From: Michal Hocko <mhocko@suse.com>
To: Barry Song <21cnbao@gmail.com>
Cc: akpm@linux-foundation.org, linux-mm@kvack.org,
Barry Song <v-songbaohua@oppo.com>,
Uladzislau Rezki <urezki@gmail.com>,
Christoph Hellwig <hch@infradead.org>,
Lorenzo Stoakes <lstoakes@gmail.com>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Vlastimil Babka <vbabka@suse.cz>,
Roman Gushchin <roman.gushchin@linux.dev>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>
Subject: Re: [PATCH RFC] mm: warn potential return NULL for kmalloc_array and kvmalloc_array with __GFP_NOFAIL
Date: Fri, 19 Jul 2024 09:42:02 +0200 [thread overview]
Message-ID: <ZpoYyp8aHWGyCK-8@tiehlicka> (raw)
In-Reply-To: <CAGsJ_4wbvNxDOYx0RNQd0vaH5KScPdJFvdi9SWkXVRF_41cVXA@mail.gmail.com>
On Fri 19-07-24 19:07:31, Barry Song wrote:
> On Fri, Jul 19, 2024 at 7:02 PM Michal Hocko <mhocko@suse.com> wrote:
> >
> > On Fri 19-07-24 12:35:55, Barry Song wrote:
> > > On Thu, Jul 18, 2024 at 8:50 PM Michal Hocko <mhocko@suse.com> wrote:
> > [...]
> > > > Yes, those shouldn't really fail. NOWAIT|NOFAIL was something that
> > > > should never happen and I really hope it doesn't. Others should really
> > > > retry but it's been some time since I've checked the last time.
> > >
> > >
> > > I assume allocations directly using alloc_pages() might not respect GFP_NOFAIL
> > > and violate the semantics of GFP_NOFAIL.
> >
> > What do you mean?
>
> I mean, if we are using wrappers like vmalloc (GFP_NOFAIL | GFP_NOWAIT),
> though alloc_pages might return NULL, vmalloc for itself will retry.
vmalloc(NOFAIL|NOWAIT) is equally unsupported. This combination of flags
simply cannot be delivered.
> but if you call alloc_pages() directly with GFP_NOFAIL | GFP_NOWAIT,
> alloc_pages() may return NULL without retry at all. I believe alloc_pages()
> is also wrong.
It cannot reclaim itself and it cannot sleep to wait for the memory so
NOFAIL semantic is simply impossible. We have put a warning in place to
catch abusers but apparently this hasn't been sufficient. There are only
two ways to deal with the failure. Either return NULL and break the
contract and see what happens (implementation now) or BUG_ON and blow up
later if the the failed allocation request blows up - potentially
recoverably. Linus tends to be against adding new BUG() calls unless the
failure is absolutely unrecoverable (e.g. corrupted data structures
etc.). I am not sure how he would look at simply incorrect memory
allocator usage to blow up the kernel. Now the argument could be made
that those failures could cause subtle memory corruptions or even be
exploitable which might be a sufficient reason to stop them early. You
can try that.
I do not see a saner way to deal with this particular memory request
type. Unless we require all __GFP_NOFAIL|GFP_NOWAIT requests to check
for the failure but this makes very little sense to me.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2024-07-19 7:42 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 23:00 Barry Song
2024-07-18 6:58 ` Michal Hocko
2024-07-18 7:04 ` Christoph Hellwig
2024-07-18 7:12 ` Michal Hocko
2024-07-18 8:16 ` Vlastimil Babka
2024-07-18 7:22 ` Barry Song
2024-07-18 7:27 ` Michal Hocko
2024-07-18 7:41 ` Barry Song
2024-07-18 7:53 ` Michal Hocko
2024-07-18 8:18 ` Barry Song
2024-07-18 8:32 ` Michal Hocko
2024-07-18 8:43 ` Barry Song
2024-07-18 8:50 ` Michal Hocko
2024-07-19 0:35 ` Barry Song
2024-07-19 7:02 ` Michal Hocko
2024-07-19 7:07 ` Barry Song
2024-07-19 7:42 ` Michal Hocko [this message]
2024-07-19 7:51 ` Barry Song
2024-07-19 8:01 ` Michal Hocko
2024-07-19 8:28 ` Barry Song
2024-07-19 8:40 ` Michal Hocko
2024-07-19 9:36 ` Barry Song
2024-07-19 9:45 ` Michal Hocko
2024-07-19 9:58 ` Barry Song
2024-07-19 10:57 ` Michal Hocko
2024-07-19 11:05 ` Barry Song
2024-07-19 11:19 ` Michal Hocko
2024-07-19 8:50 ` Vlastimil Babka
2024-07-19 9:33 ` Michal Hocko
2024-07-19 10:10 ` Vlastimil Babka
2024-07-19 10:52 ` Michal Hocko
2024-07-19 11:13 ` Vlastimil Babka
2024-07-19 11:26 ` Michal Hocko
2024-07-19 13:02 ` Barry Song
2024-07-19 13:30 ` Michal Hocko
2024-07-20 0:36 ` Barry Song
2024-07-22 7:23 ` Michal Hocko
2024-07-22 7:34 ` Vlastimil Babka
2024-07-19 7:37 ` Christoph Hellwig
2024-07-19 7:43 ` Barry Song
2024-07-19 7:53 ` Christoph Hellwig
2024-07-20 22:14 ` Barry Song
2024-07-22 7:26 ` Michal Hocko
2024-07-22 8:09 ` Barry Song
2024-07-22 9:01 ` Michal Hocko
2024-07-22 23:18 ` Christoph Hellwig
2024-07-22 23:22 ` Barry Song
2024-07-19 8:35 ` Vlastimil Babka
2024-07-18 7:48 ` Hailong Liu
2024-07-18 8:33 ` Barry Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZpoYyp8aHWGyCK-8@tiehlicka \
--to=mhocko@suse.com \
--cc=21cnbao@gmail.com \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=hch@infradead.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-mm@kvack.org \
--cc=lstoakes@gmail.com \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=urezki@gmail.com \
--cc=v-songbaohua@oppo.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox