lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <953596b2-8749-493d-97eb-a5d8995d9ef8@redhat.com>
Date: Thu, 12 Jun 2025 10:51:17 +0200
From: David Hildenbrand <david@...hat.com>
To: Baolin Wang <baolin.wang@...ux.alibaba.com>, akpm@...ux-foundation.org,
 hughd@...gle.com
Cc: lorenzo.stoakes@...cle.com, Liam.Howlett@...cle.com, npache@...hat.com,
 ryan.roberts@....com, dev.jain@....com, ziy@...dia.com, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] mm: huge_memory: disallow hugepages if the
 system-wide THP sysfs settings are disabled

On 12.06.25 09:51, Baolin Wang wrote:
> 
> 
> On 2025/6/11 20:34, David Hildenbrand wrote:
>> On 05.06.25 10:00, Baolin Wang wrote:
>>> The MADV_COLLAPSE will ignore the system-wide Anon THP sysfs settings,
>>> which
>>> means that even though we have disabled the Anon THP configuration,
>>> MADV_COLLAPSE
>>> will still attempt to collapse into a Anon THP. This violates the rule
>>> we have
>>> agreed upon: never means never.
>>>
>>> Another rule for madvise, referring to David's suggestion: “allowing
>>> for collapsing
>>> in a VM without VM_HUGEPAGE in the "madvise" mode would be fine".
>>>
>>> To address this issue, should check whether the Anon THP configuration
>>> is disabled
>>> in thp_vma_allowable_orders(), even when the TVA_ENFORCE_SYSFS flag is
>>> set.
>>>
>>> In summary, the current strategy is:
>>>
>>> 1. If always & orders == 0, and madvise & orders == 0, and
>>> hugepage_global_enabled() == false
>>> (global THP settings are not enabled), it means mTHP of that orders
>>> are prohibited
>>> from being used, then madvise_collapse() is forbidden for that orders.
>>>
>>> 2. If always & orders == 0, and madvise & orders == 0, and
>>> hugepage_global_enabled() == true
>>> (global THP settings are enabled), and inherit & orders == 0, it means
>>> mTHP of that
>>> orders are still prohibited from being used, thus madvise_collapse()
>>> is not allowed
>>> for that orders.
>>>
>>> Reviewed-by: Zi Yan <ziy@...dia.com>
>>> Signed-off-by: Baolin Wang <baolin.wang@...ux.alibaba.com>
>>> ---
>>>    include/linux/huge_mm.h | 23 +++++++++++++++++++----
>>>    1 file changed, 19 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h
>>> index 2f190c90192d..199ddc9f04a1 100644
>>> --- a/include/linux/huge_mm.h
>>> +++ b/include/linux/huge_mm.h
>>> @@ -287,20 +287,35 @@ unsigned long thp_vma_allowable_orders(struct
>>> vm_area_struct *vma,
>>>                           unsigned long orders)
>>>    {
>>>        /* Optimization to check if required orders are enabled early. */
>>> -    if ((tva_flags & TVA_ENFORCE_SYSFS) && vma_is_anonymous(vma)) {
>>> -        unsigned long mask = READ_ONCE(huge_anon_orders_always);
>>> +    if (vma_is_anonymous(vma)) {
>>> +        unsigned long always = READ_ONCE(huge_anon_orders_always);
>>> +        unsigned long madvise = READ_ONCE(huge_anon_orders_madvise);
>>> +        unsigned long inherit = READ_ONCE(huge_anon_orders_inherit);
>>> +        unsigned long mask = always | madvise;
>>> +
>>> +        /*
>>> +         * If the system-wide THP/mTHP sysfs settings are disabled,
>>> +         * then we should never allow hugepages.
>>   > +         */> +        if (!(mask & orders) &&
>> !(hugepage_global_enabled() && (inherit & orders)))
>>> +            return 0;
>>
>> I'm still trying to digest that. Isn't there a way for us to work with
>> the orders,
>> essentially masking off all orders that are forbidden globally. Similar
>> to below, if !orders, then return 0?
>> /* Orders disabled directly. */
>> orders &= ~TODO;
>> /* Orders disabled by inheriting from the global toggle. */
>> if (!hugepage_global_enabled())
>>       orders &= ~READ_ONCE(huge_anon_orders_inherit);
>>
>> TODO is probably a -1ULL and then clearing always/madvise/inherit. Could
>> add a simple helper for that
>>
>> huge_anon_orders_never
> 
> I followed Lorenzo's suggestion to simplify the logic. Does that look
> more readable?
> 
> diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h
> index 2f190c90192d..3087ac7631e0 100644
> --- a/include/linux/huge_mm.h
> +++ b/include/linux/huge_mm.h
> @@ -265,6 +265,43 @@ unsigned long __thp_vma_allowable_orders(struct
> vm_area_struct *vma,
>                                            unsigned long tva_flags,
>                                            unsigned long orders);
> 
> +/* Strictly mask requested anonymous orders according to sysfs settings. */
> +static inline unsigned long __thp_mask_anon_orders(unsigned long vm_flags,
> +                               unsigned long tva_flags, unsigned long
> orders)
> +{
> +       unsigned long always = READ_ONCE(huge_anon_orders_always);
> +       unsigned long madvise = READ_ONCE(huge_anon_orders_madvise);
> +       unsigned long inherit = READ_ONCE(huge_anon_orders_inherit);
> +       bool inherit_enabled = hugepage_global_enabled();
> +       bool has_madvise =  vm_flags & VM_HUGEPAGE;
> +       unsigned long mask = always | madvise;
> +
> +       mask = always | madvise;
> +       if (inherit_enabled)
> +               mask |= inherit;
> +
> +       /* All set to/inherit NEVER - never means never globally, abort. */
> +       if (!(mask & orders))
> +               return 0;

Still confusing. I am not sure if we would properly catch when someone 
specifies e.g., 2M and 1M, while we only have 2M disabled.


I would rewrite the function to only ever substract from "orders".

...

/* Disallow orders that are set to NEVER directly ... */
order &= (always | madvise | inherit);

/* ... or through inheritance. */
if (inherit_enabled)
	orders &= ~inherit;

/*
  * Otherwise, we only enforce sysfs settings if asked. In addition,
  * if the user sets a sysfs mode of madvise and if TVA_ENFORCE_SYSFS
  * is not set, we don't bother checking whether the VMA has VM_HUGEPAGE
  * set.
  */
if (!orders || !(tva_flags & TVA_ENFORCE_SYSFS))
	return orders;

> +
> +       /*
> +        * Otherwise, we only enforce sysfs settings if asked. In addition,
> +        * if the user sets a sysfs mode of madvise and if TVA_ENFORCE_SYSFS
> +        * is not set, we don't bother checking whether the VMA has
> VM_HUGEPAGE
> +        * set.
> +        */
> +       if (!(tva_flags & TVA_ENFORCE_SYSFS))
> +               return orders;
> +
> +       mask = always;
> +       if (has_madvise)
> +               mask |= madvise;
> +       if (hugepage_global_always() || (has_madvise && inherit_enabled))
> +               mask |= inherit;

Similarly, this can maybe become (not 100% sure if I got it right, the 
condition above is confusing)

if (!has_madvise) {
	/*
	 * Without VM_HUGEPAGE, only allow orders that are set to
	 * ALWAYS directly ...
	  */
	order &= (always | inherit);
	/* ... or through inheritance. */
	if (!hugepage_global_always())
		orders &= ~inherit;
}

-- 
Cheers,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ