lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 18 Dec 2020 14:14:49 +0100
From:   Michal Hocko <>
To:     Pavel Tatashin <>
Cc:     LKML <>, linux-mm <>,
        Andrew Morton <>,
        Vlastimil Babka <>,
        David Hildenbrand <>,
        Oscar Salvador <>,
        Dan Williams <>,
        Sasha Levin <>,
        Tyler Hicks <>,
        Joonsoo Kim <>,,
        Steven Rostedt <>,
        Ingo Molnar <>, Jason Gunthorpe <>,
        Peter Zijlstra <>,
        Mel Gorman <>,
        Matthew Wilcox <>,
        David Rientjes <>,
        John Hubbard <>,
        Linux Doc Mailing List <>,
        Ira Weiny <>,
Subject: Re: [PATCH v4 08/10] mm/gup: limit number of gup migration failures,
 honor failures

On Fri 18-12-20 07:43:15, Pavel Tatashin wrote:
> On Fri, Dec 18, 2020 at 5:46 AM Michal Hocko <> wrote:
> >
> > On Thu 17-12-20 13:52:41, Pavel Tatashin wrote:
> > [...]
> > > +#define PINNABLE_MIGRATE_MAX 10
> > > +#define PINNABLE_ISOLATE_MAX 100
> >
> > Why would we need to limit the isolation retries. Those should always be
> > temporary failure unless I am missing something.
> Actually, during development, I was retrying isolate errors
> infinitely, but during testing found a hung where when FOLL_TOUCH
> without FOLL_WRITE is passed (fault in kernel without write flag), the
> zero page is faulted. The isolation of the zero page was failing every
> time, therefore the process was hanging.

Why would you migrate zero page in the first place? Simply instantiate
> Since then, I fixed this problem by adding FOLL_WRITE unconditionally
> to FOLL_LONGTERM, but I was worried about other possible bugs that
> would cause hangs, so decided to limit isolation errors. If you think
> it its not necessary, I can unlimit isolate retires.

It should have a really good reason to exist. Worries about some corner
cases is definitely not a reason to put some awkward retry mechanism.
My historical experience is that these things are extremely hard to get
rid of later.

> > I am not sure about the
> > PINNABLE_MIGRATE_MAX either. Why do we want to limit that? migrate_pages
> > already implements its retry logic why do you want to count retries on
> > top of that? I do agree that the existing logic is suboptimal because
> True, but again, just recently, I worked on a race bug where pages can
> end up in per-cpu list after lru_add_drain_all() but before isolation,
> so I think retry is necessary.

There are ways to make sure pages are not ending on pcp list. Have a
look at how hotplug does that.

> > the migration failure might be ephemeral or permanent but that should be
> > IMHO addressed at migrate_pages (resp. unmap_and_move) and simply report
> > failures that are permanent - e.g. any potential pre-existing long term
> > pin - if that is possible at all. If not what would cause permanent
> > migration failure? OOM?
> Yes, OOM is the main cause for migration failures.

Then you can treat ENOMEM as a permanent failure.

> And also a few
> cases described in movable zone comment, where it is possible during
> boot some pages can be allocated by memblock in movable zone due to
> lack of memory resources (even if those resources were added later),

Do you have any examples? I find it hard to follow that somebody would
be pinning early boot allocations.

> hardware page poisoning is another rare example.

Could you elaborate please?
Michal Hocko

Powered by blists - more mailing lists