lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZZ5yWriL-T59Bcu_@tiehlicka>
Date: Wed, 10 Jan 2024 11:32:58 +0100
From: Michal Hocko <mhocko@...e.com>
To: Yu Zhao <yuzhao@...gle.com>
Cc: Dan Schatzberg <schatzberg.dan@...il.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, cgroups@...r.kernel.org,
	linux-mm@...ck.org, Yosry Ahmed <yosryahmed@...gle.com>,
	David Rientjes <rientjes@...gle.com>, Chris Li <chrisl@...nel.org>,
	Tejun Heo <tj@...nel.org>, Zefan Li <lizefan.x@...edance.com>,
	Johannes Weiner <hannes@...xchg.org>,
	Jonathan Corbet <corbet@....net>,
	Roman Gushchin <roman.gushchin@...ux.dev>,
	Shakeel Butt <shakeelb@...gle.com>,
	Muchun Song <muchun.song@...ux.dev>,
	David Hildenbrand <david@...hat.com>,
	Matthew Wilcox <willy@...radead.org>,
	Kefeng Wang <wangkefeng.wang@...wei.com>,
	Yue Zhao <findns94@...il.com>, Hugh Dickins <hughd@...gle.com>
Subject: Re: [PATCH v6 2/2] mm: add swapiness= arg to memory.reclaim

On Tue 09-01-24 16:54:15, Yu Zhao wrote:
> On Thu, Jan 4, 2024 at 1:48 AM Michal Hocko <mhocko@...e.com> wrote:
> >
> > On Wed 03-01-24 18:07:43, Yu Zhao wrote:
> > > On Wed, Jan 03, 2024 at 01:19:59PM -0500, Dan Schatzberg wrote:
> > > > On Wed, Jan 03, 2024 at 10:19:40AM -0700, Yu Zhao wrote:
> > > > [...]
> > > > > > diff --git a/mm/vmscan.c b/mm/vmscan.c
> > > > > > index d91963e2d47f..394e0dd46b2e 100644
> > > > > > --- a/mm/vmscan.c
> > > > > > +++ b/mm/vmscan.c
> > > > > > @@ -92,6 +92,11 @@ struct scan_control {
> > > > > >         unsigned long   anon_cost;
> > > > > >         unsigned long   file_cost;
> > > > > >
> > > > > > +#ifdef CONFIG_MEMCG
> > > > > > +       /* Swappiness value for proactive reclaim. Always use sc_swappiness()! */
> > > > > > +       int *proactive_swappiness;
> > > > > > +#endif
> > > > >
> > > > > Why is proactive_swappiness still a pointer? The whole point of the
> > > > > previous conversation is that sc->proactive can tell whether
> > > > > sc->swappiness is valid or not, and that's less awkward than using a
> > > > > pointer.
> > > >
> > > > It's the same reason as before - zero initialization ensures that the
> > > > pointer is NULL which tells us if it's valid or not. Proactive reclaim
> > > > might not set swappiness and you need to distinguish swappiness of 0
> > > > and not-set. See this discussion with Michal:
> > > >
> > > > https://lore.kernel.org/linux-mm/ZZUizpTWOt3gNeqR@tiehlicka/
> > >
> > >  static ssize_t memory_reclaim(struct kernfs_open_file *of, char *buf,
> > >                               size_t nbytes, loff_t off)
> > >  {
> > >         struct mem_cgroup *memcg = mem_cgroup_from_css(of_css(of));
> > >         unsigned int nr_retries = MAX_RECLAIM_RETRIES;
> > >         unsigned long nr_to_reclaim, nr_reclaimed = 0;
> > > +       int swappiness = -1;
> > > ...
> > >                 reclaimed = try_to_free_mem_cgroup_pages(memcg,
> > >                                         min(nr_to_reclaim - nr_reclaimed, SWAP_CLUSTER_MAX),
> > > -                                       GFP_KERNEL, reclaim_options);
> > > +                                       GFP_KERNEL, reclaim_options,
> > > +                                       swappiness);
> > >
> > > ...
> > >
> > > +static int sc_swappiness(struct scan_control *sc, struct mem_cgroup *memcg)
> > > +{
> > > +       return sc->proactive && sc->proactive_swappiness > -1 ?
> > > +              sc->proactive_swappiness : mem_cgroup_swappiness(memcg);
> > > +}
> >
> > Tpo be completely honest I really fail to see why this is such a hot
> > discussion point. To be completely clear both approaches are feasible.
> 
> Feasible but not equal.
> 
> > The main argument for NULL check based approach is that it is less error
> > prone from an incorrect ussage because any bug becomes obvious.
> 
> Any bug becomes *fatal*, and fatal isn't only obvious but also hurts
> in production systems.
> 
> This was the reason for going through the trouble switching from
> VM_BUG_ON() to VM_WARN_ON() and documenting it in
> Documentation/process/coding-style.rst:
> 
> 22) Do not crash the kernel
> ---------------------------
> 
> In general, the decision to crash the kernel belongs to the user, rather
> than to the kernel developer.
> 
> Isn't?

I do agree with this general statement but I do not think it is
applicable in this context.

This is not an explicit BUG() when kernel explicitly sets to panic the
system. We are talking about subtle misbehavior which might be
non-trivial to debug (there are other reasons to not swap at all) vs. a
potential NULL ptr which will kill the userspace in a very obvious way.
Sure there are risks with that but checks for potential NULL ptr
dereferncing is easier than forgot explicit initialization. There are
clear pros and cons for both approaches. NULL default initialized
structures members which allow for behavior override are a general
kernel pattern so I do not really see this going way off the rails.
-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ