Re: [RFC 0/8] Hardening page _refcount

[RFC 0/8] Hardening page _refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
[RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Matthew Wilcox <willy@infradead.org> · 2021-10-26
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-27
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Matthew Wilcox <willy@infradead.org> · 2021-10-27
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-27
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Muchun Song <hidden> · 2021-10-27
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-27
Re: [RFC 1/8] mm: add overflow and underflow checks for page->_refcount · Muchun Song <hidden> · 2021-10-28
[RFC 2/8] mm/hugetlb: remove useless set_page_count() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 2/8] mm/hugetlb: remove useless set_page_count() · Mike Kravetz <hidden> · 2021-10-26
Re: [RFC 2/8] mm/hugetlb: remove useless set_page_count() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 2/8] mm/hugetlb: remove useless set_page_count() · Mike Kravetz <hidden> · 2021-10-26
[RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-10-26
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-10-26
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-10-27
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-27
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-10-28
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-10-28
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-11-01
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-11-01
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-11-01
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-11-01
Re: [RFC 3/8] mm: Avoid using set_page_count() in set_page_recounted() · John Hubbard <jhubbard@nvidia.com> · 2021-11-01
[RFC 4/8] mm: remove set_page_count() from page_frag_alloc_align · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
[RFC 5/8] mm: avoid using set_page_count() when pages are freed into allocator · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
[RFC 6/8] mm: rename init_page_count() -> page_ref_init() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 6/8] mm: rename init_page_count() -> page_ref_init() · Geert Uytterhoeven <geert@linux-m68k.org> · 2021-10-27
[RFC 7/8] mm: remove set_page_count() · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
[RFC 8/8] mm: simplify page_ref_* functions · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 0/8] Hardening page _refcount · Matthew Wilcox <willy@infradead.org> · 2021-10-26
Re: [RFC 0/8] Hardening page _refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26
Re: [RFC 0/8] Hardening page _refcount · Matthew Wilcox <willy@infradead.org> · 2021-10-26
Re: [RFC 0/8] Hardening page _refcount · Pasha Tatashin <pasha.tatashin@soleen.com> · 2021-10-26

From: Matthew Wilcox <willy@infradead.org>
Date: 2021-10-26 18:24:37
Also in: linux-m68k, lkml

On Tue, Oct 26, 2021 at 05:38:14PM +0000, Pasha Tatashin wrote:

It is hard to root cause _refcount problems, because they usually
manifest after the damage has occurred.  Yet, they can lead to
catastrophic failures such memory corruptions.

Improve debugability by adding more checks that ensure that
page->_refcount never turns negative (i.e. double free does not
happen, or free after freeze etc).

- Check for overflow and underflow right from the functions that
  modify _refcount
- Remove set_page_count(), so we do not unconditionally overwrite
  _refcount with an unrestrained value
- Trace return values in all functions that modify _refcount

I think this is overkill.  Won't we get exactly the same protection
by simply testing that page->_refcount == 0 in set_page_count()?
Anything which triggers that BUG_ON would already be buggy because
it can race with speculative gets.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help