lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20171127063846.GA27768@bbox>
Date:   Mon, 27 Nov 2017 15:38:46 +0900
From:   Minchan Kim <minchan@...nel.org>
To:     jiang.biao2@....com.cn
Cc:     akpm@...ux-foundation.org, mhocko@...e.com, hannes@...xchg.org,
        hillf.zj@...baba-inc.com, ying.huang@...el.com, linux-mm@...ck.org,
        mgorman@...hsingularity.net, linux-kernel@...r.kernel.org,
        zhong.weidong@....com.cn
Subject: Re: [PATCH] mm/vmscan: make do_shrink_slab more robust.

On Mon, Nov 27, 2017 at 02:27:20PM +0800, jiang.biao2@....com.cn wrote:
> > On Mon, Nov 27, 2017 at 12:46:27PM +0800, jiang.biao2@....com.cn wrote:> > On Mon, Nov 27, 2017 at 09:37:30AM +0800, Jiang Biao wrote:> >
> > > > > This patch make do_shrink_slab more robust when
> > > > > shrinker->count_objects return negative freeable.
> > > >
> > > > Shrinker.h says count_objects should return 0 if there are no
> > > > freeable objects, not -1.
> > > >
> > > > So if something returns -1, changing it with returning 0 would
> > > be more proper fix.
> > > >
> > > Hi,
> > > Indeed it's not a bug of vmscan, but there are many shrinkers
> > > out there, which may return negative value unwillingly(in some
> > > rare cases, such as decreasing cocurrently). It's unlikely and
> > > should be avioded, but not impossible, this patch may make it
> > > more robust and could not hurt :).
> > 
> > Yub, I'm not strong against of your claim. However, let's think
> > from different point of view.
> > 
> > API says it should return 0 unless shrinker cannot find freeable
> > object any more but with your change, implmentation handles
> > although a shrinker return minus value by mistake.
> > 
> > In future, MM guys might want to extend count_objects returning
> > -ERR_SOMETHING to propagate error, for example but we cannot.
> > Because some of shrinkers already rely on the implementation so
> > if we start to support minus value return, some of shrinker might
> > be broken.
> > 
> > Yes, it's the imaginary scenario but wanted why such changes
> > makes us trouble in future, API PoV.
> I agree with your concern.  How about we take another way by 
> adding some warning in such case? such as,
>         freeable = shrinker->count_objects(shrinker, shrinkctl);
> +       if (unlikely(freeable < 0)) {
> +               pr_err("shrink_slab: %pF negative objects returned. freeable=%ld\n",
> +                       shrinker->scan_objects, freeable);
> +               freeable = 0;  //maybe not needed?
> +       }
>         if (freeable == 0)
>                 return 0;
> In this way, we would not break the API, but could alert user exception 
> with message, and make it more robust in such case.

True but it would be a problem robust vs. effectivess tradeoff.
Think about that everyone want to make thier code robust.
It means they start to dump lots of defensive code so code start
to look like complicated as well as binary bloating.
So, whenever we add some more, we should think how effective
the code I am putting?

In this case, I'm skeptical, Sorry. But others might have different
opinions. :)

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ