lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200326062835.GB110624@google.com>
Date:   Wed, 25 Mar 2020 23:28:35 -0700
From:   Minchan Kim <minchan@...nel.org>
To:     Dave Hansen <dave.hansen@...ux.intel.com>
Cc:     linux-kernel@...r.kernel.org, mhocko@...e.com, jannh@...gle.com,
        vbabka@...e.cz, dancol@...gle.com, joel@...lfernandes.org,
        akpm@...ux-foundation.org
Subject: Re: [PATCH 2/2] mm/madvise: skip MADV_PAGEOUT on shared swap cache
 pages

On Mon, Mar 23, 2020 at 04:41:51PM -0700, Dave Hansen wrote:
> 
> From: Dave Hansen <dave.hansen@...ux.intel.com>
> 
> MADV_PAGEOUT might interfere with other processes if it is
> allowed to reclaim pages shared with other processses.  A
> previous patch tried to avoid this for anonymous pages
> which were shared by a fork().  It did this by checking
> page_mapcount().
> 
> That works great for mapped pages.  But, it can not detect
> unmapped swap cache pages.  This has not been a problem,
> until the previous patch which added the ability for
> MADV_PAGEOUT to *find* swap cache pages.
> 
> A process doing MADV_PAGEOUT which finds an unmapped swap
> cache page and evicts it might interfere with another process
> which had the same page mapped.  But, such a page would have
> a page_mapcount() of 1 since the page is only actually mapped
> in the *other* process.  The page_mapcount() test would fail
> to detect the situation.
> 
> Thankfully, there is a reference count for swap entries.
> To fix this, simply consult both page_mapcount() and the swap
> reference count via page_swapcount().
> 
> I rigged up a little test program to try to create these
> situations.  Basically, if the parent "reader" RSS changes
> in response to MADV_PAGEOUT actions in the child, there is
> a problem.
> 
> 	https://www.sr71.net/~dave/intel/madv-pageout.c
> 
> Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
> Cc: Michal Hocko <mhocko@...e.com>
> Cc: Jann Horn <jannh@...gle.com>
> Cc: Vlastimil Babka <vbabka@...e.cz>
> Cc: Minchan Kim <minchan@...nel.org>
> Cc: Daniel Colascione <dancol@...gle.com>
> Cc: "Joel Fernandes (Google)" <joel@...lfernandes.org>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> ---
> 
>  b/mm/madvise.c |   37 +++++++++++++++++++++++++++++--------
>  1 file changed, 29 insertions(+), 8 deletions(-)
> 
> diff -puN mm/madvise.c~madv-pageout-ignore-shared-swap-cache mm/madvise.c
> --- a/mm/madvise.c~madv-pageout-ignore-shared-swap-cache	2020-03-23 16:30:52.022385888 -0700
> +++ b/mm/madvise.c	2020-03-23 16:41:15.448384333 -0700
> @@ -261,6 +261,7 @@ static struct page *pte_get_reclaim_page
>  {
>  	swp_entry_t entry;
>  	struct page *page;
> +	int nr_page_references = 0;

nit: just 'referenced' would be enough.

Acked-by: Minchan Kim <minchan@...nel.org>

Thanks, Dave!

_

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ