| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Apr 2020 16:40:39 -0700
From: John Hubbard <jhubbard@...dia.com>
To: David Rientjes <rientjes@...gle.com>
CC: Michal Hocko <mhocko@...nel.org>, NeilBrown <neilb@...e.de>,
Andrew Morton <akpm@...ux-foundation.org>,
Joel Fernandes <joel@...lfernandes.org>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
<linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/2] mm: clarify __GFP_MEMALLOC usage
On 4/6/20 4:32 PM, David Rientjes wrote:
> On Mon, 6 Apr 2020, John Hubbard wrote:
>
>> Hi Michal and all,
>>
>> How about using approximately this wording instead? I found Neil's wording to
>> be
>> especially helpful so I mixed it in. (Also fixed a couple of slight 80-col
>> overruns.)
>>
>> diff --git a/include/linux/gfp.h b/include/linux/gfp.h
>> index be2754841369..c247a911d8c7 100644
>> --- a/include/linux/gfp.h
>> +++ b/include/linux/gfp.h
>> @@ -111,6 +111,15 @@ struct vm_area_struct;
>> * very shortly e.g. process exiting or swapping. Users either should
>> * be the MM or co-ordinating closely with the VM (e.g. swap over NFS).
>> *
>> + * To be extra clear: users of __GFP_MEMALLOC must be working to free other
>> + * memory, and that other memory needs to be freed "soon"; specifically,
>> before
>> + * the reserve is exhausted. This generally implies a throttling mechanism
>> that
>> + * balances the amount of __GFP_MEMALLOC memory used against the amount that
>> the
>> + * caller is about to free.
>> + *
>> + * Usage of a pre-allocated pool (e.g. mempool) should be always considered
>> + * before using this flag.
>> + *
>> * %__GFP_NOMEMALLOC is used to explicitly forbid access to emergency
>> reserves.
>> * This takes precedence over the %__GFP_MEMALLOC flag if both are set.
>> */
>
> I agree this looks better, but if a developer is reading this and is
> unfamiliar with the implementation of memory reserves or __GFP_MEMALLOC,
> how do they take any action that memory allocated with this bit is freed
> before the reserve is exhausted?
>
In order to make it even possible to write documentation, I'd like to constrain
what "a developer" means a bit more. Someone who comes decides to use this
flag will at least get a clear indication of what's involved, and I would
expect that if it's still not clear, they would take a slightly deeper look.
So "a developer unfamiliar with the implementation of memory reserves" is
probably going to get into trouble if they remain unfamiliar. This documentation
should inspire them to learn what they need to learn.
> It seems like it's simply saying "don't allocate a lot of this before you
> free it." That may be very well how it goes, but any discussion of
> depletion of the reserve seems to imply we'd want to quantify it and I
> agree that's not what we want the user to do.
>
> So maybe simply state that reserves can be extremely limited and thus it's
> best to assume there is very little reserve left?
>
Well...but now we're sort of back to the original documentation anyway. I
like the idea of putting in a bit about "you're supposed to be doing something
that frees up memory" in the comments, because it is a lot more concrete.
Because it's pretty hard to figure out what "be careful, there's not much
left" really means, in terms of code that one writes. :)
thanks,
--
John Hubbard
NVIDIA
Powered by blists - more mailing lists