From: Daniel Jordan <daniel.m.jordan@oracle.com>
To: Jason Gunthorpe <jgg@mellanox.com>
Cc: Daniel Jordan <daniel.m.jordan@oracle.com>,
Christophe Leroy <christophe.leroy@c-s.fr>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Paul Mackerras <paulus@samba.org>,
Christoph Lameter <cl@linux.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH 5/6] powerpc/mmu: drop mmap_sem now that locked_vm is atomic
Date: Wed, 24 Apr 2019 21:47:05 -0400 [thread overview]
Message-ID: <20190425014705.k5twrldr5n5a5gsz@ca-dmjordan1.us.oracle.com> (raw)
In-Reply-To: <20190424111018.GA16077@mellanox.com>
On Wed, Apr 24, 2019 at 11:10:24AM +0000, Jason Gunthorpe wrote:
> On Tue, Apr 23, 2019 at 07:15:44PM -0700, Davidlohr Bueso wrote:
> > Wouldn't the cmpxchg alternative also be exposed the locked_vm changing between
> > validating the new value and the cmpxchg() and we'd bogusly fail even when there
> > is still just because the value changed (I'm assuming we don't hold any locks,
> > otherwise all this is pointless).
That's true, I hadn't considered that we could retry even when there's enough
locked_vm. Seems like another one is that RLIMIT_MEMLOCK could change after
it's read. I guess nothing's going to be perfect. :/
> Well it needs a loop..
>
> again:
> current_locked = atomic_read(&mm->locked_vm);
> new_locked = current_locked + npages;
> if (new_locked < lock_limit)
> if (cmpxchg(&mm->locked_vm, current_locked, new_locked) != current_locked)
> goto again;
>
> So it won't have bogus failures as there is no unwind after
> error. Basically this is a load locked/store conditional style of
> locking pattern.
This is basically what I have so far.
> > > That's a good idea, and especially worth doing considering that an arbitrary
> > > number of threads that charge a low amount of locked_vm can fail just because
> > > one thread charges lots of it.
> >
> > Yeah but the window for this is quite small, I doubt it would be a real issue.
>
> > What if before doing the atomic_add_return(), we first did the racy new_locked
> > check for ENOMEM, then do the speculative add and cleanup, if necessary. This
> > would further reduce the scope of the window where false ENOMEM can occur.
So the upside of this is that there's no retry loop so tasks don't spin under
heavy contention? Seems better to always guard against false ENOMEM, at least
from the locked_vm side if not from the rlimit changing.
> > > pinned_vm appears to be broken the same way, so I can fix it too unless someone
> > > beats me to it.
> >
> > This should not be a surprise for the rdma folks. Cc'ing Jason nonetheless.
>
> I think we accepted this tiny race as a side effect of removing the
> lock, which was very beneficial. Really the time window between the
> atomic failing and unwind is very small, and there are enough other
> ways a hostile user could DOS locked_vm that I don't think it really
> matters in practice..
>
> However, the cmpxchg seems better, so a helper to implement that would
> probably be the best thing to do.
I've collapsed all the locked_vm users into such a helper and am now working on
converting the pinned_vm users to the same helper. Taking longer than I
thought.
next prev parent reply other threads:[~2019-04-25 1:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-02 20:41 [PATCH 0/6] convert locked_vm from unsigned long to atomic64_t Daniel Jordan
2019-04-02 20:41 ` [PATCH 1/6] mm: change locked_vm's type " Daniel Jordan
2019-04-02 22:04 ` Andrew Morton
2019-04-02 23:43 ` Davidlohr Bueso
2019-04-03 16:07 ` Daniel Jordan
2019-04-03 15:58 ` Daniel Jordan
2019-04-03 4:46 ` Christophe Leroy
2019-04-03 16:09 ` Daniel Jordan
2019-04-11 4:22 ` Alexey Kardashevskiy
2019-04-11 9:55 ` Mark Rutland
2019-04-11 20:28 ` Daniel Jordan
2019-04-16 23:33 ` Andrew Morton
2019-04-22 15:54 ` Daniel Jordan
2019-04-02 20:41 ` [PATCH 2/6] vfio/type1: drop mmap_sem now that locked_vm is atomic Daniel Jordan
2019-04-02 20:41 ` [PATCH 3/6] vfio/spapr_tce: " Daniel Jordan
2019-04-02 20:41 ` [PATCH 4/6] fpga/dlf/afu: " Daniel Jordan
2019-04-02 20:41 ` [PATCH 5/6] powerpc/mmu: " Daniel Jordan
2019-04-03 4:58 ` Christophe Leroy
2019-04-03 16:40 ` Daniel Jordan
2019-04-24 2:15 ` Davidlohr Bueso
2019-04-24 2:31 ` Davidlohr Bueso
2019-04-24 11:10 ` Jason Gunthorpe
2019-04-25 1:47 ` Daniel Jordan [this message]
2019-04-02 20:41 ` [PATCH 6/6] kvm/book3s: " Daniel Jordan
2019-04-03 12:51 ` [PATCH 0/6] convert locked_vm from unsigned long to atomic64_t Steven Sistare
2019-04-03 16:52 ` Daniel Jordan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190425014705.k5twrldr5n5a5gsz@ca-dmjordan1.us.oracle.com \
--to=daniel.m.jordan@oracle.com \
--cc=aik@ozlabs.ru \
--cc=akpm@linux-foundation.org \
--cc=christophe.leroy@c-s.fr \
--cc=cl@linux.com \
--cc=jgg@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox