| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Feb 2024 13:42:23 +0800 From: "Huang, Ying" <ying.huang@...el.com> To: Kairui Song <ryncsn@...il.com> Cc: Minchan Kim <minchan@...nel.org>, Chris Li <chrisl@...nel.org>, Barry Song <21cnbao@...il.com>, linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>, Yu Zhao <yuzhao@...gle.com>, Barry Song <v-songbaohua@...o.com>, SeongJae Park <sj@...nel.org>, Hugh Dickins <hughd@...gle.com>, Johannes Weiner <hannes@...xchg.org>, Matthew Wilcox <willy@...radead.org>, Michal Hocko <mhocko@...e.com>, Yosry Ahmed <yosryahmed@...gle.com>, David Hildenbrand <david@...hat.com>, stable@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] mm/swap: fix race when skipping swapcache Kairui Song <ryncsn@...il.com> writes: > On Thu, Feb 8, 2024 at 2:36 PM Huang, Ying <ying.huang@...el.com> wrote: >> >> Kairui Song <ryncsn@...il.com> writes: >> >> > On Thu, Feb 8, 2024 at 2:31 AM Minchan Kim <minchan@...nel.org> wrote: >> >> >> >> On Wed, Feb 07, 2024 at 12:06:15PM +0800, Kairui Song wrote: >> >> [snip] >> >> >> > >> >> > So I think the thing is, it's getting complex because this patch >> >> > wanted to make it simple and just reuse the swap cache flags. >> >> >> >> I agree that a simple fix would be the important at this point. >> >> >> >> Considering your description, here's my understanding of the other idea: >> >> Other method, such as increasing the swap count, haven't proven effective >> >> in your tests. The approach risk forcing racers to rely on the swap cache >> >> again and the potential performance loss in race scenario. >> >> >> >> While I understand that simplicity is important, and performance loss >> >> in this case may be infrequent, I believe swap_count approach could be a >> >> suitable solution. What do you think? >> > >> > Hi Minchan >> > >> > Yes, my main concern was about simplicity and performance. >> > >> > Increasing swap_count here will also race with another process from >> > releasing swap_count to 0 (swapcache was able to sync callers in other >> > call paths but we skipped swapcache here). >> >> What is the consequence of the race condition? > > Hi Ying, > > It will increase the swap count of an already freed entry, this race > with multiple swap free/alloc logic that checks if count == > SWAP_HAS_CACHE or sets count to zero, or repeated free of an entry, > all result in random corruption of the swap map. This happens a lot > during stress testing. You are right! Thanks for explanation. -- Best Regards, Huang, Ying >> >> > So the right step is: 1. Lock the cluster/swap lock; 2. Check if still >> > have swap_count == 1, bail out if not; 3. Set it to 2; >> > __swap_duplicate can be modified to support this, it's similar to >> > existing logics for SWAP_HAS_CACHE. >> > >> > And swap freeing path will do more things, swapcache clean up needs to >> > be handled even in the bypassing path since the racer may add it to >> > swapcache. >> > >> > Reusing SWAP_HAS_CACHE seems to make it much simpler and avoided many >> > overhead, so I used that way in this patch, the only issue is >> > potentially repeated page faults now. >> > >> > I'm currently trying to add a SWAP_MAP_LOCK (or SWAP_MAP_SYNC, I'm bad >> > at naming it) special value, so any racer can just spin on it to avoid >> > all the problems, how do you think about this? >> >> Let's try some simpler method firstly. > > Another simpler idea is, add a schedule() or > schedule_timeout_uninterruptible(1) in the swapcache_prepare failure > path before goto out (just like __read_swap_cache_async). I think this > should ensure in almost all cases, PTE is ready after it returns, also > yields more CPU.
Powered by blists - more mailing lists