From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66DECC433FE for ; Mon, 21 Mar 2022 22:45:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8FB1B6B0072; Mon, 21 Mar 2022 18:45:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 883C16B0073; Mon, 21 Mar 2022 18:45:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F9886B0074; Mon, 21 Mar 2022 18:45:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0044.hostedemail.com [216.40.44.44]) by kanga.kvack.org (Postfix) with ESMTP id 5AEA06B0072 for ; Mon, 21 Mar 2022 18:45:43 -0400 (EDT) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 16E83A0A0B for ; Mon, 21 Mar 2022 22:45:43 +0000 (UTC) X-FDA: 79269876966.22.43B66B1 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf11.hostedemail.com (Postfix) with ESMTP id 802DB40005 for ; Mon, 21 Mar 2022 22:45:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647902741; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EacfxnkX9Tda5ZqPqX8sw6gxpx1DWpcPyhYrvwZcwlU=; b=f1tUEisi7PeDvQv/2srrTc7duluto8RercQTC54qAWMDmb/uNuWGxdpBqlhYt+/+IpRoaV 0yHrU5tQUFgvExHK9Is9o1hUs/v2o116q2WhADOkViYJ7sVbvKP5mcXZ2u/V2A/moAPMQN qAjAkrsG2J3zhISxQ0NHlCnJluqEq18= Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-460-NTBKxCE4MZahFj0DCJtcWw-1; Mon, 21 Mar 2022 18:45:40 -0400 X-MC-Unique: NTBKxCE4MZahFj0DCJtcWw-1 Received: by mail-io1-f71.google.com with SMTP id i19-20020a5d9353000000b006495ab76af6so8416964ioo.0 for ; Mon, 21 Mar 2022 15:45:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=EacfxnkX9Tda5ZqPqX8sw6gxpx1DWpcPyhYrvwZcwlU=; b=HcGOoY1YgJ0nBsS+AspI5ZDOKuDcK5GKpT7U1xdqMkGdVE/X4RJx9s3ieiyqrair5h u+nPpKg/BNbj9ImkElWIYJnWobBA8b9GPKkbTIqc+aEEHWtnBvqCF6Gn4gHeenrJNZYG mtlhjY1gMTuuYJJvsXlOj0f1vqRPsD5E57X7CuyrRdT6/fA8ZJzg7JKDxjmB7mHy1Pxz f6Erk3SVTyQng1Lsrake3eG9Sck/HLlvjswypy3fiidRZ4eBAPAigDT4QYJFAOnRIuVS d0UZBqfeYdbMXTm6swkSLOQZ36SMiHgslnFcWMOUWDtpQOytvnrnrMj5FCdFjNwFThbP MQzw== X-Gm-Message-State: AOAM531znk/FVJLZCjH7STaE3AwPqawva7Ok5vs7Swsv2+sifqYvyOMs fZ052kvBy5mAm9shXNC6Ak3Doa9vQVpouoj8cE1I/8zRLZPyBcmABrrcVLkMyNTYh0Tjq87umGb Mk8ScMk6dwVE= X-Received: by 2002:a05:6638:13c9:b0:317:c419:d89f with SMTP id i9-20020a05663813c900b00317c419d89fmr10887659jaj.190.1647902739964; Mon, 21 Mar 2022 15:45:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw9v+YQKtNMlmmbkRLQ9Mh/8d2VVK6NtoHwO1dk2TRXjXzbtyNd6Op/CViXq1noVFi/pnFKQg== X-Received: by 2002:a05:6638:13c9:b0:317:c419:d89f with SMTP id i9-20020a05663813c900b00317c419d89fmr10887649jaj.190.1647902739700; Mon, 21 Mar 2022 15:45:39 -0700 (PDT) Received: from [10.0.0.250] (c-24-9-153-244.hsd1.co.comcast.net. [24.9.153.244]) by smtp.gmail.com with ESMTPSA id g6-20020a056e021a2600b002c826fcf141sm2748404ile.48.2022.03.21.15.45.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 21 Mar 2022 15:45:39 -0700 (PDT) Message-ID: <9fb05fa3-4474-5a49-9f1c-67c31bf96c94@redhat.com> Date: Mon, 21 Mar 2022 16:45:37 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH v5] mm/oom_kill.c: futex: Close a race between do_exit and the oom_reaper To: Michal Hocko Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Rafael Aquini , Waiman Long , Baoquan He , Christoph von Recklinghausen , Don Dutile , "Herton R . Krzesinski" , Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Darren Hart , Davidlohr Bueso , Andre Almeida , David Rientjes , Andrea Arcangeli , Andrew Morton , Joel Savitz References: <20220318033621.626006-1-npache@redhat.com> From: Nico Pache In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Queue-Id: 802DB40005 X-Stat-Signature: fshbyef44nmzefij4fa8ycb7h6edyi4g Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=f1tUEisi; dmarc=pass (policy=none) header.from=redhat.com; spf=none (imf11.hostedemail.com: domain of npache@redhat.com has no SPF policy when checking 170.10.133.124) smtp.mailfrom=npache@redhat.com X-Rspamd-Server: rspam01 X-HE-Tag: 1647902742-315553 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 3/21/22 02:55, Michal Hocko wrote: > On Thu 17-03-22 21:36:21, Nico Pache wrote: >> The pthread struct is allocated on PRIVATE|ANONYMOUS memory [1] which can >> be targeted by the oom reaper. This mapping is used to store the futex >> robust list; the kernel does not keep a copy of the robust list and instead >> references a userspace address to maintain the robustness during a process >> death. A race can occur between exit_mm and the oom reaper that allows >> the oom reaper to free the memory of the futex robust list before the >> exit path has handled the futex death: >> >> CPU1 CPU2 >> ------------------------------------------------------------------------ >> page_fault >> out_of_memory >> do_exit "signal" >> wake_oom_reaper >> oom_reaper >> oom_reap_task_mm (invalidates mm) >> exit_mm >> exit_mm_release >> futex_exit_release >> futex_cleanup >> exit_robust_list >> get_user (EFAULT- can't access memory) > > I still think it is useful to be explicit about the consequences of the > EFAULT here. Did you want to mention that a failing get_user in this > path would result in a hang because nobody is woken up when the current > holder of the lock terminates. Sounds good! You make a good point-- We had that in all the other versions, but I forgot to include it in this commit log. > >> While in the oom reaper thread, we must handle the futex cleanup without >> sleeping. To achieve this, add the boolean `try` to futex_exit_begin(). >> This will control weather or not we use a trylock. Also introduce >> try_futex_exit_release() which will utilize the trylock version of the >> futex_cleanup_begin(). Also call kthread_use_mm in this context to assure >> the get_user call in futex_cleanup() does not return with EFAULT. > > This alone is not sufficient. get_user can sleep in the #PF handler path > (e.g. by waiting for swap in). Or is there any guarantee that the page > is never swapped out? If we cannot rule out #PF then this is not a > viable way to address the problem I am afraid.> > Please also note that this all is done after mmap_lock has been already > taken so a page fault could deadlock on the mmap_lock. > I don't think we can guarantee that page is not swapped out. Good catch, I was concerned when I saw the 'might_fault' in get_user, but I wasn't fully sure of its consequences. I'm still learning the labyrinth that is the MM space, so thanks for the context! > The more I am thinking about this the more I am getting convinced that > we should rather approach this differently and skip over vmas which can > be holding the list. Have you considered this option? We've discussed it and it seems very doable, but we haven't attempted to implement it yet. I'll give it a shot and see what I can come up with! Thank you for your feedback and reviews :) -- Nico