lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <978702110.19841228.1524666829157.JavaMail.zimbra@redhat.com>
Date:   Wed, 25 Apr 2018 10:33:49 -0400 (EDT)
From:   Chunyu Hu <chuhu@...hat.com>
To:     Catalin Marinas <catalin.marinas@....com>
Cc:     Michal Hocko <mhocko@...nel.org>,
        Chunyu Hu <chuhu.ncepu@...il.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>
Subject: Re: [RFC] mm: kmemleak: replace __GFP_NOFAIL to GFP_NOWAIT in
 gfp_kmemleak_mask



----- Original Message -----
> From: "Catalin Marinas" <catalin.marinas@....com>
> To: "Chunyu Hu" <chuhu@...hat.com>
> Cc: "Michal Hocko" <mhocko@...nel.org>, "Chunyu Hu" <chuhu.ncepu@...il.com>, "Dmitry Vyukov" <dvyukov@...gle.com>,
> "LKML" <linux-kernel@...r.kernel.org>, "Linux-MM" <linux-mm@...ck.org>
> Sent: Wednesday, April 25, 2018 8:51:55 PM
> Subject: Re: [RFC] mm: kmemleak: replace __GFP_NOFAIL to GFP_NOWAIT in gfp_kmemleak_mask
> 
> On Wed, Apr 25, 2018 at 05:50:41AM -0400, Chunyu Hu wrote:
> > ----- Original Message -----
> > > From: "Catalin Marinas" <catalin.marinas@....com>
> > > On Tue, Apr 24, 2018 at 07:20:57AM -0600, Michal Hocko wrote:
> > > > On Mon 23-04-18 12:17:32, Chunyu Hu wrote:
> > > > [...]
> > > > > So if there is a new flag, it would be the 25th bits.
> > > > 
> > > > No new flags please. Can you simply store a simple bool into
> > > > fail_page_alloc
> > > > and have save/restore api for that?
> > > 
> > > For kmemleak, we probably first hit failslab. Something like below may
> > > do the trick:
> > > 
> > > diff --git a/mm/failslab.c b/mm/failslab.c
> > > index 1f2f248e3601..63f13da5cb47 100644
> > > --- a/mm/failslab.c
> > > +++ b/mm/failslab.c
> > > @@ -29,6 +29,9 @@ bool __should_failslab(struct kmem_cache *s, gfp_t
> > > gfpflags)
> > >  	if (failslab.cache_filter && !(s->flags & SLAB_FAILSLAB))
> > >  		return false;
> > >  
> > > +	if (s->flags & SLAB_NOLEAKTRACE)
> > > +		return false;
> > > +
> > >  	return should_fail(&failslab.attr, s->object_size);
> > >  }
> > 
> > This maybe is the easy enough way for skipping fault injection for
> > kmemleak slab object.
> 
> This was added to avoid kmemleak tracing itself, so could be used for
> other kmemleak-related cases.
> 
> > > Can we get a second should_fail() via should_fail_alloc_page() if a new
> > > slab page is allocated?
> > 
> > looking at code path below, what do you mean by getting a second
> > should_fail() via fail_alloc_page?
> 
> Kmemleak calls kmem_cache_alloc() on a cache with SLAB_LEAKNOTRACE, so the
> first point of failure injection is __should_failslab() which we can
> handle with the slab flag. The slab allocator itself ends up calling
> alloc_pages() to allocate a slab page (and __GFP_NOFAIL is explicitly
> cleared). Here we have the second potential failure injection via

Indeed.

> fail_alloc_page(). That's unless the order < fail_page_alloc.min_order
> which I think is the default case (min_order = 1 while the slab page
> allocation for kmemleak would need an order of 0. It's not ideal but we
> may get away with it.

In my workstation, I checked the value shown is order=2

[mm]# cat /sys/kernel/slab/kmemleak_object/order 
2
[mm]# uname -r
4.17.0-rc1.syzcaller+


If order is 2, then not into the branch, no false is returned, so not skipped..
static bool should_fail_alloc_page(gfp_t gfp_mask, unsigned int order)
{
    if (order < fail_page_alloc.min_order)
        return false;


> 
> > Seems we need to insert the flag between alloc_slab_page and
> > alloc_pages()? Without GFP flag, it's difficult to pass info to
> > should_fail_alloc_page and keep simple at same time.
> 
> Indeed.
> 
> > Or as Michal suggested, completely disabling page alloc fail injection
> > when kmemleak enabled. And enable it again when kmemleak off.
> 
> Dmitry's point was that kmemleak is still useful to detect leaks on the
> error path where errors are actually introduced by the fault injection.
> Kmemleak cannot cope with allocation failures as it needs a pretty
> precise tracking of the allocated objects.

understand.

> 
> An alternative could be to not free the early_log buffer in kmemleak and
> use that memory in an emergency when allocation fails (though I don't
> particularly like this).
> 
> Yet another option is to use NOFAIL and remove NORETRY in kmemleak when
> fault injection is enabled.

I'm going to have a try this way to see if any warning can be seen when running.
This should be the best if it works fine. 

> 
> --
> Catalin
> 

-- 
Regards,
Chunyu Hu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ