From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB093C43334 for ; Tue, 21 Jun 2022 07:43:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2EA308E0001; Tue, 21 Jun 2022 03:43:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 29A1C6B007D; Tue, 21 Jun 2022 03:43:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 18F746B0072; Tue, 21 Jun 2022 03:43:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 089F16B0072 for ; Tue, 21 Jun 2022 03:43:06 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id C4F10206E4 for ; Tue, 21 Jun 2022 07:43:05 +0000 (UTC) X-FDA: 79601451930.20.264E673 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by imf28.hostedemail.com (Postfix) with ESMTP id B34ADC00B2 for ; Tue, 21 Jun 2022 07:43:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655797383; x=1687333383; h=from:to:cc:subject:references:date:in-reply-to: message-id:mime-version; bh=8DX6CzI2HQrN8SkpJ6T0Nf+sXlM1pgRiQumruJPH9mA=; b=Bt64cBB2lnB9J8SOfEdFDZ8Tx8fjErtpu2i9w2M7DeLzxgdLtn3Se2zO 7YFvEycZR5W/8S6+j93TpxbrZVFy8nUFMUGyH4KUYMaz1Qo4cdARO/6m7 eQkzDaNg7YFsCZW6ixhDLATPDXFB4P8xXWx1meRrdra+GrIuEzWHn/5eK oinIhJbGzpB2J/6q9GkgNXuURL7nuWXKEgVGeuu2R+ZfxK/cOaCv0pOy9 zVLtJqZRhMh0+KsLet9+SK/CdgIqerZUgokHuEcOEwmqjupPH2v1uAeId R/O5OckEInMI3ytYI03aNZNNRGPDo1lK7gqoOPIfk2bxbSry8R/9eeFje g==; X-IronPort-AV: E=McAfee;i="6400,9594,10384"; a="278823933" X-IronPort-AV: E=Sophos;i="5.92,209,1650956400"; d="scan'208";a="278823933" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jun 2022 00:43:00 -0700 X-IronPort-AV: E=Sophos;i="5.92,209,1650956400"; d="scan'208";a="833455551" Received: from yhuang6-desk2.sh.intel.com (HELO yhuang6-desk2.ccr.corp.intel.com) ([10.239.13.94]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jun 2022 00:42:59 -0700 From: "Huang, Ying" To: Miaohe Lin Cc: , , , Subject: Re: [PATCH v2 1/3] mm/swapfile: make security_vm_enough_memory_mm() work as expected References: <20220608144031.829-1-linmiaohe@huawei.com> <20220608144031.829-2-linmiaohe@huawei.com> <87r13jrdst.fsf@yhuang6-desk2.ccr.corp.intel.com> <87letqpzm1.fsf@yhuang6-desk2.ccr.corp.intel.com> <463fe0cd-504a-f887-0201-691bacd9e69d@huawei.com> Date: Tue, 21 Jun 2022 15:42:27 +0800 In-Reply-To: <463fe0cd-504a-f887-0201-691bacd9e69d@huawei.com> (Miaohe Lin's message of "Tue, 21 Jun 2022 15:37:25 +0800") Message-ID: <87pmj2ea3g.fsf@yhuang6-desk2.ccr.corp.intel.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=ascii ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655797385; a=rsa-sha256; cv=none; b=oEDyFZS1R/7hRfA2NTbw1xxVP3gDxKHh2mwtDSFwSKqOFcGEbyHBylFN0exRC8kotevQMM HfVJLKteJ82uSW6Scl6yUClMElpNWzwt8VKUfvuQuJzW/U5+Ua1PrUiMlhWDsZW9bDyEWX G/5QtdPnOcAkQgLxPf7ZOh+tIGkLGSM= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Bt64cBB2; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf28.hostedemail.com: domain of ying.huang@intel.com has no SPF policy when checking 192.55.52.120) smtp.mailfrom=ying.huang@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655797385; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cV9moWyzfNieJUts4oo25I6Dg+LXq8p6v9L09RLdy7s=; b=xgEczY2rcbSuMV2k27eZsKqwI7gUBt6LRj9K6fmv8PymKnz4p5OijZlcrQyNvh4S+aRwsv laHpAIMZB3ZPPJfrVn1g1o2CDUTI7intZjNS/VQ1DeWokFSxZeFxcoE+/H6gcAoEW5QiZg 0S3pFx0TzRj53OHwjKF/laDM7imyiIQ= X-Rspamd-Queue-Id: B34ADC00B2 X-Rspam-User: Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Bt64cBB2; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf28.hostedemail.com: domain of ying.huang@intel.com has no SPF policy when checking 192.55.52.120) smtp.mailfrom=ying.huang@intel.com X-Rspamd-Server: rspam06 X-Stat-Signature: 1tdnwk6omdyhns5r1timg7nwn5b4am3r X-HE-Tag: 1655797383-33429 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Miaohe Lin writes: > On 2022/6/21 9:35, Huang, Ying wrote: >> Miaohe Lin writes: >> >>> On 2022/6/20 15:31, Huang, Ying wrote: >>>> Miaohe Lin writes: >>>> >>>>> security_vm_enough_memory_mm() checks whether a process has enough memory >>>>> to allocate a new virtual mapping. And total_swap_pages is considered as >>>>> available memory while swapoff tries to make sure there's enough memory >>>>> that can hold the swapped out memory. But total_swap_pages contains the >>>>> swap space that is being swapoff. So security_vm_enough_memory_mm() will >>>>> success even if there's no memory to hold the swapped out memory because >>>>> total_swap_pages always greater than or equal to p->pages. >>>> >>>> Per my understanding, swapoff will not allocate virtual mapping by >>>> itself. But after swapoff, the overcommit limit could be exceeded. >>>> security_vm_enough_memory_mm() is used to check that. For example, in a >>>> system with 4GB memory and 8GB swap, and 10GB is in use, >>>> >>>> CommitLimit: 4+8 = 12GB >>>> Committed_AS: 10GB >>>> >>>> security_vm_enough_memory_mm() in swapoff() will fail because >>>> 10+8 = 18 > 12. This is expected because after swapoff, the overcommit >>>> limit will be exceeded. >>>> >>>> If 3GB is in use, >>>> >>>> CommitLimit: 4+8 = 12GB >>>> Committed_AS: 3GB >>>> >>>> security_vm_enough_memory_mm() in swapoff() will succeed because >>>> 3+8 = 11 < 12. This is expected because after swapoff, the overcommit >>>> limit will not be exceeded. >>> >>> In OVERCOMMIT_NEVER scene, I think you're right. >>> >>>> >>>> So, what's the real problem of the original implementation? Can you >>>> show it with an example as above? >>> >>> In OVERCOMMIT_GUESS scene, in a system with 4GB memory and 8GB swap, and 10GB is in use, >>> pages below is 8GB, totalram_pages() + total_swap_pages is 12GB, so swapoff() will succeed >>> instead of expected failure because 8 < 12. The overcommit limit is always *ignored* in the >>> below case. >>> >>> if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) { >>> if (pages > totalram_pages() + total_swap_pages) >>> goto error; >>> return 0; >>> } >>> >>> Or am I miss something? >> >> Per my understanding, with OVERCOMMIT_GUESS, the number of in-use pages >> isn't checked at all. The only restriction is that the size of the >> virtual mapping created should be less than total RAM + total swap > > Do you mean the only restriction is that the size of the virtual mapping > *created every time* should be less than total RAM + total swap pages but > *total virtual mapping* is not limited in OVERCOMMIT_GUESS scene? If so, > the current behavior should be sane and I will drop this patch. Yes. This is my understanding. Best Regards, Huang, Ying > Thanks! > >> pages. Because swapoff() will not create virtual mapping, so it's >> expected that security_vm_enough_memory_mm() in swapoff() always >> succeeds. >> >> Best Regards, >> Huang, Ying >> >>> >>> Thanks! >>> >>>> >>>>> In order to fix it, p->pages should be retracted from total_swap_pages >>>>> first and then check whether there's enough memory for inuse swap pages. >>>>> >>>>> Signed-off-by: Miaohe Lin >>>> >>>> [snip] >>>> >>>> . >>>> >> >> . >>