From: Andrea Arcangeli <aarcange@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org
Cc: Evgheni Dereveanchin <ederevea@redhat.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Petr Holasek <pholasek@redhat.com>,
Hugh Dickins <hughd@google.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Gavin Guo <gavin.guo@canonical.com>,
Jay Vosburgh <jay.vosburgh@canonical.com>,
Mel Gorman <mgorman@techsingularity.net>
Subject: [RFC] [PATCH 0/1] ksm: fix use after free with merge_across_nodes = 0
Date: Fri, 12 May 2017 21:38:04 +0200 [thread overview]
Message-ID: <20170512193805.8807-1-aarcange@redhat.com> (raw)
Hello,
The KSMscale patch in -mm (not yet upstream) is fundamental for
enterprise use and in turn it's included in -mm, RHEL, CentoOS and
Ubuntu and it'd be great if it could be merged upstream (especially
after solving this problem with merge_across_nodes = 0 ...).
https://marc.info/?l=linux-mm&m=149265809928003&w=2
http://kernel.ubuntu.com/~gavinguo/sf00131845/numa-131845.svg
http://kernel.ubuntu.com/~gavinguo/sf00131845/virtual_appliances_loading.png
A few weeks ago I got a report that with merge_across_nodes set to 0
KSM would eventually crash with an user after free (I assumed it was
an use after free because the kindly provided crashdump showed a
corrupted stable_node). Everything was again rock solid after setting
merge_across_nodes back to 1.
merge_across_nodes set to 0 is a tuning performance optimization
for NUMA that creates a different copy of KSM pages for each NUMA node
with a KSM stable_tree for each node (instead of sharing the same
equal memory across the whole system with a single stable_tree).
I couldn't reproduce this bug so far but there's a definitive use
after free in the merge_across_nodes = 0 path, so it would help if who
can reproduce already can give this a spin (untested... or better
tested but only in a NUMA balancing environment that never reproduced the use
after free in the first place so it's inconclusive).
In production I recommend to leave the merge_across_nodes default
value set to 1 if running with the KSMscale patch applied for the time
being, until this is confirmed fixed.
Again this fix should be considered untested so it should be run in testing
environment only.
Thanks,
Andrea
Andrea Arcangeli (1):
ksm: fix use after free with merge_across_nodes = 0
mm/ksm.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 55 insertions(+), 11 deletions(-)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next reply other threads:[~2017-05-12 19:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-12 19:38 Andrea Arcangeli [this message]
2017-05-12 19:38 ` [PATCH 1/1] " Andrea Arcangeli
2017-05-15 16:14 ` Andrey Ryabinin
2017-05-12 20:37 ` [RFC] [PATCH 0/1] " Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170512193805.8807-1-aarcange@redhat.com \
--to=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@linux.intel.com \
--cc=aryabinin@virtuozzo.com \
--cc=dave@stgolabs.net \
--cc=ederevea@redhat.com \
--cc=gavin.guo@canonical.com \
--cc=hughd@google.com \
--cc=jay.vosburgh@canonical.com \
--cc=linux-mm@kvack.org \
--cc=mgorman@techsingularity.net \
--cc=pholasek@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox