From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BFDDCC433F5 for ; Thu, 3 Mar 2022 09:05:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 277AA8D0002; Thu, 3 Mar 2022 04:05:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1FF598D0001; Thu, 3 Mar 2022 04:05:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0A0A28D0002; Thu, 3 Mar 2022 04:05:49 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0066.hostedemail.com [216.40.44.66]) by kanga.kvack.org (Postfix) with ESMTP id EDC928D0001 for ; Thu, 3 Mar 2022 04:05:48 -0500 (EST) Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id A59129369E for ; Thu, 3 Mar 2022 09:05:48 +0000 (UTC) X-FDA: 79202492376.21.D54CB60 Received: from mail-qt1-f170.google.com (mail-qt1-f170.google.com [209.85.160.170]) by imf29.hostedemail.com (Postfix) with ESMTP id 25165120017 for ; Thu, 3 Mar 2022 09:05:48 +0000 (UTC) Received: by mail-qt1-f170.google.com with SMTP id s15so4018004qtk.10 for ; Thu, 03 Mar 2022 01:05:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eQHLw8Ru5kLYCIL9yWgjZohvip//HVgKRsBfoCA5L4Y=; b=VvG18cLnXBVTJn6FAGx+cfTDrsPu0l6wLcC2cYdttRQXSq27PGBHx/zHl0o1MiGhAG gMZDTTa03aotV9Mg/qlQowPwXYRP/emrwLI5QyFyGFNMwgqEjR4o/US9Vq7lpHrprTnH WnThgzF/f8ZhEA28eZ6duiiUwJ8DAumlobDcLQ8zlQeYgmwX+5SW51gO5H4PZJYL4ZwJ hlZxRcs9iiU8FXFFkHTbKwEROlPWVFRbPBMbU5E41seEruWrzM8TA/u4WLCmL2sLWpkQ KUYANzpHV0ihwjYMVF++Edw8ALQdq48KGQlmLHrRymd+GjhRwDdGL+X2OsxfziR6dSMR r/sA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eQHLw8Ru5kLYCIL9yWgjZohvip//HVgKRsBfoCA5L4Y=; b=L7ssUAYOB3n9kkXOrpx1g7oIgZMxeUKXhA9TPZBn9FX2R8AggMWt8wTy2Gcf0+9u7d D7go+QmXnz6Gu6shx10mulNlmns37Dr4Bp++3HXppSLFObYE+mgwJjEkFhOi0uXSwz0E E07YVAHOf5VRR9tEelQdWU1lVhPwbTPq33jsh1QDlZBIlkvp4guVVNKCiBFiJj1jX+en /iD6/YoILTccyy1Lnyf5SJTNgKm11p0iq0RasPYfJpvtGYzFXC4LoJT4KxnOh0qgWAQe aQfsyzHOZk7k1Rcc15jI6ryq5AADqN9nRlgMuy1ZD6H8/lLX5jnCEBPao+wiUIeB62xf iCcg== X-Gm-Message-State: AOAM533zPKtY5TIEcic0hsoMW1/kBrj5exKhwa+kXCxG8h+LEAfimkv1 +qz9H14JCUCCG0Vcc68ZuyS+SGJS8MMygBKVS/YWMw== X-Google-Smtp-Source: ABdhPJz+PA0AhML0uMZbFv8V6elh7bhJTt0GdrUnZvZ1gQ5tDXQHvuQTbp4ycXvqDAyAsZPRvDYTIr0W7oGyRrWF4Ak= X-Received: by 2002:a05:622a:18a6:b0:2dd:2c5b:ca00 with SMTP id v38-20020a05622a18a600b002dd2c5bca00mr26538672qtc.549.1646298347233; Thu, 03 Mar 2022 01:05:47 -0800 (PST) MIME-Version: 1.0 References: <20220303031505.28495-1-dtcccc@linux.alibaba.com> In-Reply-To: <20220303031505.28495-1-dtcccc@linux.alibaba.com> From: Alexander Potapenko Date: Thu, 3 Mar 2022 10:05:10 +0100 Message-ID: Subject: Re: [RFC PATCH 0/2] Alloc kfence_pool after system startup To: Tianchen Ding Cc: Marco Elver , Dmitry Vyukov , Andrew Morton , kasan-dev , Linux Memory Management List , LKML Content-Type: multipart/alternative; boundary="0000000000002ef18e05d94cb460" X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 25165120017 X-Rspam-User: Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=VvG18cLn; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf29.hostedemail.com: domain of glider@google.com designates 209.85.160.170 as permitted sender) smtp.mailfrom=glider@google.com X-Stat-Signature: d889qjkdm7xgithkpejbs1z63pcp3xre X-HE-Tag: 1646298348-968811 X-Bogosity: Ham, tests=bogofilter, spamicity=0.186729, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --0000000000002ef18e05d94cb460 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Mar 3, 2022 at 4:15 AM Tianchen Ding wrote: > KFENCE aims at production environments, but it does not allow enabling > after system startup because kfence_pool only alloc pages from memblock. > Consider the following production scene: > At first, for performance considerations, production machines do not > enable KFENCE. > What are the performance considerations you have in mind? Are you running KFENCE with a very aggressive sampling rate? However, after running for a while, the kernel is suspected to have > memory errors. (e.g., a sibling machine crashed.) > I have doubts regarding this setup. It might be faster (although one can tune KFENCE to have nearly zero performance impact), but is harder to maintain. It will also catch fewer errors than if you just had KFENCE on from the very beginning: - sibling machines may behave differently, and a certain bug may only occur once - in that case the secondary instances won't notice it, even with KFENCE; - KFENCE also catches non-lethal corruptions (e.g. OOB reads), which may stay under radar for a very long time. > So other production machines need to enable KFENCE, but it's hard for > them to reboot. > > The 1st patch allows re-enabling KFENCE if the pool is already > allocated from memblock. > > The 2nd patch applies the main part. > > Tianchen Ding (2): > kfence: Allow re-enabling KFENCE after system startup > kfence: Alloc kfence_pool after system startup > > mm/kfence/core.c | 106 ++++++++++++++++++++++++++++++++++++++--------- > 1 file changed, 87 insertions(+), 19 deletions(-) > > -- > 2.27.0 > > --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Falls Sie diese f=C3=A4lschlicherweise erhalt= en haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, l=C3=B6schen Sie alle Kopien und Anh=C3=A4nge davon und lassen Sie mich bit= te wissen, dass die E-Mail an die falsche Person gesendet wurde. This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person. --0000000000002ef18e05d94cb460 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, Mar 3, 2022 at 4:15 AM Tianch= en Ding <dtcccc@linux.alibab= a.com> wrote:
KFENCE aims at production environments, but it does not allow enabling=
after system startup because kfence_pool only alloc pages from memblock. Consider the following production scene:
At first, for performance considerations, production machines do not
enable KFENCE.
What are the performance considerations= you have in mind? Are you running KFENCE with a very aggressive sampling r= ate?

However, after running for a while, the kernel is suspected to have
memory errors. (e.g., a sibling machine crashed.)
I ha= ve doubts regarding this setup. It might be faster (although one can tune K= FENCE to have nearly zero performance impact), but is harder to maintain.
It will also catch fewer errors than if you just had KFENCE on fro= m the very beginning:
=C2=A0- sibling machines may behave differe= ntly, and a certain bug may only occur once - in that case the secondary in= stances won't notice it, even with KFENCE;
=C2=A0- KFENCE als= o catches non-lethal corruptions (e.g. OOB reads), which may stay under rad= ar for a very long time.
=C2=A0
So other production machines need to enable KFENCE, but it's hard for them to reboot.

The 1st patch allows re-enabling KFENCE if the pool is already
allocated from memblock.

The 2nd patch applies the main part.

Tianchen Ding (2):
=C2=A0 kfence: Allow re-enabling KFENCE after system startup
=C2=A0 kfence: Alloc kfence_pool after system startup

=C2=A0mm/kfence/core.c | 106 ++++++++++++++++++++++++++++++++++++++--------= -
=C2=A01 file changed, 87 insertions(+), 19 deletions(-)

--
2.27.0



--
Alexander Potapenko
Software= Engineer

Google Germany GmbH
Erika-Mann-Stra=C3=9Fe, 33
80636= M=C3=BCnchen

Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebasti= an
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellsch= aft: Hamburg

Diese E-Mail ist vertraulich. Falls Sie diese f=C3=A4ls= chlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jeman= d anderes weiter, l=C3=B6schen Sie alle Kopien und Anh=C3=A4nge davon und l= assen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet= wurde.

=C2=A0 =C2=A0 =C2=A0

This e-mail is confidential. If= you received this communication by mistake, please don't forward it to= anyone else, please erase all copies and attachments, and please let me kn= ow that it has gone to the wrong person.
--0000000000002ef18e05d94cb460--