frascino , Dmitry Vyukov , George Kennedy , Konrad Rzeszutek Wilk , Will Deacon , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Peter Collingbourne , Evgenii Stepanov , Branislav Rankov , Kevin Brodsky , Christoph Hellwig , kasan-dev , Linux ARM , Linux Memory Management List , LKML References: <487751e1ccec8fcd32e25a06ce000617e96d7ae1.1613595269.git.andreyknvl@google.com> From: David Hildenbrand Organization: Red Hat GmbH Message-ID: <509c1c80-bb2c-0c5c-ffa3-939ca40d2646@redhat.com> Date: Thu, 18 Feb 2021 20:46:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 5D056200034B X-Stat-Signature: 3dh4ekkzwnrf8hfyzs1mkmrromyi1ixm Received-SPF: none (redhat.com>: No applicable sender policy available) receiver=imf01; identity=mailfrom; envelope-from=""; helo=us-smtp-delivery-124.mimecast.com; client-ip=216.205.24.124 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1613677590-678815 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 18.02.21 20:40, Andrey Konovalov wrote: > On Thu, Feb 18, 2021 at 9:55 AM David Hildenbrand wrote: >> >> On 17.02.21 21:56, Andrey Konovalov wrote: >>> During boot, all non-reserved memblock memory is exposed to the buddy >>> allocator. Poisoning all that memory with KASAN lengthens boot time, >>> especially on systems with large amount of RAM. This patch makes >>> page_alloc to not call kasan_free_pages() on all new memory. >>> >>> __free_pages_core() is used when exposing fresh memory during system >>> boot and when onlining memory during hotplug. This patch adds a new >>> FPI_SKIP_KASAN_POISON flag and passes it to __free_pages_ok() through >>> free_pages_prepare() from __free_pages_core(). >>> >>> This has little impact on KASAN memory tracking. >>> >>> Assuming that there are no references to newly exposed pages before they >>> are ever allocated, there won't be any intended (but buggy) accesses to >>> that memory that KASAN would normally detect. >>> >>> However, with this patch, KASAN stops detecting wild and large >>> out-of-bounds accesses that happen to land on a fresh memory page that >>> was never allocated. This is taken as an acceptable trade-off. >>> >>> All memory allocated normally when the boot is over keeps getting >>> poisoned as usual. >>> >>> Signed-off-by: Andrey Konovalov >>> Change-Id: Iae6b1e4bb8216955ffc14af255a7eaaa6f35324d >> >> Not sure this is the right thing to do, see >> >> https://lkml.kernel.org/r/bcf8925d-0949-3fe1-baa8-cc536c529860@oracle.com >> >> Reversing the order in which memory gets allocated + used during boot >> (in a patch by me) might have revealed an invalid memory access during boot. >> >> I suspect that that issue would no longer get detected with your patch, >> as the invalid memory access would simply not get detected. Now, I >> cannot prove that :) > > This looks like a good example. > > Ok, what we can do is: > > 1. For KASAN_GENERIC: leave everything as is to be able to detect > these boot-time bugs. > > 2. For KASAN_SW_TAGS: remove boot-time poisoning via > kasan_free_pages(), but use the "invalid" tag as the default shadow > value. The end result should be the same: bad accesses will be > detected. For unallocated memory as it has the default "invalid" tag, > and for allocated memory as it's poisoned properly when > allocated/freed. > > 3. For KASAN_HW_TAGS: just remove boot-time poisoning via > kasan_free_pages(). As the memory tags have a random unspecified > value, we'll still have a 15/16 chance to detect a memory corruption. > > This also makes sense from the performance perspective: KASAN_GENERIC > isn't meant to be running in production, so having a larger perf > impact is acceptable. The other two modes will be faster. Sounds in principle sane to me. Side note: I am not sure if anybody runs KASAN in production. Memory is expensive. Feel free to prove me wrong, I'd be very interest in actual users. -- Thanks, David / dhildenb