From: Miaohe Lin <linmiaohe@huawei.com>
To: "Huang, Ying" <ying.huang@intel.com>
Cc: <akpm@linux-foundation.org>, <david@redhat.com>,
<linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 1/3] mm/swapfile: make security_vm_enough_memory_mm() work as expected
Date: Tue, 21 Jun 2022 15:37:25 +0800 [thread overview]
Message-ID: <463fe0cd-504a-f887-0201-691bacd9e69d@huawei.com> (raw)
In-Reply-To: <87letqpzm1.fsf@yhuang6-desk2.ccr.corp.intel.com>
On 2022/6/21 9:35, Huang, Ying wrote:
> Miaohe Lin <linmiaohe@huawei.com> writes:
>
>> On 2022/6/20 15:31, Huang, Ying wrote:
>>> Miaohe Lin <linmiaohe@huawei.com> writes:
>>>
>>>> security_vm_enough_memory_mm() checks whether a process has enough memory
>>>> to allocate a new virtual mapping. And total_swap_pages is considered as
>>>> available memory while swapoff tries to make sure there's enough memory
>>>> that can hold the swapped out memory. But total_swap_pages contains the
>>>> swap space that is being swapoff. So security_vm_enough_memory_mm() will
>>>> success even if there's no memory to hold the swapped out memory because
>>>> total_swap_pages always greater than or equal to p->pages.
>>>
>>> Per my understanding, swapoff will not allocate virtual mapping by
>>> itself. But after swapoff, the overcommit limit could be exceeded.
>>> security_vm_enough_memory_mm() is used to check that. For example, in a
>>> system with 4GB memory and 8GB swap, and 10GB is in use,
>>>
>>> CommitLimit: 4+8 = 12GB
>>> Committed_AS: 10GB
>>>
>>> security_vm_enough_memory_mm() in swapoff() will fail because
>>> 10+8 = 18 > 12. This is expected because after swapoff, the overcommit
>>> limit will be exceeded.
>>>
>>> If 3GB is in use,
>>>
>>> CommitLimit: 4+8 = 12GB
>>> Committed_AS: 3GB
>>>
>>> security_vm_enough_memory_mm() in swapoff() will succeed because
>>> 3+8 = 11 < 12. This is expected because after swapoff, the overcommit
>>> limit will not be exceeded.
>>
>> In OVERCOMMIT_NEVER scene, I think you're right.
>>
>>>
>>> So, what's the real problem of the original implementation? Can you
>>> show it with an example as above?
>>
>> In OVERCOMMIT_GUESS scene, in a system with 4GB memory and 8GB swap, and 10GB is in use,
>> pages below is 8GB, totalram_pages() + total_swap_pages is 12GB, so swapoff() will succeed
>> instead of expected failure because 8 < 12. The overcommit limit is always *ignored* in the
>> below case.
>>
>> if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) {
>> if (pages > totalram_pages() + total_swap_pages)
>> goto error;
>> return 0;
>> }
>>
>> Or am I miss something?
>
> Per my understanding, with OVERCOMMIT_GUESS, the number of in-use pages
> isn't checked at all. The only restriction is that the size of the
> virtual mapping created should be less than total RAM + total swap
Do you mean the only restriction is that the size of the virtual mapping
*created every time* should be less than total RAM + total swap pages but
*total virtual mapping* is not limited in OVERCOMMIT_GUESS scene? If so,
the current behavior should be sane and I will drop this patch.
Thanks!
> pages. Because swapoff() will not create virtual mapping, so it's
> expected that security_vm_enough_memory_mm() in swapoff() always
> succeeds.
>
> Best Regards,
> Huang, Ying
>
>>
>> Thanks!
>>
>>>
>>>> In order to fix it, p->pages should be retracted from total_swap_pages
>>>> first and then check whether there's enough memory for inuse swap pages.
>>>>
>>>> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
>>>
>>> [snip]
>>>
>>> .
>>>
>
> .
>
next prev parent reply other threads:[~2022-06-21 7:37 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-08 14:40 [PATCH v2 0/3] A few cleanup and fixup patches for swap Miaohe Lin
2022-06-08 14:40 ` [PATCH v2 1/3] mm/swapfile: make security_vm_enough_memory_mm() work as expected Miaohe Lin
2022-06-17 7:33 ` David Hildenbrand
2022-06-18 2:43 ` Miaohe Lin
2022-06-18 7:10 ` David Hildenbrand
2022-06-18 7:31 ` Miaohe Lin
2022-06-20 7:31 ` Huang, Ying
2022-06-20 12:12 ` Miaohe Lin
2022-06-21 1:35 ` Huang, Ying
2022-06-21 7:37 ` Miaohe Lin [this message]
2022-06-21 7:42 ` Huang, Ying
2022-06-21 8:20 ` Miaohe Lin
2022-06-08 14:40 ` [PATCH v2 2/3] mm/swapfile: fix possible data races of inuse_pages Miaohe Lin
2022-06-20 7:54 ` Huang, Ying
2022-06-20 9:04 ` Miaohe Lin
2022-06-20 9:23 ` Muchun Song
2022-06-20 12:23 ` Miaohe Lin
2022-06-20 12:32 ` Miaohe Lin
2022-06-20 13:46 ` Qian Cai
2022-06-20 14:20 ` Muchun Song
2022-06-20 21:36 ` Qian Cai
2022-06-21 1:14 ` Huang, Ying
2022-06-21 3:39 ` Muchun Song
2022-06-21 6:40 ` Miaohe Lin
2022-06-08 14:40 ` [PATCH v2 3/3] mm/swap: remove swap_cache_info statistics Miaohe Lin
2022-06-08 15:16 ` David Hildenbrand
2022-06-20 8:08 ` Huang, Ying
2022-06-20 9:05 ` Miaohe Lin
2022-06-20 9:30 ` Muchun Song
2022-06-17 2:37 ` [PATCH v2 0/3] A few cleanup and fixup patches for swap Andrew Morton
2022-06-17 3:00 ` Miaohe Lin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=463fe0cd-504a-f887-0201-691bacd9e69d@huawei.com \
--to=linmiaohe@huawei.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox