| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Feb 2020 17:29:44 -0500
From: Johannes Weiner <hannes@...xchg.org>
To: Roman Gushchin <guro@...com>
Cc: linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>,
Michal Hocko <mhocko@...nel.org>,
Shakeel Butt <shakeelb@...gle.com>,
Vladimir Davydov <vdavydov.dev@...il.com>,
linux-kernel@...r.kernel.org, kernel-team@...com,
Bharata B Rao <bharata@...ux.ibm.com>,
Yafang Shao <laoar.shao@...il.com>
Subject: Re: [PATCH v2 16/28] mm: memcg/slab: allocate obj_cgroups for
non-root slab pages
On Mon, Feb 03, 2020 at 01:19:15PM -0800, Roman Gushchin wrote:
> On Mon, Feb 03, 2020 at 03:46:27PM -0500, Johannes Weiner wrote:
> > On Mon, Feb 03, 2020 at 10:34:52AM -0800, Roman Gushchin wrote:
> > > On Mon, Feb 03, 2020 at 01:27:56PM -0500, Johannes Weiner wrote:
> > > > On Mon, Jan 27, 2020 at 09:34:41AM -0800, Roman Gushchin wrote:
> > > > > Allocate and release memory to store obj_cgroup pointers for each
> > > > > non-root slab page. Reuse page->mem_cgroup pointer to store a pointer
> > > > > to the allocated space.
> > > > >
> > > > > To distinguish between obj_cgroups and memcg pointers in case
> > > > > when it's not obvious which one is used (as in page_cgroup_ino()),
> > > > > let's always set the lowest bit in the obj_cgroup case.
> > > > >
> > > > > Signed-off-by: Roman Gushchin <guro@...com>
> > > > > ---
> > > > > include/linux/mm.h | 25 ++++++++++++++++++--
> > > > > include/linux/mm_types.h | 5 +++-
> > > > > mm/memcontrol.c | 5 ++--
> > > > > mm/slab.c | 3 ++-
> > > > > mm/slab.h | 51 +++++++++++++++++++++++++++++++++++++++-
> > > > > mm/slub.c | 2 +-
> > > > > 6 files changed, 83 insertions(+), 8 deletions(-)
> > > > >
> > > > > diff --git a/include/linux/mm.h b/include/linux/mm.h
> > > > > index 080f8ac8bfb7..65224becc4ca 100644
> > > > > --- a/include/linux/mm.h
> > > > > +++ b/include/linux/mm.h
> > > > > @@ -1264,12 +1264,33 @@ static inline void set_page_links(struct page *page, enum zone_type zone,
> > > > > #ifdef CONFIG_MEMCG
> > > > > static inline struct mem_cgroup *page_memcg(struct page *page)
> > > > > {
> > > > > - return page->mem_cgroup;
> > > > > + struct mem_cgroup *memcg = page->mem_cgroup;
> > > > > +
> > > > > + /*
> > > > > + * The lowest bit set means that memcg isn't a valid memcg pointer,
> > > > > + * but a obj_cgroups pointer. In this case the page is shared and
> > > > > + * isn't charged to any specific memory cgroup. Return NULL.
> > > > > + */
> > > > > + if ((unsigned long) memcg & 0x1UL)
> > > > > + memcg = NULL;
> > > > > +
> > > > > + return memcg;
> > > >
> > > > That should really WARN instead of silently returning NULL. Which
> > > > callsite optimistically asks a page's cgroup when it has no idea
> > > > whether that page is actually a userpage or not?
> > >
> > > For instance, look at page_cgroup_ino() called from the
> > > reading /proc/kpageflags.
> >
> > But that checks PageSlab() and implements memcg_from_slab_page() to
> > handle that case properly. And that's what we expect all callsites to
> > do: make sure that the question asked actually makes sense, instead of
> > having the interface paper over bogus requests.
> >
> > If that function is completely racy and PageSlab isn't stable, then it
> > should really just open-code the lookup, rather than require weakening
> > the interface for everybody else.
>
> Why though?
>
> Another example: process stack can be depending on the machine config and
> platform a vmalloc allocation, a slab allocation or a "high-order slab allocation",
> which is executed by the page allocator directly.
>
> It's kinda nice to have a function that hides accounting details
> and returns a valid memcg pointer for any kind of objects.
Hm? I'm not objecting to that, memcg_from_obj() makes perfect sense to
me, to use with kvmalloc() objects for example.
I'm objecting to page_memcg() silently swallowing bogus inputs. That
function shouldn't silently say "there is no cgroup associated with
this page" when the true answer is "this page has MANY cgroups
associated with it, this question doesn't make any sense".
It's not exactly hard to imagine how this could cause bugs, is it?
Where a caller should implement a slab case (exactly like
page_cgroup_ino()) but is confused about the type of page it has,
whether it's charged or not etc.?
Powered by blists - more mailing lists