| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Mar 2023 18:08:19 -0400
From: Joel Fernandes <joel@...lfernandes.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Uladzislau Rezki <urezki@...il.com>, Jens Axboe <axboe@...nel.dk>,
LKML <linux-kernel@...r.kernel.org>, RCU <rcu@...r.kernel.org>,
"Paul E . McKenney" <paulmck@...nel.org>,
Oleksiy Avramchenko <oleksiy.avramchenko@...y.com>,
Philipp Reisner <philipp.reisner@...bit.com>,
Bryan Tan <bryantan@...are.com>,
Eric Dumazet <edumazet@...gle.com>,
Bob Pearson <rpearsonhpe@...il.com>,
Ariel Levkovich <lariel@...dia.com>,
"Theodore Ts'o" <tytso@....edu>, Julian Anastasov <ja@....bg>
Subject: Re: [PATCH 00/13] Rename k[v]free_rcu() single argument to k[v]free_rcu_mightsleep()
Hey Steve,
On Wed, Mar 15, 2023 at 4:28 PM Steven Rostedt <rostedt@...dmis.org> wrote:
>
> On Wed, 15 Mar 2023 15:57:02 -0400
> Joel Fernandes <joel@...lfernandes.org> wrote:
>
> > > I was going to suggest "kvfree_rcu_might_synchronize()" but that's just
> > > getting ridiculous.
> >
> > No, synchronize() is incorrect. The code really can sleep for other
> > reasons like memory allocation. It is not that simple of an
> > implementation as one may imagine. mightsleep is really the correct
> > wording IMHO.
> >
> > > Still, I will replace that code back to a kfree() and rcu_synchonize() than
> > > to let that other name get in.
> >
> > I think it is too late for that for now, we already have conversions
> > going into the other subsystems, that means we'll have to redo all
> > that over again (even if it sounded like a good idea, which it is
> > not).
> >
> > I would rather you just did: "#define kvfree_rcu_tracing
> > #kvfree_rcu_mightsleep", or something like that, if it is really a
> > problem. ;-)
> >
> > Also you are really the first person I know of who has a problem with that name.
>
> I guess you didn't read Jens's reply.
Apologies, I am trying to keep up with email but this week is crazy.
> The main issue I have with this, is that "might_sleep" is just an
> implementation issue. It has *nothing* to do with what the call is about.
> It is only about freeing something with RCU. It has nothing to do with
> sleeping. I don't use it because it might sleep. I use it to free something.
>
> If you don't like kvfree_rcu_synchronization() then call it
> kvfree_rcu_headless() and note that currently it can sleep. Because in
> the future, if we come up with an implementation where we it doesn't sleep,
> then we don't need to go and rename all the users in the future.
>
> See where I have the problem with the name "might_sleep"?
I am doubtful there may be a future where it does not sleep. Why?
Because you need an rcu_head *somewhere*. Unlike with debubojects,
which involves a lock-free per-CPU pool and a locked global pool, and
has the liberty to shutdown if it runs out of objects -- in RCU code
it doesn't have that liberty and it has to just keep working. The
kfree_rcu code does have pools of rcu_head as well, but that is not
thought to be enough to prevent OOM when memory needs to be given
back. AFAIK -- the synchronize_rcu() in there is a last resort and
undesirable (supposed to happen only when running out of
objects/memory).
Also "mightsleep" means just that -- *might*. That covers the fact
that sleeping may not happen ;-).
This is just my opinion and I will defer to Uladzislau, Paul and you
on how to proceed. Another option is "cansleep" which has the same
number of characters as headless. I don't believe expecting users to
read comments is practical, since we did already have comments and
there was a bug in the usage that triggered this whole series.
thanks,
- Joel
Powered by blists - more mailing lists