lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YzkmErHFyYW3awRn@hyeyoo>
Date:   Sun, 2 Oct 2022 14:48:02 +0900
From:   Hyeonggon Yoo <42.hyeyoo@...il.com>
To:     Hugh Dickins <hughd@...gle.com>
Cc:     Vlastimil Babka <vbabka@...e.cz>,
        David Laight <David.Laight@...lab.com>,
        Joel Fernandes <joel@...lfernandes.org>,
        Matthew Wilcox <willy@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        rcu@...r.kernel.org
Subject: Re: amusing SLUB compaction bug when CC_OPTIMIZE_FOR_SIZE

On Thu, Sep 29, 2022 at 02:54:45PM -0700, Hugh Dickins wrote:
> On Thu, 29 Sep 2022, Vlastimil Babka wrote:
> > On 9/28/22 19:50, Hugh Dickins wrote:
> > > On Wed, 28 Sep 2022, Vlastimil Babka wrote:
> > >> On 9/28/22 15:48, Joel Fernandes wrote:
> > >> > On Wed, Sep 28, 2022 at 02:49:02PM +0900, Hyeonggon Yoo wrote:
> > >> >> On Tue, Sep 27, 2022 at 10:16:35PM -0700, Hugh Dickins wrote:
> > >> >>> It's a bug in linux-next, but taking me too long to identify which
> > >> >>> commit is "to blame", so let me throw it over to you without more
> > >> >>> delay: I think __PageMovable() now needs to check !PageSlab().
> > >> 
> > >> When I tried that, the result wasn't really nice:
> > >> 
> > >> https://lore.kernel.org/all/aec59f53-0e53-1736-5932-25407125d4d4@suse.cz/
> > >> 
> > >> And what if there's another conflicting page "type" later. Or the debugging
> > >> variant of rcu_head in struct page itself. The __PageMovable() is just too
> > >> fragile.
> > > 
> > > I don't disagree (and don't really know all the things you're thinking
> > > of in there).  But if it's important to rescue this feature for 6.1, a
> > > different approach may be the very simple patch below (I met a similar
> > > issue with OPTIMIZE_FOR_SIZE in i915 a year ago, and just remembered).
> > > 
> > > But you be the judge of it: (a) I do not know whether rcu_free_slab
> > > is the only risky address ever stuffed into that field; and (b) I'm
> > > clueless when it comes to those architectures (powerpc etc) where the
> > > the address of a function is something different from the address of
> > > the function (have I conveyed my cluelessness adequately?).
> > 
> > Thanks a lot Hugh! That's a sufficiently small fix (compared to the other
> > options) that I'm probably give it one last try.
> 
> I suddenly worried that you might be waiting on me for a Signed-off-by,
> which I couldn't give until I researched my reservations (a) and (b):
> but I'm pleased to see from your kernel.org tree that you've gone ahead
> and folded it in - thanks.
> 
> Regarding (a): great, you've found it too, mm/slab.c's kmem_rcu_free()
> looks like it needs the same __aligned(4) as mm/slub.c's rcu_free_slabi().

Just one more thing, rcu_leak_callback too. RCU seem to use it
internally to catch double call_rcu().

And some suggestions:
- what about adding runtime WARN() on slab init code to catch
  unexpected arch/toolchain issues?
- instead of 4, we may use macro definition? like (PAGE_MAPPING_FLAGS + 1)?

-- 
Thanks,
Hyeonggon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ