| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jan 2022 11:46:37 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Borislav Petkov <bp@...en8.de>,
Andy Lutomirski <luto@...nel.org>,
Sean Christopherson <seanjc@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Joerg Roedel <jroedel@...e.de>,
Ard Biesheuvel <ardb@...nel.org>
Cc: Andi Kleen <ak@...ux.intel.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Vlastimil Babka <vbabka@...e.cz>,
Tom Lendacky <thomas.lendacky@....com>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Ingo Molnar <mingo@...hat.com>,
Varad Gautam <varad.gautam@...e.com>,
Dario Faggioli <dfaggioli@...e.com>, x86@...nel.org,
linux-mm@...ck.org, linux-coco@...ts.linux.dev,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCHv2 1/7] mm: Add support for unaccepted memory
> diff --git a/mm/memblock.c b/mm/memblock.c
> index 1018e50566f3..6dfa594192de 100644
> --- a/mm/memblock.c
> +++ b/mm/memblock.c
> @@ -1400,6 +1400,7 @@ phys_addr_t __init memblock_alloc_range_nid(phys_addr_t size,
> */
> kmemleak_alloc_phys(found, size, 0, 0);
>
> + accept_memory(found, found + size);
> return found;
> }
This could use a comment.
Looking at this, I also have to wonder if accept_memory() is a bit too
generic. Should it perhaps be: cc_accept_memory() or
cc_guest_accept_memory()?
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index c5952749ad40..5707b4b5f774 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1064,6 +1064,7 @@ static inline void __free_one_page(struct page *page,
> unsigned int max_order;
> struct page *buddy;
> bool to_tail;
> + bool offline = PageOffline(page);
>
> max_order = min_t(unsigned int, MAX_ORDER - 1, pageblock_order);
>
> @@ -1097,6 +1098,10 @@ static inline void __free_one_page(struct page *page,
> clear_page_guard(zone, buddy, order, migratetype);
> else
> del_page_from_free_list(buddy, zone, order);
> +
> + if (PageOffline(buddy))
> + offline = true;
> +
> combined_pfn = buddy_pfn & pfn;
> page = page + (combined_pfn - pfn);
> pfn = combined_pfn;
> @@ -1130,6 +1135,9 @@ static inline void __free_one_page(struct page *page,
> done_merging:
> set_buddy_order(page, order);
>
> + if (offline)
> + __SetPageOffline(page);
> +
> if (fpi_flags & FPI_TO_TAIL)
> to_tail = true;
> else if (is_shuffle_order(order))
This is touching some pretty hot code paths. You mention both that
accepting memory is slow and expensive, yet you're doing it in the core
allocator.
That needs at least some discussion in the changelog.
> @@ -1155,7 +1163,8 @@ static inline void __free_one_page(struct page *page,
> static inline bool page_expected_state(struct page *page,
> unsigned long check_flags)
> {
> - if (unlikely(atomic_read(&page->_mapcount) != -1))
> + if (unlikely(atomic_read(&page->_mapcount) != -1) &&
> + !PageOffline(page))
> return false;
Looking at stuff like this, I can't help but think that a:
#define PageOffline PageUnaccepted
and some other renaming would be a fine idea. I get that the Offline
bit can be reused, but I'm not sure that the "Offline" *naming* should
be reused. What you're doing here is logically distinct from existing
offlining.
> if (unlikely((unsigned long)page->mapping |
> @@ -1734,6 +1743,8 @@ void __init memblock_free_pages(struct page *page, unsigned long pfn,
> {
> if (early_page_uninitialised(pfn))
> return;
> +
> + maybe_set_page_offline(page, order);
> __free_pages_core(page, order);
> }
>
> @@ -1823,10 +1834,12 @@ static void __init deferred_free_range(unsigned long pfn,
> if (nr_pages == pageblock_nr_pages &&
> (pfn & (pageblock_nr_pages - 1)) == 0) {
> set_pageblock_migratetype(page, MIGRATE_MOVABLE);
> + maybe_set_page_offline(page, pageblock_order);
> __free_pages_core(page, pageblock_order);
> return;
> }
>
> + accept_memory(pfn << PAGE_SHIFT, (pfn + nr_pages) << PAGE_SHIFT);
> for (i = 0; i < nr_pages; i++, page++, pfn++) {
> if ((pfn & (pageblock_nr_pages - 1)) == 0)
> set_pageblock_migratetype(page, MIGRATE_MOVABLE);
> @@ -2297,6 +2310,9 @@ static inline void expand(struct zone *zone, struct page *page,
> if (set_page_guard(zone, &page[size], high, migratetype))
> continue;
>
> + if (PageOffline(page))
> + __SetPageOffline(&page[size]);
Yeah, this is really begging for comments. Please add some.
> add_to_free_list(&page[size], zone, high, migratetype);
> set_buddy_order(&page[size], high);
> }
> @@ -2393,6 +2409,9 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
> */
> kernel_unpoison_pages(page, 1 << order);
>
> + if (PageOffline(page))
> + accept_and_clear_page_offline(page, order);
> +
> /*
> * As memory initialization might be integrated into KASAN,
> * kasan_alloc_pages and kernel_init_free_pages must be
I guess once there are no more PageOffline() pages in the allocator, the
only impact from these patches will be a bunch of conditional branches
from the "if (PageOffline(page))" that always have the same result. The
branch predictors should do a good job with that.
*BUT*, that overhead is going to be universally inflicted on all users
on x86, even those without TDX. I guess the compiler will save non-x86
users because they'll have an empty stub for
accept_and_clear_page_offline() which the compiler will optimize away.
It sure would be nice to have some changelog material about why this is
OK, though. This is especially true since there's a global spinlock
hidden in accept_and_clear_page_offline() wrapping a slow and "costly"
operation.
Powered by blists - more mailing lists