lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 31 Oct 2013 12:03:37 -0400
From:	Johannes Weiner <hannes@...xchg.org>
To:	Jan Kara <jack@...e.cz>
Cc:	Luis Henriques <luis.henriques@...onical.com>,
	linux-kernel@...r.kernel.org, kernel-team@...ts.ubuntu.com,
	Michal Hocko <mhocko@...e.cz>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 3.5 29/64] fs: buffer: move allocation failure loop into
 the allocator

On Thu, Oct 31, 2013 at 03:48:48PM +0100, Jan Kara wrote:
> On Thu 31-10-13 10:00:08, Johannes Weiner wrote:
> > On Mon, Oct 28, 2013 at 02:47:48PM +0000, Luis Henriques wrote:
> > > 3.5.7.24 -stable review patch.  If anyone has any objections, please let me know.
> > > 
> > > ------------------
> > > 
> > > From: Johannes Weiner <hannes@...xchg.org>
> > > 
> > > commit 84235de394d9775bfaa7fa9762a59d91fef0c1fc upstream.
> > > 
> > > Buffer allocation has a very crude indefinite loop around waking the
> > > flusher threads and performing global NOFS direct reclaim because it can
> > > not handle allocation failures.
> > > 
> > > The most immediate problem with this is that the allocation may fail due
> > > to a memory cgroup limit, where flushers + direct reclaim might not make
> > > any progress towards resolving the situation at all.  Because unlike the
> > > global case, a memory cgroup may not have any cache at all, only
> > > anonymous pages but no swap.  This situation will lead to a reclaim
> > > livelock with insane IO from waking the flushers and thrashing unrelated
> > > filesystem cache in a tight loop.
> > > 
> > > Use __GFP_NOFAIL allocations for buffers for now.  This makes sure that
> > > any looping happens in the page allocator, which knows how to
> > > orchestrate kswapd, direct reclaim, and the flushers sensibly.  It also
> > > allows memory cgroups to detect allocations that can't handle failure
> > > and will allow them to ultimately bypass the limit if reclaim can not
> > > make progress.
>   So I was under the impression that __GFP_NOFAIL is going away, doesn't
> it? At least about an year ago there was some effort to remove its users so
> we ended up creating loops like the above one (and similar ones for
> jbd/jbd2) in cases where handling the failure wasn't easily possible. And now
> it seems we are going in the opposite direction... At least we have a
> steady flow of patches guaranteed :)

Lol.

I would assume that people had a problem with allocations that can not
fail, rather than __GFP_NOFAIL.  As long as we do have callsites that
can't deal with failure, I'd much prefer __GFP_NOFAIL over open-coded
looping.  The page allocator is much better equipped to make forward
progress and the problematic sites are immediately apparent/greppable.

In order of preference, this is how allocation sites should deal with
errors:

1. Gracefully abort current operation and move on
2. Stab eyes with fork
3. Use __GFP_NOFAIL

... but never loop around the allocation, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists