lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 19 Jun 2024 01:03:16 -0700
From: Shakeel Butt <shakeel.butt@...ux.dev>
To: Michal Hocko <mhocko@...e.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, 
	Linus Torvalds <torvalds@...ux-foundation.org>, kernel-team@...a.com, linux-mm@...ck.org, 
	linux-kernel@...r.kernel.org, Kyle McMartin <kyle@...radead.org>
Subject: Re: [PATCH] mm: ratelimit oversized kvmalloc warnings instead of once

On Wed, Jun 19, 2024 at 09:19:41AM GMT, Michal Hocko wrote:
> On Tue 18-06-24 14:34:21, Shakeel Butt wrote:
> > At the moment oversize kvmalloc warnings are triggered once using
> > WARN_ON_ONCE() macro. One issue with this approach is that it only
> > detects the first abuser and then ignores the remaining abusers which
> > complicates detecting all such abusers in a timely manner. The situation
> > becomes worse when the repro has low probability and requires production
> > traffic and thus require large set of machines to find such abusers. In
> > Mera production, this warn once is slowing down the detection of these
> > abusers. Simply replace WARN_ON_ONCE with WARN_RATELIMIT.
> 
> Long time ago, I've had a patch to do the once_per_callsite WARN. I
> cannot find reference at the moment but it used stack depot to note
> stacks that have already triggered. Back then there was no reponse on
> the ML. Should I try to dig deep and recover it from my archives? I
> think this is exactly kind of usecase where it would fit.
> 

Do you mean something like warn once per unique call stack? If yes then
I think that is better than the simple ratelimiting version as
ratelimiting one may still miss some abusers and also may keep warning
about the same abuser. Please do share your patch.

Thanks,
Shakeel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ