diff mbox series

[v3,2/4] PM: hibernate: make direct map manipulations more explicit

Message ID 20201101170815.9795-3-rppt@kernel.org
State New
Headers show
Series arch, mm: improve robustness of direct map manipulation | expand

Commit Message

Mike Rapoport Nov. 1, 2020, 5:08 p.m. UTC 
From: Mike Rapoport <rppt@linux.ibm.com>

When DEBUG_PAGEALLOC or ARCH_HAS_SET_DIRECT_MAP is enabled a page may be
not present in the direct map and has to be explicitly mapped before it
could be copied.

Introduce hibernate_map_page() that will explicitly use
set_direct_map_{default,invalid}_noflush() for ARCH_HAS_SET_DIRECT_MAP case
and debug_pagealloc_map_pages() for DEBUG_PAGEALLOC case.

The remapping of the pages in safe_copy_page() presumes that it only
changes protection bits in an existing PTE and so it is safe to ignore
return value of set_direct_map_{default,invalid}_noflush().

Still, add a WARN_ON() so that future changes in set_memory APIs will not
silently break hibernation.

Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---
 include/linux/mm.h      | 12 ------------
 kernel/power/snapshot.c | 30 ++++++++++++++++++++++++++++--
 2 files changed, 28 insertions(+), 14 deletions(-)

Comments

David Hildenbrand Nov. 2, 2020, 9:19 a.m. UTC | #1 
On 01.11.20 18:08, Mike Rapoport wrote:
> From: Mike Rapoport <rppt@linux.ibm.com>

> 

> When DEBUG_PAGEALLOC or ARCH_HAS_SET_DIRECT_MAP is enabled a page may be

> not present in the direct map and has to be explicitly mapped before it

> could be copied.

> 

> Introduce hibernate_map_page() that will explicitly use

> set_direct_map_{default,invalid}_noflush() for ARCH_HAS_SET_DIRECT_MAP case

> and debug_pagealloc_map_pages() for DEBUG_PAGEALLOC case.

> 

> The remapping of the pages in safe_copy_page() presumes that it only

> changes protection bits in an existing PTE and so it is safe to ignore

> return value of set_direct_map_{default,invalid}_noflush().

> 

> Still, add a WARN_ON() so that future changes in set_memory APIs will not

> silently break hibernation.

> 

> Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>

> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

> ---

>   include/linux/mm.h      | 12 ------------

>   kernel/power/snapshot.c | 30 ++++++++++++++++++++++++++++--

>   2 files changed, 28 insertions(+), 14 deletions(-)

> 

> diff --git a/include/linux/mm.h b/include/linux/mm.h

> index 1fc0609056dc..14e397f3752c 100644

> --- a/include/linux/mm.h

> +++ b/include/linux/mm.h

> @@ -2927,16 +2927,6 @@ static inline bool debug_pagealloc_enabled_static(void)

>   #if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_ARCH_HAS_SET_DIRECT_MAP)

>   extern void __kernel_map_pages(struct page *page, int numpages, int enable);

>   

> -/*

> - * When called in DEBUG_PAGEALLOC context, the call should most likely be

> - * guarded by debug_pagealloc_enabled() or debug_pagealloc_enabled_static()

> - */

> -static inline void

> -kernel_map_pages(struct page *page, int numpages, int enable)

> -{

> -	__kernel_map_pages(page, numpages, enable);

> -}

> -

>   static inline void debug_pagealloc_map_pages(struct page *page,

>   					     int numpages, int enable)

>   {

> @@ -2948,8 +2938,6 @@ static inline void debug_pagealloc_map_pages(struct page *page,

>   extern bool kernel_page_present(struct page *page);

>   #endif	/* CONFIG_HIBERNATION */

>   #else	/* CONFIG_DEBUG_PAGEALLOC || CONFIG_ARCH_HAS_SET_DIRECT_MAP */

> -static inline void

> -kernel_map_pages(struct page *page, int numpages, int enable) {}

>   static inline void debug_pagealloc_map_pages(struct page *page,

>   					     int numpages, int enable) {}

>   #ifdef CONFIG_HIBERNATION

> diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c

> index 46b1804c1ddf..054c8cce4236 100644

> --- a/kernel/power/snapshot.c

> +++ b/kernel/power/snapshot.c

> @@ -76,6 +76,32 @@ static inline void hibernate_restore_protect_page(void *page_address) {}

>   static inline void hibernate_restore_unprotect_page(void *page_address) {}

>   #endif /* CONFIG_STRICT_KERNEL_RWX  && CONFIG_ARCH_HAS_SET_MEMORY */

>   

> +static inline void hibernate_map_page(struct page *page, int enable)

> +{

> +	if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {

> +		unsigned long addr = (unsigned long)page_address(page);

> +		int ret;

> +

> +		/*

> +		 * This should not fail because remapping a page here means

> +		 * that we only update protection bits in an existing PTE.

> +		 * It is still worth to have WARN_ON() here if something

> +		 * changes and this will no longer be the case.

> +		 */

> +		if (enable)

> +			ret = set_direct_map_default_noflush(page);

> +		else

> +			ret = set_direct_map_invalid_noflush(page);

> +

> +		if (WARN_ON(ret))

> +			return;


People seem to prefer pr_warn() now that production kernels have panic 
on warn enabled. It's weird.

> +

> +		flush_tlb_kernel_range(addr, addr + PAGE_SIZE);

> +	} else {

> +		debug_pagealloc_map_pages(page, 1, enable);


Reviewed-by: David Hildenbrand <david@redhat.com>


-- 
Thanks,

David / dhildenb
Mike Rapoport Nov. 2, 2020, 3:12 p.m. UTC | #2 
On Mon, Nov 02, 2020 at 10:19:36AM +0100, David Hildenbrand wrote:
> On 01.11.20 18:08, Mike Rapoport wrote:

> > From: Mike Rapoport <rppt@linux.ibm.com>

> > 

> > When DEBUG_PAGEALLOC or ARCH_HAS_SET_DIRECT_MAP is enabled a page may be

> > not present in the direct map and has to be explicitly mapped before it

> > could be copied.

> > 

> > Introduce hibernate_map_page() that will explicitly use

> > set_direct_map_{default,invalid}_noflush() for ARCH_HAS_SET_DIRECT_MAP case

> > and debug_pagealloc_map_pages() for DEBUG_PAGEALLOC case.

> > 

> > The remapping of the pages in safe_copy_page() presumes that it only

> > changes protection bits in an existing PTE and so it is safe to ignore

> > return value of set_direct_map_{default,invalid}_noflush().

> > 

> > Still, add a WARN_ON() so that future changes in set_memory APIs will not

> > silently break hibernation.

> > 

> > Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>

> > Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

> > ---

> >   include/linux/mm.h      | 12 ------------

> >   kernel/power/snapshot.c | 30 ++++++++++++++++++++++++++++--

> >   2 files changed, 28 insertions(+), 14 deletions(-)

> > 

> > diff --git a/include/linux/mm.h b/include/linux/mm.h

> > index 1fc0609056dc..14e397f3752c 100644

> > --- a/include/linux/mm.h

> > +++ b/include/linux/mm.h

> > @@ -2927,16 +2927,6 @@ static inline bool debug_pagealloc_enabled_static(void)

> >   #if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_ARCH_HAS_SET_DIRECT_MAP)

> >   extern void __kernel_map_pages(struct page *page, int numpages, int enable);

> > -/*

> > - * When called in DEBUG_PAGEALLOC context, the call should most likely be

> > - * guarded by debug_pagealloc_enabled() or debug_pagealloc_enabled_static()

> > - */

> > -static inline void

> > -kernel_map_pages(struct page *page, int numpages, int enable)

> > -{

> > -	__kernel_map_pages(page, numpages, enable);

> > -}

> > -

> >   static inline void debug_pagealloc_map_pages(struct page *page,

> >   					     int numpages, int enable)

> >   {

> > @@ -2948,8 +2938,6 @@ static inline void debug_pagealloc_map_pages(struct page *page,

> >   extern bool kernel_page_present(struct page *page);

> >   #endif	/* CONFIG_HIBERNATION */

> >   #else	/* CONFIG_DEBUG_PAGEALLOC || CONFIG_ARCH_HAS_SET_DIRECT_MAP */

> > -static inline void

> > -kernel_map_pages(struct page *page, int numpages, int enable) {}

> >   static inline void debug_pagealloc_map_pages(struct page *page,

> >   					     int numpages, int enable) {}

> >   #ifdef CONFIG_HIBERNATION

> > diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c

> > index 46b1804c1ddf..054c8cce4236 100644

> > --- a/kernel/power/snapshot.c

> > +++ b/kernel/power/snapshot.c

> > @@ -76,6 +76,32 @@ static inline void hibernate_restore_protect_page(void *page_address) {}

> >   static inline void hibernate_restore_unprotect_page(void *page_address) {}

> >   #endif /* CONFIG_STRICT_KERNEL_RWX  && CONFIG_ARCH_HAS_SET_MEMORY */

> > +static inline void hibernate_map_page(struct page *page, int enable)

> > +{

> > +	if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {

> > +		unsigned long addr = (unsigned long)page_address(page);

> > +		int ret;

> > +

> > +		/*

> > +		 * This should not fail because remapping a page here means

> > +		 * that we only update protection bits in an existing PTE.

> > +		 * It is still worth to have WARN_ON() here if something

> > +		 * changes and this will no longer be the case.

> > +		 */

> > +		if (enable)

> > +			ret = set_direct_map_default_noflush(page);

> > +		else

> > +			ret = set_direct_map_invalid_noflush(page);

> > +

> > +		if (WARN_ON(ret))

> > +			return;

> 

> People seem to prefer pr_warn() now that production kernels have panic on

> warn enabled. It's weird.


Weird indeed as the whole point of WARN to yell without causing a
crash...
I can change to pr_warn though...

> > +

> > +		flush_tlb_kernel_range(addr, addr + PAGE_SIZE);

> > +	} else {

> > +		debug_pagealloc_map_pages(page, 1, enable);

> 

> Reviewed-by: David Hildenbrand <david@redhat.com>


Thanks!

> -- 

> Thanks,

> 

> David / dhildenb

> 


-- 
Sincerely yours,
Mike.
Kirill A. Shutemov Nov. 3, 2020, 11:08 a.m. UTC | #3 
On Sun, Nov 01, 2020 at 07:08:13PM +0200, Mike Rapoport wrote:
> diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c

> index 46b1804c1ddf..054c8cce4236 100644

> --- a/kernel/power/snapshot.c

> +++ b/kernel/power/snapshot.c

> @@ -76,6 +76,32 @@ static inline void hibernate_restore_protect_page(void *page_address) {}

>  static inline void hibernate_restore_unprotect_page(void *page_address) {}

>  #endif /* CONFIG_STRICT_KERNEL_RWX  && CONFIG_ARCH_HAS_SET_MEMORY */

>  

> +static inline void hibernate_map_page(struct page *page, int enable)

> +{

> +	if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {

> +		unsigned long addr = (unsigned long)page_address(page);

> +		int ret;

> +

> +		/*

> +		 * This should not fail because remapping a page here means

> +		 * that we only update protection bits in an existing PTE.

> +		 * It is still worth to have WARN_ON() here if something

> +		 * changes and this will no longer be the case.

> +		 */

> +		if (enable)

> +			ret = set_direct_map_default_noflush(page);

> +		else

> +			ret = set_direct_map_invalid_noflush(page);

> +

> +		if (WARN_ON(ret))


_ONCE?
> +			return;

> +

> +		flush_tlb_kernel_range(addr, addr + PAGE_SIZE);

> +	} else {

> +		debug_pagealloc_map_pages(page, 1, enable);

> +	}

> +}

> +

>  static int swsusp_page_is_free(struct page *);

>  static void swsusp_set_page_forbidden(struct page *);

>  static void swsusp_unset_page_forbidden(struct page *);


-- 
 Kirill A. Shutemov
Mike Rapoport Nov. 3, 2020, 12:13 p.m. UTC | #4 
On Tue, Nov 03, 2020 at 02:08:16PM +0300, Kirill A. Shutemov wrote:
> On Sun, Nov 01, 2020 at 07:08:13PM +0200, Mike Rapoport wrote:

> > diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c

> > index 46b1804c1ddf..054c8cce4236 100644

> > --- a/kernel/power/snapshot.c

> > +++ b/kernel/power/snapshot.c

> > @@ -76,6 +76,32 @@ static inline void hibernate_restore_protect_page(void *page_address) {}

> >  static inline void hibernate_restore_unprotect_page(void *page_address) {}

> >  #endif /* CONFIG_STRICT_KERNEL_RWX  && CONFIG_ARCH_HAS_SET_MEMORY */

> >  

> > +static inline void hibernate_map_page(struct page *page, int enable)

> > +{

> > +	if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {

> > +		unsigned long addr = (unsigned long)page_address(page);

> > +		int ret;

> > +

> > +		/*

> > +		 * This should not fail because remapping a page here means

> > +		 * that we only update protection bits in an existing PTE.

> > +		 * It is still worth to have WARN_ON() here if something

> > +		 * changes and this will no longer be the case.

> > +		 */

> > +		if (enable)

> > +			ret = set_direct_map_default_noflush(page);

> > +		else

> > +			ret = set_direct_map_invalid_noflush(page);

> > +

> > +		if (WARN_ON(ret))

> 

> _ONCE?


I've changed it to pr_warn() after David said people enable panic on
warn in production kernels.

> > +			return;

> > +

> > +		flush_tlb_kernel_range(addr, addr + PAGE_SIZE);

> > +	} else {

> > +		debug_pagealloc_map_pages(page, 1, enable);

> > +	}

> > +}

> > +

> >  static int swsusp_page_is_free(struct page *);

> >  static void swsusp_set_page_forbidden(struct page *);

> >  static void swsusp_unset_page_forbidden(struct page *);

> 

> -- 

>  Kirill A. Shutemov


-- 
Sincerely yours,
Mike.
Kirill A. Shutemov Nov. 3, 2020, 2:39 p.m. UTC | #5 
On Tue, Nov 03, 2020 at 02:13:50PM +0200, Mike Rapoport wrote:
> On Tue, Nov 03, 2020 at 02:08:16PM +0300, Kirill A. Shutemov wrote:

> > On Sun, Nov 01, 2020 at 07:08:13PM +0200, Mike Rapoport wrote:

> > > diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c

> > > index 46b1804c1ddf..054c8cce4236 100644

> > > --- a/kernel/power/snapshot.c

> > > +++ b/kernel/power/snapshot.c

> > > @@ -76,6 +76,32 @@ static inline void hibernate_restore_protect_page(void *page_address) {}

> > >  static inline void hibernate_restore_unprotect_page(void *page_address) {}

> > >  #endif /* CONFIG_STRICT_KERNEL_RWX  && CONFIG_ARCH_HAS_SET_MEMORY */

> > >  

> > > +static inline void hibernate_map_page(struct page *page, int enable)

> > > +{

> > > +	if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {

> > > +		unsigned long addr = (unsigned long)page_address(page);

> > > +		int ret;

> > > +

> > > +		/*

> > > +		 * This should not fail because remapping a page here means

> > > +		 * that we only update protection bits in an existing PTE.

> > > +		 * It is still worth to have WARN_ON() here if something

> > > +		 * changes and this will no longer be the case.

> > > +		 */

> > > +		if (enable)

> > > +			ret = set_direct_map_default_noflush(page);

> > > +		else

> > > +			ret = set_direct_map_invalid_noflush(page);

> > > +

> > > +		if (WARN_ON(ret))

> > 

> > _ONCE?

> 

> I've changed it to pr_warn() after David said people enable panic on

> warn in production kernels.


pr_warn_once()? :P

-- 
 Kirill A. Shutemov
Mike Rapoport Nov. 3, 2020, 3:56 p.m. UTC | #6 
On Tue, Nov 03, 2020 at 05:39:16PM +0300, Kirill A. Shutemov wrote:
> On Tue, Nov 03, 2020 at 02:13:50PM +0200, Mike Rapoport wrote:

> > > > +

> > > > +		if (WARN_ON(ret))

> > > 

> > > _ONCE?

> > 

> > I've changed it to pr_warn() after David said people enable panic on

> > warn in production kernels.

> 

> pr_warn_once()? :P


Sure :)

-- 
Sincerely yours,
Mike.
diff mbox series

Patch

diff --git a/include/linux/mm.h b/include/linux/mm.h
index 1fc0609056dc..14e397f3752c 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -2927,16 +2927,6 @@  static inline bool debug_pagealloc_enabled_static(void)
 #if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_ARCH_HAS_SET_DIRECT_MAP)
 extern void __kernel_map_pages(struct page *page, int numpages, int enable);
 
-/*
- * When called in DEBUG_PAGEALLOC context, the call should most likely be
- * guarded by debug_pagealloc_enabled() or debug_pagealloc_enabled_static()
- */
-static inline void
-kernel_map_pages(struct page *page, int numpages, int enable)
-{
-	__kernel_map_pages(page, numpages, enable);
-}
-
 static inline void debug_pagealloc_map_pages(struct page *page,
 					     int numpages, int enable)
 {
@@ -2948,8 +2938,6 @@  static inline void debug_pagealloc_map_pages(struct page *page,
 extern bool kernel_page_present(struct page *page);
 #endif	/* CONFIG_HIBERNATION */
 #else	/* CONFIG_DEBUG_PAGEALLOC || CONFIG_ARCH_HAS_SET_DIRECT_MAP */
-static inline void
-kernel_map_pages(struct page *page, int numpages, int enable) {}
 static inline void debug_pagealloc_map_pages(struct page *page,
 					     int numpages, int enable) {}
 #ifdef CONFIG_HIBERNATION
diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
index 46b1804c1ddf..054c8cce4236 100644
--- a/kernel/power/snapshot.c
+++ b/kernel/power/snapshot.c
@@ -76,6 +76,32 @@  static inline void hibernate_restore_protect_page(void *page_address) {}
 static inline void hibernate_restore_unprotect_page(void *page_address) {}
 #endif /* CONFIG_STRICT_KERNEL_RWX  && CONFIG_ARCH_HAS_SET_MEMORY */
 
+static inline void hibernate_map_page(struct page *page, int enable)
+{
+	if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {
+		unsigned long addr = (unsigned long)page_address(page);
+		int ret;
+
+		/*
+		 * This should not fail because remapping a page here means
+		 * that we only update protection bits in an existing PTE.
+		 * It is still worth to have WARN_ON() here if something
+		 * changes and this will no longer be the case.
+		 */
+		if (enable)
+			ret = set_direct_map_default_noflush(page);
+		else
+			ret = set_direct_map_invalid_noflush(page);
+
+		if (WARN_ON(ret))
+			return;
+
+		flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
+	} else {
+		debug_pagealloc_map_pages(page, 1, enable);
+	}
+}
+
 static int swsusp_page_is_free(struct page *);
 static void swsusp_set_page_forbidden(struct page *);
 static void swsusp_unset_page_forbidden(struct page *);
@@ -1355,9 +1381,9 @@  static void safe_copy_page(void *dst, struct page *s_page)
 	if (kernel_page_present(s_page)) {
 		do_copy_page(dst, page_address(s_page));
 	} else {
-		kernel_map_pages(s_page, 1, 1);
+		hibernate_map_page(s_page, 1);
 		do_copy_page(dst, page_address(s_page));
-		kernel_map_pages(s_page, 1, 0);
+		hibernate_map_page(s_page, 0);
 	}
 }