From: Barry Song <21cnbao@gmail.com>
To: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>,
Linus Torvalds <torvalds@linux-foundation.org>,
David Hildenbrand <david@redhat.com>,
Yafang Shao <laoar.shao@gmail.com>,
akpm@linux-foundation.org, linux-mm@kvack.org,
42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com,
hch@infradead.org, iamjoonsoo.kim@lge.com, penberg@kernel.org,
rientjes@google.com, roman.gushchin@linux.dev, urezki@gmail.com,
v-songbaohua@oppo.com, virtualization@lists.linux.dev,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>
Subject: Re: [PATCH v3 0/4] mm: clarify nofail memory allocation
Date: Fri, 30 Aug 2024 09:27:45 +1200 [thread overview]
Message-ID: <CAGsJ_4wZiE08XDjNAPENwH=KQEzdm2FB_bMDi0b7PJx+e7ydrA@mail.gmail.com> (raw)
In-Reply-To: <ZtB1lLljEk9PVkU7@tiehlicka>
On Fri, Aug 30, 2024 at 1:20 AM Michal Hocko <mhocko@suse.com> wrote:
>
> On Thu 29-08-24 23:53:33, Barry Song wrote:
> > On Thu, Aug 29, 2024 at 10:24 PM Vlastimil Babka <vbabka@suse.cz> wrote:
> > >
> > > On 8/27/24 09:50, Barry Song wrote:
> > > > On Tue, Aug 27, 2024 at 7:38 PM Vlastimil Babka <vbabka@suse.cz> wrote:
> > > >>
> > > >>
> > > >> Ugh, wasn't aware, well spotted. So it means there at least shouldn't be
> > > >> existing users of __GFP_NOFAIL with order > 1 :)
> > > >>
> > > >> But also the check is in the hotpath, even before trying the pcplists, so we
> > > >> could move it to __alloc_pages_slowpath() while extending it?
> > > >
> > > > Agreed. I don't think it is reasonable to check the order and flags in
> > > > two different places especially rmqueue() has already had
> > > > gfp_flags & __GFP_NOFAIL operation and order > 1
> > > > overhead.
> > > >
> > > > We can at least extend the current check to make some improvement
> > > > though I still believe Michal's suggestion of implementing OOPS_ON is a
> > > > better approach to pursue, as it doesn't crash the entire system
> > > > while ensuring the problematic process is terminated.
> > >
> > > Linus made clear it's not a mm concern. If e.g. hardening people want to
> > > pursuit that instead, they can.
> > >
> > > BTW I think BUG_ON already works like this, if possible only the calling
> > > process is terminated. panic happens in case of being in a irq context, or
> >
> > you are right. This is a detail I overlooked in the last discussion.
> > BUG_ON has already been exactly the case to only terminate the bad
> > process if it can
> > (panic_on_oops=N and not in irq context).
>
> Are you sure about that? Maybe x86 implementation treats BUG as oops but
> is this what that does on all arches? BUG() has historically meant stop
> everything and die and I am not really sure when that would have
> changed TBH.
My ARM64 machine also only terminates the bad process by BUG_ON()
if we are not in irq and we don't set panic_on_oops.
I guess it depends on HAVE_ARCH_BUG? if arch has no BUG(), BUG()
will be just a panic ?
#ifndef HAVE_ARCH_BUG
#define BUG() do { \
printk("BUG: failure at %s:%d/%s()!\n", __FILE__, __LINE__, __func__); \
barrier_before_unreachable(); \
panic("BUG!"); \
} while (0)
#endif
I assume it is equally difficult to implement OOPS_ON() if arch lacks
HAVE_ARCH_BUG ?
"grep" shows the most mainstream archs have their own HAVE_ARCH_BUG:
$ git grep HAVE_ARCH_BUG
arch/alpha/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/arc/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/arm/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/arm64/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/csky/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/loongarch/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/m68k/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/mips/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/mips/include/asm/bug.h:#define HAVE_ARCH_BUG_ON
arch/parisc/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/powerpc/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/powerpc/include/asm/bug.h:#define HAVE_ARCH_BUG_ON
arch/riscv/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/s390/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/sh/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/sparc/include/asm/bug.h:#define HAVE_ARCH_BUG
arch/x86/include/asm/bug.h:#define HAVE_ARCH_BUG
>
> > > due to panic_on_oops. Which the security people are setting to 1 anyway and
> > > OOPS_ON would have to observe it too. So AFAICS the only difference from
> > > BUG_ON would be not panic in the irq context, if panic_on_oops isn't set.
> >
> > right.
> >
> > > (as for "no mm locks held" I think it's already satisfied at the points we
> > > check for __GFP_NOFAIL).
> >
> > Let me summarize the discussion:
> >
> > Patch 1/4, which fixes the misuse of combining gfp_nofail and atomic
> > in vdpa driver, is necessary.
> > Patch 2/4, which updates the documentation to clarify that
> > non-blockable gfp_nofail is not
> > supported, is needed.
>
> Let's please have those merged now.
>
> > Patch 3/4: We will replace BUG_ON with WARN_ON_ONCE to warn when the
> > size is too large,
> > where gfp_nofail will return NULL.
>
>
> I would pull this one out for a separate discussion. We should really
> define what the too large really means and INT_MAX etc. is not it at
> all.
make sense.
>
> > Patch 4/4: We will move the order > 1 check from the current fast path
> > to the slow path and extend
> > the check of gfp_direct_reclaim flag also in the slow path.
>
> OK, let's have that go in now as well.
>
> --
> Michal Hocko
> SUSE Labs
Thanks
Barry
next prev parent reply other threads:[~2024-08-29 21:28 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-17 6:24 Barry Song
2024-08-17 6:24 ` [PATCH v3 1/4] vduse: avoid using __GFP_NOFAIL Barry Song
2024-08-17 6:24 ` [PATCH v3 2/4] mm: document __GFP_NOFAIL must be blockable Barry Song
2024-08-17 6:24 ` [PATCH v3 3/4] mm: BUG_ON to avoid NULL deference while __GFP_NOFAIL fails Barry Song
2024-08-19 9:43 ` David Hildenbrand
2024-08-19 9:47 ` Barry Song
2024-08-19 9:55 ` David Hildenbrand
2024-08-19 10:02 ` Barry Song
2024-08-19 12:33 ` David Hildenbrand
2024-08-19 12:48 ` Barry Song
2024-08-19 12:49 ` David Hildenbrand
2024-08-19 17:12 ` Michal Hocko
2024-08-19 17:17 ` Linus Torvalds
2024-08-19 20:24 ` David Hildenbrand
2024-08-19 20:35 ` Linus Torvalds
2024-08-19 21:57 ` David Hildenbrand
2024-08-19 22:13 ` Linus Torvalds
2024-08-20 6:17 ` Michal Hocko
2024-08-19 12:49 ` Christoph Hellwig
2024-08-19 12:51 ` David Hildenbrand
2024-08-19 12:53 ` Christoph Hellwig
2024-08-19 13:14 ` David Hildenbrand
2024-08-19 13:05 ` Barry Song
2024-08-19 13:10 ` David Hildenbrand
2024-08-19 13:19 ` Barry Song
2024-08-19 13:22 ` David Hildenbrand
2024-08-17 6:24 ` [PATCH v3 4/4] mm: prohibit NULL deference exposed for unsupported non-blockable __GFP_NOFAIL Barry Song
2024-08-18 2:55 ` Yafang Shao
2024-08-18 3:48 ` Barry Song
2024-08-18 5:51 ` Yafang Shao
2024-08-18 6:27 ` Barry Song
2024-08-18 6:45 ` Barry Song
2024-08-18 7:07 ` Yafang Shao
2024-08-18 7:25 ` Barry Song
2024-08-19 7:51 ` Michal Hocko
2024-08-19 7:50 ` Michal Hocko
2024-08-19 9:25 ` Yafang Shao
2024-08-19 9:39 ` Barry Song
2024-08-19 9:45 ` Yafang Shao
2024-08-19 10:10 ` Barry Song
2024-08-19 11:56 ` Yafang Shao
2024-08-19 12:09 ` Michal Hocko
2024-08-19 12:17 ` Yafang Shao
2024-08-19 14:01 ` Michal Hocko
2024-08-19 10:17 ` Michal Hocko
2024-08-19 11:56 ` Yafang Shao
2024-08-19 12:04 ` Michal Hocko
2024-08-19 9:44 ` David Hildenbrand
2024-08-19 10:19 ` Michal Hocko
2024-08-19 12:48 ` David Hildenbrand
2024-08-19 13:02 ` [PATCH v3 0/4] mm: clarify nofail memory allocation David Hildenbrand
2024-08-19 16:05 ` Linus Torvalds
2024-08-19 19:23 ` Barry Song
2024-08-19 19:33 ` Linus Torvalds
2024-08-19 21:48 ` Barry Song
2024-08-20 6:24 ` Michal Hocko
2024-08-21 12:40 ` Yafang Shao
2024-08-21 22:59 ` Linus Torvalds
2024-08-22 6:21 ` Michal Hocko
2024-08-22 6:40 ` Linus Torvalds
2024-08-22 6:56 ` Linus Torvalds
2024-08-22 7:47 ` Michal Hocko
2024-08-22 7:57 ` Barry Song
2024-08-22 8:24 ` Michal Hocko
2024-08-22 8:39 ` David Hildenbrand
2024-08-22 9:08 ` Linus Torvalds
2024-08-22 9:16 ` Michal Hocko
2024-08-22 9:24 ` Linus Torvalds
2024-08-22 9:11 ` Michal Hocko
2024-08-22 9:18 ` Linus Torvalds
2024-08-22 9:33 ` Michal Hocko
2024-08-22 9:44 ` Linus Torvalds
2024-08-22 9:59 ` Michal Hocko
2024-08-22 10:30 ` Linus Torvalds
2024-08-22 10:46 ` Michal Hocko
2024-08-22 9:27 ` David Hildenbrand
2024-08-22 9:34 ` Linus Torvalds
2024-08-22 9:43 ` David Hildenbrand
2024-08-22 9:53 ` Linus Torvalds
2024-08-22 11:58 ` Johannes Weiner
2024-08-26 12:10 ` Vlastimil Babka
2024-08-27 6:57 ` Linus Torvalds
2024-08-27 7:15 ` Barry Song
2024-08-27 7:38 ` Vlastimil Babka
2024-08-27 7:50 ` Barry Song
2024-08-29 10:24 ` Vlastimil Babka
2024-08-29 11:53 ` Barry Song
2024-08-29 13:20 ` Michal Hocko
2024-08-29 21:27 ` Barry Song [this message]
2024-08-29 22:31 ` Barry Song
2024-08-30 7:24 ` Michal Hocko
2024-08-30 7:37 ` Vlastimil Babka
2024-08-22 9:41 ` Michal Hocko
2024-08-22 9:42 ` David Hildenbrand
2024-08-22 7:01 ` Gao Xiang
2024-08-22 7:54 ` Michal Hocko
2024-08-22 8:04 ` Gao Xiang
2024-08-22 14:35 ` Yafang Shao
2024-08-22 15:02 ` Gao Xiang
2024-08-22 6:37 ` Barry Song
2024-08-22 14:22 ` Yafang Shao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGsJ_4wZiE08XDjNAPENwH=KQEzdm2FB_bMDi0b7PJx+e7ydrA@mail.gmail.com' \
--to=21cnbao@gmail.com \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=david@redhat.com \
--cc=hailong.liu@oppo.com \
--cc=hch@infradead.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=laoar.shao@gmail.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=torvalds@linux-foundation.org \
--cc=urezki@gmail.com \
--cc=v-songbaohua@oppo.com \
--cc=vbabka@suse.cz \
--cc=virtualization@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox