| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250624055617.1291159-3-raghavendra.kt@amd.com>
Date: Tue, 24 Jun 2025 05:56:06 +0000
From: Raghavendra K T <raghavendra.kt@....com>
To: <raghavendra.kt@....com>
CC: <AneeshKumar.KizhakeVeetil@....com>, <Hasan.Maruf@....com>,
<Michael.Day@....com>, <akpm@...ux-foundation.org>, <bharata@....com>,
<dave.hansen@...el.com>, <david@...hat.com>, <dongjoo.linux.dev@...il.com>,
<feng.tang@...el.com>, <gourry@...rry.net>, <hannes@...xchg.org>,
<honggyu.kim@...com>, <hughd@...gle.com>, <jhubbard@...dia.com>,
<jon.grimm@....com>, <k.shutemov@...il.com>, <kbusch@...a.com>,
<kmanaouil.dev@...il.com>, <leesuyeon0506@...il.com>, <leillc@...gle.com>,
<liam.howlett@...cle.com>, <linux-kernel@...r.kernel.org>,
<linux-mm@...ck.org>, <mgorman@...hsingularity.net>, <mingo@...hat.com>,
<nadav.amit@...il.com>, <nphamcs@...il.com>, <peterz@...radead.org>,
<riel@...riel.com>, <rientjes@...gle.com>, <rppt@...nel.org>,
<santosh.shukla@....com>, <shivankg@....com>, <shy828301@...il.com>,
<sj@...nel.org>, <vbabka@...e.cz>, <weixugc@...gle.com>,
<willy@...radead.org>, <ying.huang@...ux.alibaba.com>, <ziy@...dia.com>,
<Jonathan.Cameron@...wei.com>, <dave@...olabs.net>, <yuanchu@...gle.com>,
<kinseyho@...gle.com>, <hdanton@...a.com>
Subject: [RFC PATCH V2 02/13] mm: Maintain mm_struct list in the system
The list is used to iterate over all the mm and do PTE A bit scanning.
mm_slot infrastructure is reused to aid insert and lookup of mm_struct.
CC: linux-fsdevel@...r.kernel.org
Suggested-by: Bharata B Rao <bharata@....com>
Signed-off-by: Raghavendra K T <raghavendra.kt@....com>
---
fs/exec.c | 4 ++
include/linux/kscand.h | 30 +++++++++++++++
kernel/fork.c | 4 ++
mm/kscand.c | 86 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 124 insertions(+)
create mode 100644 include/linux/kscand.h
diff --git a/fs/exec.c b/fs/exec.c
index 8e4ea5f1e64c..e21c590bfdfc 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -68,6 +68,7 @@
#include <linux/user_events.h>
#include <linux/rseq.h>
#include <linux/ksm.h>
+#include <linux/kscand.h>
#include <linux/uaccess.h>
#include <asm/mmu_context.h>
@@ -266,6 +267,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
if (err)
goto err_ksm;
+ kscand_execve(mm);
+
/*
* Place the stack at the largest stack address the architecture
* supports. Later, we'll move this to an appropriate place. We don't
@@ -288,6 +291,7 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
return 0;
err:
ksm_exit(mm);
+ kscand_exit(mm);
err_ksm:
mmap_write_unlock(mm);
err_free:
diff --git a/include/linux/kscand.h b/include/linux/kscand.h
new file mode 100644
index 000000000000..ef9947a33ee5
--- /dev/null
+++ b/include/linux/kscand.h
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_KSCAND_H_
+#define _LINUX_KSCAND_H_
+
+#ifdef CONFIG_KSCAND
+extern void __kscand_enter(struct mm_struct *mm);
+extern void __kscand_exit(struct mm_struct *mm);
+
+static inline void kscand_execve(struct mm_struct *mm)
+{
+ __kscand_enter(mm);
+}
+
+static inline void kscand_fork(struct mm_struct *mm, struct mm_struct *oldmm)
+{
+ __kscand_enter(mm);
+}
+
+static inline void kscand_exit(struct mm_struct *mm)
+{
+ __kscand_exit(mm);
+}
+#else /* !CONFIG_KSCAND */
+static inline void __kscand_enter(struct mm_struct *mm) {}
+static inline void __kscand_exit(struct mm_struct *mm) {}
+static inline void kscand_execve(struct mm_struct *mm) {}
+static inline void kscand_fork(struct mm_struct *mm, struct mm_struct *oldmm) {}
+static inline void kscand_exit(struct mm_struct *mm) {}
+#endif
+#endif /* _LINUX_KSCAND_H_ */
diff --git a/kernel/fork.c b/kernel/fork.c
index 168681fc4b25..af6dd315b106 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -85,6 +85,7 @@
#include <linux/user-return-notifier.h>
#include <linux/oom.h>
#include <linux/khugepaged.h>
+#include <linux/kscand.h>
#include <linux/signalfd.h>
#include <linux/uprobes.h>
#include <linux/aio.h>
@@ -630,6 +631,8 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm,
mm->exec_vm = oldmm->exec_vm;
mm->stack_vm = oldmm->stack_vm;
+ kscand_fork(mm, oldmm);
+
/* Use __mt_dup() to efficiently build an identical maple tree. */
retval = __mt_dup(&oldmm->mm_mt, &mm->mm_mt, GFP_KERNEL);
if (unlikely(retval))
@@ -1377,6 +1380,7 @@ static inline void __mmput(struct mm_struct *mm)
exit_aio(mm);
ksm_exit(mm);
khugepaged_exit(mm); /* must run before exit_mmap */
+ kscand_exit(mm);
exit_mmap(mm);
mm_put_huge_zero_folio(mm);
set_mm_exe_file(mm, NULL);
diff --git a/mm/kscand.c b/mm/kscand.c
index f7bbbc70c86a..d5b0d3041b0f 100644
--- a/mm/kscand.c
+++ b/mm/kscand.c
@@ -7,12 +7,14 @@
#include <linux/swap.h>
#include <linux/mm_inline.h>
#include <linux/kthread.h>
+#include <linux/kscand.h>
#include <linux/string.h>
#include <linux/delay.h>
#include <linux/cleanup.h>
#include <asm/pgalloc.h>
#include "internal.h"
+#include "mm_slot.h"
static struct task_struct *kscand_thread __read_mostly;
static DEFINE_MUTEX(kscand_mutex);
@@ -29,11 +31,23 @@ static bool need_wakeup;
static unsigned long kscand_sleep_expire;
+static DEFINE_SPINLOCK(kscand_mm_lock);
static DECLARE_WAIT_QUEUE_HEAD(kscand_wait);
+#define KSCAND_SLOT_HASH_BITS 10
+static DEFINE_READ_MOSTLY_HASHTABLE(kscand_slots_hash, KSCAND_SLOT_HASH_BITS);
+
+static struct kmem_cache *kscand_slot_cache __read_mostly;
+
+/* Per mm information collected to control VMA scanning */
+struct kscand_mm_slot {
+ struct mm_slot slot;
+};
+
/* Data structure to keep track of current mm under scan */
struct kscand_scan {
struct list_head mm_head;
+ struct kscand_mm_slot *mm_slot;
};
struct kscand_scan kscand_scan = {
@@ -69,6 +83,12 @@ static void kscand_wait_work(void)
wait_event_timeout(kscand_wait, kscand_should_wakeup(),
scan_sleep_jiffies);
}
+
+static inline int kscand_test_exit(struct mm_struct *mm)
+{
+ return atomic_read(&mm->mm_users) == 0;
+}
+
static void kscand_do_scan(void)
{
unsigned long iter = 0, mms_to_scan;
@@ -109,6 +129,65 @@ static int kscand(void *none)
return 0;
}
+static inline void kscand_destroy(void)
+{
+ kmem_cache_destroy(kscand_slot_cache);
+}
+
+void __kscand_enter(struct mm_struct *mm)
+{
+ struct kscand_mm_slot *kscand_slot;
+ struct mm_slot *slot;
+ int wakeup;
+
+ /* __kscand_exit() must not run from under us */
+ VM_BUG_ON_MM(kscand_test_exit(mm), mm);
+
+ kscand_slot = mm_slot_alloc(kscand_slot_cache);
+
+ if (!kscand_slot)
+ return;
+
+ slot = &kscand_slot->slot;
+
+ spin_lock(&kscand_mm_lock);
+ mm_slot_insert(kscand_slots_hash, mm, slot);
+
+ wakeup = list_empty(&kscand_scan.mm_head);
+ list_add_tail(&slot->mm_node, &kscand_scan.mm_head);
+ spin_unlock(&kscand_mm_lock);
+
+ mmgrab(mm);
+ if (wakeup)
+ wake_up_interruptible(&kscand_wait);
+}
+
+void __kscand_exit(struct mm_struct *mm)
+{
+ struct kscand_mm_slot *mm_slot;
+ struct mm_slot *slot;
+ int free = 0;
+
+ spin_lock(&kscand_mm_lock);
+ slot = mm_slot_lookup(kscand_slots_hash, mm);
+ mm_slot = mm_slot_entry(slot, struct kscand_mm_slot, slot);
+ if (mm_slot && kscand_scan.mm_slot != mm_slot) {
+ hash_del(&slot->hash);
+ list_del(&slot->mm_node);
+ free = 1;
+ }
+
+ spin_unlock(&kscand_mm_lock);
+
+ if (free) {
+ mm_slot_free(kscand_slot_cache, mm_slot);
+ mmdrop(mm);
+ } else if (mm_slot) {
+ mmap_write_lock(mm);
+ mmap_write_unlock(mm);
+ }
+}
+
static int start_kscand(void)
{
struct task_struct *kthread;
@@ -149,6 +228,12 @@ static int __init kscand_init(void)
{
int err;
+ kscand_slot_cache = KMEM_CACHE(kscand_mm_slot, 0);
+
+ if (!kscand_slot_cache) {
+ pr_err("kscand: kmem_cache error");
+ return -ENOMEM;
+ }
err = start_kscand();
if (err)
goto err_kscand;
@@ -157,6 +242,7 @@ static int __init kscand_init(void)
err_kscand:
stop_kscand();
+ kscand_destroy();
return err;
}
--
2.34.1
Powered by blists - more mailing lists