[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <76e468b4-c6ac-426c-7ec9-99c620e08cda@redhat.com>
Date: Fri, 17 Jun 2022 09:33:51 +0200
From: David Hildenbrand <david@...hat.com>
To: Miaohe Lin <linmiaohe@...wei.com>, akpm@...ux-foundation.org
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] mm/swapfile: make security_vm_enough_memory_mm()
work as expected
On 08.06.22 16:40, Miaohe Lin wrote:
> security_vm_enough_memory_mm() checks whether a process has enough memory
> to allocate a new virtual mapping. And total_swap_pages is considered as
> available memory while swapoff tries to make sure there's enough memory
> that can hold the swapped out memory. But total_swap_pages contains the
> swap space that is being swapoff. So security_vm_enough_memory_mm() will
> success even if there's no memory to hold the swapped out memory because
s/success/succeed/
> total_swap_pages always greater than or equal to p->pages.
>
> In order to fix it, p->pages should be retracted from total_swap_pages
s/retracted/subtracted/
> first and then check whether there's enough memory for inuse swap pages.
>
> Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
> ---
> mm/swapfile.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/mm/swapfile.c b/mm/swapfile.c
> index ec4c1b276691..d2bead7b8b70 100644
> --- a/mm/swapfile.c
> +++ b/mm/swapfile.c
> @@ -2398,6 +2398,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
> struct filename *pathname;
> int err, found = 0;
> unsigned int old_block_size;
> + unsigned int inuse_pages;
>
> if (!capable(CAP_SYS_ADMIN))
> return -EPERM;
> @@ -2428,9 +2429,13 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
> spin_unlock(&swap_lock);
> goto out_dput;
> }
> - if (!security_vm_enough_memory_mm(current->mm, p->pages))
> - vm_unacct_memory(p->pages);
> +
> + total_swap_pages -= p->pages;
> + inuse_pages = READ_ONCE(p->inuse_pages);
> + if (!security_vm_enough_memory_mm(current->mm, inuse_pages))
> + vm_unacct_memory(inuse_pages);
> else {
> + total_swap_pages += p->pages;
That implies that whenever we fail in security_vm_enough_memory_mm(),
that other concurrent users might see a wrong total_swap_pages.
Assume 4 GiB memory and 8 GiB swap. Let's assume 10 GiB are in use.
Temporarily, we'd have
CommitLimit 4 GiB
Committed_AS 10 GiB
Not sure if relevant, but I wonder if it could be avoided somehow?
Apart from that, LGTM.
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists