| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220725094759epcms1p6b3940f68126bd9b3d9a4e4c1ad4b0aa2@epcms1p6>
Date: Mon, 25 Jul 2022 18:47:59 +0900
From: Jaewon Kim <jaewon31.kim@...sung.com>
To: Mel Gorman <mgorman@...hsingularity.net>,
Jaewon Kim <jaewon31.kim@...sung.com>
CC: "minchan@...nel.org" <minchan@...nel.org>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"bhe@...hat.com" <bhe@...hat.com>,
"vbabka@...e.cz" <vbabka@...e.cz>,
"hannes@...xchg.org" <hannes@...xchg.org>,
"mhocko@...nel.org" <mhocko@...nel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
GyeongHwan Hong <gh21.hong@...sung.com>,
YongTaek Lee <ytk.lee@...sung.com>,
"jaewon31.kim@...il.com" <jaewon31.kim@...il.com>
Subject: RE: [PATCH] page_alloc: fix invalid watemark check on a negative
value
>On Mon, Jul 25, 2022 at 10:28:43AM +0900, Jaewon Kim wrote:
>> There was a report that a task is waiting at the
>> throttle_direct_reclaim. The pgscan_direct_throttle in vmstat was
>> increasing.
>>
>> This is a bug where zone_watermark_fast returns true even when the free
>> is very low. The commit f27ce0e14088 ("page_alloc: consider highatomic
>> reserve in watermark fast") changed the watermark fast to consider
>> highatomic reserve. But it did not handle a negative value case which
>> can be happened when reserved_highatomic pageblock is bigger than the
>> actual free.
>>
>> If watermark is considered as ok for the negative value, allocating
>> contexts for order-0 will consume all free pages without direct reclaim,
>> and finally free page may become depleted except highatomic free.
>>
>> Then allocating contexts may fall into throttle_direct_reclaim. This
>> symptom may easily happen in a system where wmark min is low and other
>> reclaimers like kswapd does not make free pages quickly.
>>
>> To handle the negative value, get the value as long type like
>> __zone_watermark_ok does.
>>
>> Reported-by: GyeongHwan Hong <gh21.hong@...sung.com>
>> Signed-off-by: Jaewon Kim <jaewon31.kim@...sung.com>
>
>Add
>
>Fixes: f27ce0e14088 ("page_alloc: consider highatomic reserve in watermark fast")
I will add the Fixes.
>
>The fix is fine as-is but it's not immediately obvious why this
>can wrap negative as it depends on an implementation detail of
>__zone_watermark_unusable_free. The variable copy just to change the sign
>could get accidentally "fixed" later as a micro-optimisation (same if the
>type of mark was changed) so maybe leave a comment like
>
> /* unusable may over-estimate high-atomic reserves */
>
>Otherwise
>
>Acked-by: Mel Gorman <mgorman@...hsingularity.net>
Thank you for your Ack
Yes leaving comment will be helpful. Actually let me take your patch.
I think this but is obvious and fix is sipmle, I can resubmit right away.
>
>The problem could also be made explicit with something like below. I know
>you are copying the logic of __zone_watermark_ok but I don't think min
>can go negative there.
The min in __zone_watermark_ok is positive because mark is always unsigned.
But I think free_pages in __zone_watermark_ok can go negative because of the
same reason.
>
>diff --git a/mm/page_alloc.c b/mm/page_alloc.c
>index 934d1b5a5449..f8f50a2aa43e 100644
>--- a/mm/page_alloc.c
>+++ b/mm/page_alloc.c
>@@ -4048,11 +4048,15 @@ static inline bool zone_watermark_fast(struct zone *z, unsigned int order,
> * need to be calculated.
> */
> if (!order) {
>- long fast_free;
>+ long usable_free;
>+ long reserved;
>
>- fast_free = free_pages;
>- fast_free -= __zone_watermark_unusable_free(z, 0, alloc_flags);
>- if (fast_free > mark + z->lowmem_reserve[highest_zoneidx])
>+ usable_free = free_pages;
>+ reserved = __zone_watermark_unusable_free(z, 0, alloc_flags);
>+
>+ /* reserved may over estimate high-atomic reserves. */
>+ usable_free -= min(usable_free, reserved);
>+ if (usable_free > mark + z->lowmem_reserve[highest_zoneidx])
> return true;
> }
>
>--
>Mel Gorman
>SUSE Labs
Powered by blists - more mailing lists