| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Nov 2017 15:38:46 +0900
From: Minchan Kim <minchan@...nel.org>
To: jiang.biao2@....com.cn
Cc: akpm@...ux-foundation.org, mhocko@...e.com, hannes@...xchg.org,
hillf.zj@...baba-inc.com, ying.huang@...el.com, linux-mm@...ck.org,
mgorman@...hsingularity.net, linux-kernel@...r.kernel.org,
zhong.weidong@....com.cn
Subject: Re: [PATCH] mm/vmscan: make do_shrink_slab more robust.
On Mon, Nov 27, 2017 at 02:27:20PM +0800, jiang.biao2@....com.cn wrote:
> > On Mon, Nov 27, 2017 at 12:46:27PM +0800, jiang.biao2@....com.cn wrote:> > On Mon, Nov 27, 2017 at 09:37:30AM +0800, Jiang Biao wrote:> >
> > > > > This patch make do_shrink_slab more robust when
> > > > > shrinker->count_objects return negative freeable.
> > > >
> > > > Shrinker.h says count_objects should return 0 if there are no
> > > > freeable objects, not -1.
> > > >
> > > > So if something returns -1, changing it with returning 0 would
> > > be more proper fix.
> > > >
> > > Hi,
> > > Indeed it's not a bug of vmscan, but there are many shrinkers
> > > out there, which may return negative value unwillingly(in some
> > > rare cases, such as decreasing cocurrently). It's unlikely and
> > > should be avioded, but not impossible, this patch may make it
> > > more robust and could not hurt :).
> >
> > Yub, I'm not strong against of your claim. However, let's think
> > from different point of view.
> >
> > API says it should return 0 unless shrinker cannot find freeable
> > object any more but with your change, implmentation handles
> > although a shrinker return minus value by mistake.
> >
> > In future, MM guys might want to extend count_objects returning
> > -ERR_SOMETHING to propagate error, for example but we cannot.
> > Because some of shrinkers already rely on the implementation so
> > if we start to support minus value return, some of shrinker might
> > be broken.
> >
> > Yes, it's the imaginary scenario but wanted why such changes
> > makes us trouble in future, API PoV.
> I agree with your concern. How about we take another way by
> adding some warning in such case? such as,
> freeable = shrinker->count_objects(shrinker, shrinkctl);
> + if (unlikely(freeable < 0)) {
> + pr_err("shrink_slab: %pF negative objects returned. freeable=%ld\n",
> + shrinker->scan_objects, freeable);
> + freeable = 0; //maybe not needed?
> + }
> if (freeable == 0)
> return 0;
> In this way, we would not break the API, but could alert user exception
> with message, and make it more robust in such case.
True but it would be a problem robust vs. effectivess tradeoff.
Think about that everyone want to make thier code robust.
It means they start to dump lots of defensive code so code start
to look like complicated as well as binary bloating.
So, whenever we add some more, we should think how effective
the code I am putting?
In this case, I'm skeptical, Sorry. But others might have different
opinions. :)
Thanks.
Powered by blists - more mailing lists