From: Andrew Morton <akpm@linux-foundation.org>
To: Sean Christopherson <seanjc@google.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
"David Rientjes" <rientjes@google.com>,
"Ben Gardon" <bgardon@google.com>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Michal Hocko" <mhocko@suse.com>,
" Jérôme Glisse " <jglisse@redhat.com>,
"Andrea Arcangeli" <aarcange@redhat.com>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Dimitri Sivanich" <dimitri.sivanich@hpe.com>
Subject: Re: [PATCH] mm/oom_kill: Ensure MMU notifier range_end() is paired with range_start()
Date: Wed, 10 Mar 2021 16:06:12 -0800 [thread overview]
Message-ID: <20210310160612.dd57fcc60cbc4cc4bf86b869@linux-foundation.org> (raw)
In-Reply-To: <20210310213117.1444147-1-seanjc@google.com>
On Wed, 10 Mar 2021 13:31:17 -0800 Sean Christopherson <seanjc@google.com> wrote:
> Invoke the MMU notifier's .invalidate_range_end() callbacks even if one
> of the .invalidate_range_start() callbacks failed. If there are multiple
> notifiers, the notifier that did not fail may have performed actions in
> its ...start() that it expects to unwind via ...end(). Per the
> mmu_notifier_ops documentation, ...start() and ...end() must be paired.
>
> The only in-kernel usage that is fatally broken is the SGI UV GRU driver,
> which effectively blocks and sleeps fault handlers during ...start(), and
> unblocks/wakes the handlers during ...end(). But, the only users that
> can fail ...start() are the i915 and Nouveau drivers, which are unlikely
> to collide with the SGI driver.
>
> KVM is the only other user of ...end(), and while KVM also blocks fault
> handlers in ...start(), the fault handlers do not sleep and originate in
> killable ioctl() calls. So while it's possible for the i915 and Nouveau
> drivers to collide with KVM, the bug is benign for KVM since the process
> is dying and KVM's guest is about to be terminated.
>
> So, as of today, the bug is likely benign. But, that may not always be
> true, e.g. there is a potential use case for blocking memslot updates in
> KVM while an invalidation is in-progress, and failure to unblock would
> result in said updates being blocked indefinitely and hanging.
>
> Found by inspection. Verified by adding a second notifier in KVM that
> periodically returns -EAGAIN on non-blockable ranges, triggering OOM,
> and observing that KVM exits with an elevated notifier count.
Given that there's no way known of triggering this in 5.11 or earlier,
I'd normally question the need to backport into -stable kernels.
But I guess that people might later develop modules which they want to
load into earlier kernels, in which case this might bite them. So I
agree on the cc:stable thing.
next prev parent reply other threads:[~2021-03-11 0:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-10 21:31 Sean Christopherson
2021-03-10 22:08 ` Ben Gardon
2021-03-11 0:06 ` Andrew Morton [this message]
2021-03-11 0:28 ` Jason Gunthorpe
2021-03-11 1:20 ` Sean Christopherson
2021-03-11 1:50 ` Jason Gunthorpe
2021-03-11 7:22 ` Sean Christopherson
2021-03-11 16:20 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210310160612.dd57fcc60cbc4cc4bf86b869@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=aarcange@redhat.com \
--cc=bgardon@google.com \
--cc=dimitri.sivanich@hpe.com \
--cc=hannes@cmpxchg.org \
--cc=jgg@ziepe.ca \
--cc=jglisse@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox