From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89B5AC43334 for ; Tue, 21 Jun 2022 07:37:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C85698E0002; Tue, 21 Jun 2022 03:37:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C0EA06B007D; Tue, 21 Jun 2022 03:37:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AAE6B8E0002; Tue, 21 Jun 2022 03:37:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 98E776B007B for ; Tue, 21 Jun 2022 03:37:30 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 660B920FB0 for ; Tue, 21 Jun 2022 07:37:30 +0000 (UTC) X-FDA: 79601437860.20.5E9AC43 Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) by imf06.hostedemail.com (Postfix) with ESMTP id 1123B18001F for ; Tue, 21 Jun 2022 07:37:28 +0000 (UTC) Received: from canpemm500002.china.huawei.com (unknown [172.30.72.55]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4LRywS1bWyz1KC5C; Tue, 21 Jun 2022 15:35:20 +0800 (CST) Received: from [10.174.177.76] (10.174.177.76) by canpemm500002.china.huawei.com (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 21 Jun 2022 15:37:25 +0800 Subject: Re: [PATCH v2 1/3] mm/swapfile: make security_vm_enough_memory_mm() work as expected To: "Huang, Ying" CC: , , , References: <20220608144031.829-1-linmiaohe@huawei.com> <20220608144031.829-2-linmiaohe@huawei.com> <87r13jrdst.fsf@yhuang6-desk2.ccr.corp.intel.com> <87letqpzm1.fsf@yhuang6-desk2.ccr.corp.intel.com> From: Miaohe Lin Message-ID: <463fe0cd-504a-f887-0201-691bacd9e69d@huawei.com> Date: Tue, 21 Jun 2022 15:37:25 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <87letqpzm1.fsf@yhuang6-desk2.ccr.corp.intel.com> Content-Type: text/plain; charset="windows-1252" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.177.76] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To canpemm500002.china.huawei.com (7.192.104.244) X-CFilter-Loop: Reflected ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf06.hostedemail.com: domain of linmiaohe@huawei.com designates 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655797050; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q8dxL4AyYrXYsfILscss2NOgwyNd1AQw4B03OK1tVyY=; b=jHqwQctlU15lewmB2DTDN+zbvoXXJwyiCo4fQt29RTEIDF1ZLa3ClZ2D/mlWZEamP3F5J8 uV/241SZ2B3SLJk9FwKfGEjB1HghzGHP1XQTz/8pz/N6GYEwJyXtQbhFM048av0NBUkjOS JptuueLKNlTcEuqrpZfvzXhG7qHDD7Q= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655797050; a=rsa-sha256; cv=none; b=KQb3FpgqJdThMnq3JwX3tj/sDPslKoIF5sziHXSrxaRVcPotXikEjwagQQU91ektP8o/Kx K6U1/st5BZLyM3305adbWqVX4+ZNTDCWbiPV53LDgC0zPeGhM6SZ+ytvUBXp0dVl6ld4zY 5wnaecTmIZzIIFZkd2p+S1wCs8Wwj9g= X-Stat-Signature: uhujuirpdz7dwrtg6zqb6pgbtptrkf33 X-Rspamd-Queue-Id: 1123B18001F X-Rspam-User: Authentication-Results: imf06.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf06.hostedemail.com: domain of linmiaohe@huawei.com designates 45.249.212.255 as permitted sender) smtp.mailfrom=linmiaohe@huawei.com X-Rspamd-Server: rspam10 X-HE-Tag: 1655797048-255673 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2022/6/21 9:35, Huang, Ying wrote: > Miaohe Lin writes: > >> On 2022/6/20 15:31, Huang, Ying wrote: >>> Miaohe Lin writes: >>> >>>> security_vm_enough_memory_mm() checks whether a process has enough memory >>>> to allocate a new virtual mapping. And total_swap_pages is considered as >>>> available memory while swapoff tries to make sure there's enough memory >>>> that can hold the swapped out memory. But total_swap_pages contains the >>>> swap space that is being swapoff. So security_vm_enough_memory_mm() will >>>> success even if there's no memory to hold the swapped out memory because >>>> total_swap_pages always greater than or equal to p->pages. >>> >>> Per my understanding, swapoff will not allocate virtual mapping by >>> itself. But after swapoff, the overcommit limit could be exceeded. >>> security_vm_enough_memory_mm() is used to check that. For example, in a >>> system with 4GB memory and 8GB swap, and 10GB is in use, >>> >>> CommitLimit: 4+8 = 12GB >>> Committed_AS: 10GB >>> >>> security_vm_enough_memory_mm() in swapoff() will fail because >>> 10+8 = 18 > 12. This is expected because after swapoff, the overcommit >>> limit will be exceeded. >>> >>> If 3GB is in use, >>> >>> CommitLimit: 4+8 = 12GB >>> Committed_AS: 3GB >>> >>> security_vm_enough_memory_mm() in swapoff() will succeed because >>> 3+8 = 11 < 12. This is expected because after swapoff, the overcommit >>> limit will not be exceeded. >> >> In OVERCOMMIT_NEVER scene, I think you're right. >> >>> >>> So, what's the real problem of the original implementation? Can you >>> show it with an example as above? >> >> In OVERCOMMIT_GUESS scene, in a system with 4GB memory and 8GB swap, and 10GB is in use, >> pages below is 8GB, totalram_pages() + total_swap_pages is 12GB, so swapoff() will succeed >> instead of expected failure because 8 < 12. The overcommit limit is always *ignored* in the >> below case. >> >> if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) { >> if (pages > totalram_pages() + total_swap_pages) >> goto error; >> return 0; >> } >> >> Or am I miss something? > > Per my understanding, with OVERCOMMIT_GUESS, the number of in-use pages > isn't checked at all. The only restriction is that the size of the > virtual mapping created should be less than total RAM + total swap Do you mean the only restriction is that the size of the virtual mapping *created every time* should be less than total RAM + total swap pages but *total virtual mapping* is not limited in OVERCOMMIT_GUESS scene? If so, the current behavior should be sane and I will drop this patch. Thanks! > pages. Because swapoff() will not create virtual mapping, so it's > expected that security_vm_enough_memory_mm() in swapoff() always > succeeds. > > Best Regards, > Huang, Ying > >> >> Thanks! >> >>> >>>> In order to fix it, p->pages should be retracted from total_swap_pages >>>> first and then check whether there's enough memory for inuse swap pages. >>>> >>>> Signed-off-by: Miaohe Lin >>> >>> [snip] >>> >>> . >>> > > . >