| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Dec 2013 07:50:59 +0000 From: Mel Gorman <mgorman@...e.de> To: David Rientjes <rientjes@...gle.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, Michal Hocko <mhocko@...e.cz>, linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: Re: [patch] mm, page_alloc: allow __GFP_NOFAIL to allocate below watermarks after reclaim On Mon, Dec 09, 2013 at 02:03:45PM -0800, David Rientjes wrote: > If direct reclaim has failed to free memory, __GFP_NOFAIL allocations > can potentially loop forever in the page allocator. In this case, it's > better to give them the ability to access below watermarks so that they > may allocate similar to the same privilege given to GFP_ATOMIC > allocations. > > We're careful to ensure this is only done after direct reclaim has had > the chance to free memory, however. > > Signed-off-by: David Rientjes <rientjes@...gle.com> The main problem with doing something like this is that it just smacks into the adjusted watermark if there are a number of __GFP_NOFAIL. Who was the user of __GFP_NOFAIL that was fixed by this patch? It appears there are more __GFP_NOFAIL users than I expected and some of them are silly. md uses it after mempool_alloc fails GFP_ATOMIC and then immediately calls with __GFP_NOFAIL in a context that can sleep. It could just have used GFP_NOIO for the mempool alloc which would "never" fail. btrfs is using __GFP_NOFAIL to call the slab allocator for the extent cache but also a kmalloc cache which is just dangerous. After this patch, that thing can push the system below watermarks and then effectively "leak" them to other !__GFP_NOFAIL users. Buffer cache uses __GFP_NOFAIL to grow buffers where it expects the page allocator can loop endlessly but again, allowing it to go below reserves is just going to hit the same wall a short time later gfs is using the flag with kmalloc slabs, same as btrfs this can "leak" the reserves. jbd is the same although jbd2 avoids using the flag in a manner of speaking. There are enough bad users of __GFP_NOFAIL that I really question how good an idea it is to allow emergency reserves to be used when they are potentially leaked to other !__GFP_NOFAIL users via the slab allocator shortly afterwards. -- Mel Gorman SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists