From: Michal Hocko <mhocko@suse.com>
To: David Hildenbrand <david@redhat.com>
Cc: Charan Teja Kalla <quic_charante@quicinc.com>,
akpm@linux-foundation.org, pasha.tatashin@soleen.com,
sjpark@amazon.de, sieberf@amazon.com, shakeelb@google.com,
dhowells@redhat.com, willy@infradead.org, vbabka@suse.cz,
minchan@kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>
Subject: Re: [PATCH] mm: fix use-after free of page_ext after race with memory-offline
Date: Tue, 19 Jul 2022 17:37:14 +0200 [thread overview]
Message-ID: <YtbPqrNtlr72+qx9@dhcp22.suse.cz> (raw)
In-Reply-To: <6fa6b7aa-731e-891c-3efb-a03d6a700efa@redhat.com>
On Tue 19-07-22 17:19:34, David Hildenbrand wrote:
> On 18.07.22 16:54, Michal Hocko wrote:
> > On Mon 18-07-22 19:28:13, Charan Teja Kalla wrote:
[...]
> >>> 3) Change the design where the page_ext is valid as long as the struct
> >>> page is alive.
> >>
> >> :/ Doesn't spark joy."
> >
> > I would be wondering why. It should only take to move the callback to
> > happen at hotremove. So it shouldn't be very involved of a change. I can
> > imagine somebody would be relying on releasing resources when offlining
> > memory but is that really the case?
>
> Various reasons:
>
> 1) There was a discussion in the past to eventually also use rcu
> protection for handling pdn_to_online_page(). So doing it cleanly here
> is certainly an improvement.
Call me skeptical on that.
> 2) I really dislike having to scatter section online checks all over the
> place in page ext code. Once there is a difference between active vs.
> stale page ext data things get a bit messy and error prone. This is
> already ugly enough in our generic memmap handling code IMHO.
They should represent a free page in any case so even they are stall
they shouldn't be really dangerous, right?
> 3) Having on-demand allocations, such as KASAN or page ext from the
> memory online notifier is at least currently cleaner, because we don't
> have to handle each and every subsystem that hooks into that during the
> core memory hotadd/remove phase, which primarily only setups the
> vmemmap, direct map and memory block devices.
Cannot this hook into __add_pages which is the real implementation of
the arch independent way to allocate vmemmap. Or at the sparsemem level
because we do not (and very likely won't) support memory hotplug on
any other memory model.
> Personally, I think what we have in this patch is quite nice and clean.
> But I won't object if it can be similarly done in a clean way from
> hot(un)plug code.
Well, if the scheme can be done without synchronize_rcu for each section
which can backfire and if the scheme doesn't add too much complexity to
achieve that then sure I won't object. I just do not get why page_ext
should have a different allocation lifetime expectancy than a real page.
Quite confusing if you ask me.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2022-07-19 15:37 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 14:47 Charan Teja Kalla
2022-07-15 1:04 ` Andrew Morton
2022-07-15 12:32 ` Charan Teja Kalla
2022-07-18 6:11 ` Pavan Kondeti
2022-07-18 13:15 ` Charan Teja Kalla
2022-07-18 11:50 ` Michal Hocko
2022-07-18 13:58 ` Charan Teja Kalla
2022-07-18 14:54 ` Michal Hocko
2022-07-19 15:12 ` Charan Teja Kalla
2022-07-19 15:43 ` Michal Hocko
2022-07-19 15:54 ` David Hildenbrand
2022-07-20 15:08 ` Charan Teja Kalla
2022-07-20 15:22 ` Michal Hocko
2022-07-20 8:21 ` Pavan Kondeti
2022-07-20 9:10 ` Michal Hocko
2022-07-20 10:43 ` Charan Teja Kalla
2022-07-20 11:13 ` Michal Hocko
2022-07-19 15:19 ` David Hildenbrand
2022-07-19 15:37 ` Michal Hocko [this message]
2022-07-19 15:50 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtbPqrNtlr72+qx9@dhcp22.suse.cz \
--to=mhocko@suse.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=dhowells@redhat.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=minchan@kernel.org \
--cc=pasha.tatashin@soleen.com \
--cc=quic_charante@quicinc.com \
--cc=shakeelb@google.com \
--cc=sieberf@amazon.com \
--cc=sjpark@amazon.de \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox