lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201019184017.6340-1-ralph.siemsen@linaro.org>
Date:   Mon, 19 Oct 2020 14:40:17 -0400
From:   Ralph Siemsen <ralph.siemsen@...aro.org>
To:     akpm@...ux-foundation.org
Cc:     charante@...eaurora.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, mgorman@...hsingularity.net,
        vinmenon@...eaurora.org, stable@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Ralph Siemsen <ralph.siemsen@...aro.org>
Subject: Re: [PATCH] mm, page_alloc: skip ->watermark_boost for atomic order-0 allocations-fix

Hi,

Please consider applying the patch from this thread to 5.8.y:
commit f80b08fc44536a311a9f3182e50f318b79076425

The fix should also go into 5.4.y, however the patch needs some minor
adjustments due to surrounding context differences. Attached below is a
version I have tested against 5.4.71.

This solves a "page allocation failure" error that can be reproduced
both on physical hardware, and also under qemu-system-arm. The test
consists of repeatedly running md5sum on a large file. In my tests the
file contains 1GB of random data, while the system has only 256MB RAM. 
No other tasks are running or consuming significant memory. 

After some time (between 1 and 200 iterations) the kernel reports a page
allocation failure. Additional failures occur fairly quickly thereafter.
The md5sum is correctly computed in each case. The OOM is not invoked.
The backtrace shows a 0-order GFP_ATOMIC was requested, with quite a
bit of memory available, and yet the allocation fails.

Similar error also occurs when "md5sum" is replaced by "scp" or "nc".
The backtrace again shows a 0-order with GFP_ATOMIC that fails, with
plenty of memory available according to the Mem-Info dump.

The problem does not occur under 4.9.y or 4.19.y. Bisction has found
that the problem started to occur with 688fcbfc06e4 ("mm/vmalloc: modify
struct vmap_area to reduce its size") during the 5.4 dev cycle.

I can provide additional logs and details if interested.

Thanks,
Ralph

Below is the f80b08fc445 commit, tweaked to apply to 5.4.y.

From: Charan Teja Reddy <charante@...eaurora.org>
Subject: [PATCH] mm, page_alloc: skip ->waternark_boost for atomic order-0
 allocations

[upstream commit f80b08fc44536a311a9f3182e50f318b79076425
 with context adjusted to match linux-5.4.y]

When boosting is enabled, it is observed that rate of atomic order-0
allocation failures are high due to the fact that free levels in the
system are checked with ->watermark_boost offset.  This is not a problem
for sleepable allocations but for atomic allocations which looks like
regression.

This problem is seen frequently on system setup of Android kernel running
on Snapdragon hardware with 4GB RAM size.  When no extfrag event occurred
in the system, ->watermark_boost factor is zero, thus the watermark
configurations in the system are:

   _watermark = (
          [WMARK_MIN] = 1272, --> ~5MB
          [WMARK_LOW] = 9067, --> ~36MB
          [WMARK_HIGH] = 9385), --> ~38MB
   watermark_boost = 0

After launching some memory hungry applications in Android which can cause
extfrag events in the system to an extent that ->watermark_boost can be
set to max i.e.  default boost factor makes it to 150% of high watermark.

   _watermark = (
          [WMARK_MIN] = 1272, --> ~5MB
          [WMARK_LOW] = 9067, --> ~36MB
          [WMARK_HIGH] = 9385), --> ~38MB
   watermark_boost = 14077, -->~57MB

With default system configuration, for an atomic order-0 allocation to
succeed, having free memory of ~2MB will suffice.  But boosting makes the
min_wmark to ~61MB thus for an atomic order-0 allocation to be successful
system should have minimum of ~23MB of free memory(from calculations of
zone_watermark_ok(), min = 3/4(min/2)).  But failures are observed despite
system is having ~20MB of free memory.  In the testing, this is
reproducible as early as first 300secs since boot and with furtherlowram
configurations(<2GB) it is observed as early as first 150secs since boot.

These failures can be avoided by excluding the ->watermark_boost in
watermark caluculations for atomic order-0 allocations.

[akpm@...ux-foundation.org: fix comment grammar, reflow comment]
[charante@...eaurora.org: fix suggested by Mel Gorman]
  Link: http://lkml.kernel.org/r/31556793-57b1-1c21-1a9d-22674d9bd938@codeaurora.org

Signed-off-by: Charan Teja Reddy <charante@...eaurora.org>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Acked-by: Vlastimil Babka <vbabka@...e.cz>
Cc: Vinayak Menon <vinmenon@...eaurora.org>
Cc: Mel Gorman <mgorman@...hsingularity.net>
Link: http://lkml.kernel.org/r/1589882284-21010-1-git-send-email-charante@codeaurora.org
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Ralph Siemsen <ralph.siemsen@...aro.org>
---
 mm/page_alloc.c | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index aff0bb4629bd..b0e9ea4c220e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -3484,7 +3484,8 @@ bool zone_watermark_ok(struct zone *z, unsigned int order, unsigned long mark,
 }
 
 static inline bool zone_watermark_fast(struct zone *z, unsigned int order,
-		unsigned long mark, int classzone_idx, unsigned int alloc_flags)
+				unsigned long mark, int classzone_idx,
+				unsigned int alloc_flags, gfp_t gfp_mask)
 {
 	long free_pages = zone_page_state(z, NR_FREE_PAGES);
 	long cma_pages = 0;
@@ -3505,8 +3506,23 @@ static inline bool zone_watermark_fast(struct zone *z, unsigned int order,
 	if (!order && (free_pages - cma_pages) > mark + z->lowmem_reserve[classzone_idx])
 		return true;
 
-	return __zone_watermark_ok(z, order, mark, classzone_idx, alloc_flags,
-					free_pages);
+	if (__zone_watermark_ok(z, order, mark, classzone_idx, alloc_flags,
+					free_pages))
+		return true;
+	/*
+	 * Ignore watermark boosting for GFP_ATOMIC order-0 allocations
+	 * when checking the min watermark. The min watermark is the
+	 * point where boosting is ignored so that kswapd is woken up
+	 * when below the low watermark.
+	 */
+	if (unlikely(!order && (gfp_mask & __GFP_ATOMIC) && z->watermark_boost
+		&& ((alloc_flags & ALLOC_WMARK_MASK) == WMARK_MIN))) {
+		mark = z->_watermark[WMARK_MIN];
+		return __zone_watermark_ok(z, order, mark, classzone_idx,
+					alloc_flags, free_pages);
+	}
+
+	return false;
 }
 
 bool zone_watermark_ok_safe(struct zone *z, unsigned int order,
@@ -3647,7 +3663,8 @@ get_page_from_freelist(gfp_t gfp_mask, unsigned int order, int alloc_flags,
 
 		mark = wmark_pages(zone, alloc_flags & ALLOC_WMARK_MASK);
 		if (!zone_watermark_fast(zone, order, mark,
-				       ac_classzone_idx(ac), alloc_flags)) {
+				       ac_classzone_idx(ac), alloc_flags,
+				       gfp_mask)) {
 			int ret;
 
 #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ