lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Feb 2024 11:18:55 +0100
From: Takashi Iwai <tiwai@...e.de>
To: Hillf Danton <hdanton@...a.com>
Cc: Sven van Ashbrook <svenva@...omium.org>,
	Karthikeyan Ramasubramanian <kramasub@...omium.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Brian Geffon <bgeffon@...gle.com>,
	linux-sound@...r.kernel.org,
	Kai Vehmanen <kai.vehmanen@...ux.intel.com>
Subject: Re: [PATCH v1] ALSA: memalloc: Fix indefinite hang in non-iommu case

On Fri, 16 Feb 2024 09:35:32 +0100,
Takashi Iwai wrote:
> 
> On Fri, 16 Feb 2024 05:34:24 +0100,
> Hillf Danton wrote:
> > 
> > On Thu, 15 Feb 2024 18:03:01 +0100 Takashi Iwai <tiwai@...e.de> wrote:
> > > 
> > > So it sounds like that we should go back for __GFP_NORETRY in general
> > > for non-zero order allocations, not only the call you changed, as
> > > __GFP_RETRY_MAYFAIL doesn't guarantee the stuck.
> > > 
> > > How about the changes like below?
> > > 
> > > +/* default GFP bits for our allocations */
> > > +static gfp_t default_gfp(size_t size)
> > > +{
> > > +	/* don't allocate intensively for high-order pages */
> > > +	if (size > PAGE_SIZE)
> > > +		return GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY;
> > > +	else
> > > +		return GFP_KERNEL | __GFP_NOWARN | __GFP_RETRY_MAYFAIL;
> > > +}
> > 
> > Looks like an overdose because both __GFP_NORETRY and __GFP_RETRY_MAYFAIL
> > are checked in __alloc_pages_slowpath().
> 
> If the check there worked as expected, this shouldn't have been a
> problem, no?
> 
> The fact that we have to drop __GFP_RETRY_MAYFAIL indicates that the
> handling there doesn't suffice -- at least for the audio operation.

Reconsidering on this again, I wonder keeping __GFP_RETRY_MAYFAIL
makes sense.  We did have __GFP_NORETRY for avoiding OOM-killer.
But it's been over ages, and the memory allocation core became smart
enough.

The side-effect of __GFP_RETRY_MAYFAIL is that the page reclaim and
compaction happens even for high-order allocations, and that must be
the issue we see now.  For dma_alloc_contiguous() with IOMMU, this
wasn't visible because the loop there sets __GFP_NORETRY explicitly
unless the minimal order.

So, basically we could have achieved the more or less same effect just
by dropping __GFP_NORETRY from DEFAULT_GFP definition.
(Now it's a drop of __GFP_RETRY_MAYFAIL)

OTOH, a slight concern with the drop of __GFP_RETRY_MAYFAIL is whether
allowing OOM-killer for low order allocations is acceptable or not.

There are two patterns of calling allocators:
1. SNDRV_DMA_TYPE_DEV for large pages:
   this is usually only once at driver probe, and the pages are
   preserved via PCM buffer preallocation mechanism

2. SNDRV_DMA_TYPE_DEV for lower orders:
   those are usually at probes for some communication buffers, and in
   most cases they are kept by drivers, too

3. SNDRV_DMA_TYPE_NONCONTIG for large size:
   this is called often, once per stream open, since the driver
   doesn't keep the buffer.

4. SNDRV_DMA_TYPE_NONCONTIG for lower orders:
   basically same as case 2.

That is, triggering OOM-killer would be OK for 2 and 4, but we have to
avoid for 3.  So, __GFP_RETRY_MAYFAIL would be still useful for there.

And for 3, there are two paths:
- with IOMMU => we may pass __GFP_RETRY_MAYFAIL unconditionally to
  dma_alloc_noncontiguous()
- without IOMMU => dma_alloc_noncontiguous() without MAYFAIL,
  but fallback allocation should become conditional:
  - higher order: default (or explicitly with NORETRY)
  - lower order: MAYFAIL

OTOH, the avoidance of OOM-killer wouldn't be bad even for 2 and 4 (as its
usefulness is dubious).  Then the conditionally setting MAYFAIL
wouldn't be bad for the calls of other dma_alloc_coherent() & co,
too.


Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ