lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190321194539.GY8696@dhcp22.suse.cz>
Date:   Thu, 21 Mar 2019 20:45:39 +0100
From:   Michal Hocko <mhocko@...nel.org>
To:     Yang Shi <yang.shi@...ux.alibaba.com>
Cc:     mgorman@...hsingularity.net, vbabka@...e.cz,
        akpm@...ux-foundation.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] mm: mempolicy: remove MPOL_MF_LAZY

On Thu 21-03-19 10:25:08, Yang Shi wrote:
> 
> 
> On 3/21/19 9:51 AM, Michal Hocko wrote:
> > On Thu 21-03-19 09:21:39, Yang Shi wrote:
> > > 
> > > On 3/21/19 7:57 AM, Michal Hocko wrote:
> > > > On Wed 20-03-19 08:27:39, Yang Shi wrote:
> > > > > MPOL_MF_LAZY was added by commit b24f53a0bea3 ("mm: mempolicy: Add
> > > > > MPOL_MF_LAZY"), then it was disabled by commit a720094ded8c ("mm:
> > > > > mempolicy: Hide MPOL_NOOP and MPOL_MF_LAZY from userspace for now")
> > > > > right away in 2012.  So, it is never ever exported to userspace.
> > > > > 
> > > > > And, it looks nobody is interested in revisiting it since it was
> > > > > disabled 7 years ago.  So, it sounds pointless to still keep it around.
> > > > The above changelog owes us a lot of explanation about why this is
> > > > safe and backward compatible. I am also not sure you can change
> > > > MPOL_MF_INTERNAL because somebody still might use the flag from
> > > > userspace and we want to guarantee it will have the exact same semantic.
> > > Since MPOL_MF_LAZY is never exported to userspace (Mel helped to confirm
> > > this in the other thread), so I'm supposed it should be safe and backward
> > > compatible to userspace.
> > You didn't get my point. The flag is exported to the userspace and
> > nothing in the syscall entry path checks and masks it. So we really have
> > to preserve the semantic of the flag bit for ever.
> 
> Thanks, I see you point. Yes, it is exported to userspace in some sense
> since it is in uapi header. But, it is never documented and MPOL_MF_VALID
> excludes it. mbind() does check and mask it. It would return -EINVAL if
> MPOL_MF_LAZY or any other undefined/invalid flag is set. See the below code
> snippet from do_mbind():
> 
> ...
> #define MPOL_MF_VALID    (MPOL_MF_STRICT   |     \
>              MPOL_MF_MOVE     |     \
>              MPOL_MF_MOVE_ALL)
> 
> if (flags & ~(unsigned long)MPOL_MF_VALID)
>         return -EINVAL;
> 
> So, I don't think any application would really use the flag for mbind()
> unless it is aimed to test the -EINVAL. If just test program, it should be
> not considered as a regression.

I have overlook that MPOL_MF_VALID doesn't include MPOL_MF_LAZY. Anyway,
my argument still holds that the bit has to be reserved for ever because
it used to be valid at some point of time and not returning EINVAL could
imply you are running on the kernel which supports the flag.
 
> > > I'm also not sure if anyone use MPOL_MF_INTERNAL or not and how they use it
> > > in their applications, but how about keeping it unchanged?
> > You really have to. Because it is an offset of other MPLO flags for
> > internal usage.
> > 
> > That being said. Considering that we really have to preserve
> > MPOL_MF_LAZY value (we cannot even rename it because it is in uapi
> > headers and we do not want to break compilation). What is the point of
> > this change? Why is it an improvement? Yes, nobody is probably using
> > this because this is not respected in anything but the preferred mem
> > policy. At least that is the case from my quick glance. I might be still
> > wrong as it is quite easy to overlook all the consequences. So the risk
> > is non trivial while the benefit is not really clear to me. If you see
> > one, _document_ it. "Mel said it is not in use" is not a justification,
> > with all due respect.
> 
> As I elaborated above, mbind() syscall does check it and treat it as an
> invalid flag. MPOL_PREFERRED doesn't use it either, but just use MPOL_F_MOF
> directly.

As Mel already pointed out. This doesn't really sound like a sound
argument. Say we would remove those few lines of code and preserve the
flag for future reservation of the flag bit. I would bet my head that it
will not be long before somebody just goes and clean it up and remove
because the flag is unused. So you would have to put a note explaining
why this has to be preserved. Maybe the current code is better to
document that. It would be much more sound to remove the code if it was
causing a measurable overhead or a maintenance burden. Is any of that
the case?

-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ