lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e80f8d1c-888b-4d39-a00c-5b92ee339715@redhat.com>
Date: Thu, 12 Jun 2025 15:13:19 +0200
From: David Hildenbrand <david@...hat.com>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
Cc: Baolin Wang <baolin.wang@...ux.alibaba.com>, akpm@...ux-foundation.org,
 hughd@...gle.com, Liam.Howlett@...cle.com, npache@...hat.com,
 ryan.roberts@....com, dev.jain@....com, ziy@...dia.com, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] mm: huge_memory: disallow hugepages if the
 system-wide THP sysfs settings are disabled

On 12.06.25 15:07, Lorenzo Stoakes wrote:
> On Thu, Jun 12, 2025 at 10:51:17AM +0200, David Hildenbrand wrote:
>> On 12.06.25 09:51, Baolin Wang wrote:
>>>
>>>
>>> On 2025/6/11 20:34, David Hildenbrand wrote:
>>>> On 05.06.25 10:00, Baolin Wang wrote:
>>>>> The MADV_COLLAPSE will ignore the system-wide Anon THP sysfs settings,
>>>>> which
>>>>> means that even though we have disabled the Anon THP configuration,
>>>>> MADV_COLLAPSE
>>>>> will still attempt to collapse into a Anon THP. This violates the rule
>>>>> we have
>>>>> agreed upon: never means never.
>>>>>
>>>>> Another rule for madvise, referring to David's suggestion: “allowing
>>>>> for collapsing
>>>>> in a VM without VM_HUGEPAGE in the "madvise" mode would be fine".
>>>>>
>>>>> To address this issue, should check whether the Anon THP configuration
>>>>> is disabled
>>>>> in thp_vma_allowable_orders(), even when the TVA_ENFORCE_SYSFS flag is
>>>>> set.
>>>>>
>>>>> In summary, the current strategy is:
>>>>>
>>>>> 1. If always & orders == 0, and madvise & orders == 0, and
>>>>> hugepage_global_enabled() == false
>>>>> (global THP settings are not enabled), it means mTHP of that orders
>>>>> are prohibited
>>>>> from being used, then madvise_collapse() is forbidden for that orders.
>>>>>
>>>>> 2. If always & orders == 0, and madvise & orders == 0, and
>>>>> hugepage_global_enabled() == true
>>>>> (global THP settings are enabled), and inherit & orders == 0, it means
>>>>> mTHP of that
>>>>> orders are still prohibited from being used, thus madvise_collapse()
>>>>> is not allowed
>>>>> for that orders.
>>>>>
>>>>> Reviewed-by: Zi Yan <ziy@...dia.com>
>>>>> Signed-off-by: Baolin Wang <baolin.wang@...ux.alibaba.com>
>>>>> ---
>>>>>     include/linux/huge_mm.h | 23 +++++++++++++++++++----
>>>>>     1 file changed, 19 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h
>>>>> index 2f190c90192d..199ddc9f04a1 100644
>>>>> --- a/include/linux/huge_mm.h
>>>>> +++ b/include/linux/huge_mm.h
>>>>> @@ -287,20 +287,35 @@ unsigned long thp_vma_allowable_orders(struct
>>>>> vm_area_struct *vma,
>>>>>                            unsigned long orders)
>>>>>     {
>>>>>         /* Optimization to check if required orders are enabled early. */
>>>>> -    if ((tva_flags & TVA_ENFORCE_SYSFS) && vma_is_anonymous(vma)) {
>>>>> -        unsigned long mask = READ_ONCE(huge_anon_orders_always);
>>>>> +    if (vma_is_anonymous(vma)) {
>>>>> +        unsigned long always = READ_ONCE(huge_anon_orders_always);
>>>>> +        unsigned long madvise = READ_ONCE(huge_anon_orders_madvise);
>>>>> +        unsigned long inherit = READ_ONCE(huge_anon_orders_inherit);
>>>>> +        unsigned long mask = always | madvise;
>>>>> +
>>>>> +        /*
>>>>> +         * If the system-wide THP/mTHP sysfs settings are disabled,
>>>>> +         * then we should never allow hugepages.
>>>>    > +         */> +        if (!(mask & orders) &&
>>>> !(hugepage_global_enabled() && (inherit & orders)))
>>>>> +            return 0;
>>>>
>>>> I'm still trying to digest that. Isn't there a way for us to work with
>>>> the orders,
>>>> essentially masking off all orders that are forbidden globally. Similar
>>>> to below, if !orders, then return 0?
>>>> /* Orders disabled directly. */
>>>> orders &= ~TODO;
>>>> /* Orders disabled by inheriting from the global toggle. */
>>>> if (!hugepage_global_enabled())
>>>>        orders &= ~READ_ONCE(huge_anon_orders_inherit);
>>>>
>>>> TODO is probably a -1ULL and then clearing always/madvise/inherit. Could
>>>> add a simple helper for that
>>>>
>>>> huge_anon_orders_never
>>>
>>> I followed Lorenzo's suggestion to simplify the logic. Does that look
>>> more readable?
>>>
>>> diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h
>>> index 2f190c90192d..3087ac7631e0 100644
>>> --- a/include/linux/huge_mm.h
>>> +++ b/include/linux/huge_mm.h
>>> @@ -265,6 +265,43 @@ unsigned long __thp_vma_allowable_orders(struct
>>> vm_area_struct *vma,
>>>                                             unsigned long tva_flags,
>>>                                             unsigned long orders);
>>>
>>> +/* Strictly mask requested anonymous orders according to sysfs settings. */
>>> +static inline unsigned long __thp_mask_anon_orders(unsigned long vm_flags,
>>> +                               unsigned long tva_flags, unsigned long
>>> orders)
>>> +{
>>> +       unsigned long always = READ_ONCE(huge_anon_orders_always);
>>> +       unsigned long madvise = READ_ONCE(huge_anon_orders_madvise);
>>> +       unsigned long inherit = READ_ONCE(huge_anon_orders_inherit);
>>> +       bool inherit_enabled = hugepage_global_enabled();
>>> +       bool has_madvise =  vm_flags & VM_HUGEPAGE;
>>> +       unsigned long mask = always | madvise;
>>> +
>>> +       mask = always | madvise;
>>> +       if (inherit_enabled)
>>> +               mask |= inherit;
>>> +
>>> +       /* All set to/inherit NEVER - never means never globally, abort. */
>>> +       if (!(mask & orders))
>>> +               return 0;
>>
>> Still confusing. I am not sure if we would properly catch when someone
>> specifies e.g., 2M and 1M, while we only have 2M disabled.
> 
> I did wonder if we should call 'orders' something like 'requested_orders'
> or something.
> 
> This check is always against the input orders which we might conceivably
> want.
> 
> For instance in madvise_collapse():
> 
> 	if (!thp_vma_allowable_order(vma, vma->vm_flags, 0, PMD_ORDER))
> 		return -EINVAL;
> 
> I don't think, if it's only possible for PMD order collapse, and that is
> disabled, but mTHP 64 KB let's say is enabled, it'd be fine for
> MADV_COLLAPSE to succeed at the PMD order.
> 
> 
>>
>>
>> I would rewrite the function to only ever substract from "orders".
> 
> Hm.
> 
>>
>> ...
>>
>> /* Disallow orders that are set to NEVER directly ... */
>> order &= (always | madvise | inherit);
>         ^s
> 
> I think you mean (always | madvise) here.
> 
>>
>> /* ... or through inheritance. */
>> if (inherit_enabled)
>> 	orders &= ~inherit;
> 
> order & (inherit & ~inherit) is going to always be zero :)
> 
> So this should be
> 
> orders &= inherit.
> 
> The problem is, when you come to the next stage where you are done checking
> the 'are we in a NEVER situation regardless of TVA_ENFORCE_SYSFS' you've
> now corrupted orders.
> 
> Because you've included inherit even if !(tva_flags & TVA_ENFORCE_SYSFS).
> 
> And there's no way to recover that information.
> 
>>
>> /*
>>   * Otherwise, we only enforce sysfs settings if asked. In addition,
>>   * if the user sets a sysfs mode of madvise and if TVA_ENFORCE_SYSFS
>>   * is not set, we don't bother checking whether the VMA has VM_HUGEPAGE
>>   * set.
>>   */
>> if (!orders || !(tva_flags & TVA_ENFORCE_SYSFS))
>> 	return orders;
> 
> I don't think this is much delta to what we have now.
> 
> I do wonder if we should return mask & orders here, actually, to account
> for the fact that, in theory, orders could set > PMD for
> !TVA_ENFORCE_SYSFS) (not currently the case).
> 
>>
>>> +
>>> +       /*
>>> +        * Otherwise, we only enforce sysfs settings if asked. In addition,
>>> +        * if the user sets a sysfs mode of madvise and if TVA_ENFORCE_SYSFS
>>> +        * is not set, we don't bother checking whether the VMA has
>>> VM_HUGEPAGE
>>> +        * set.
>>> +        */
>>> +       if (!(tva_flags & TVA_ENFORCE_SYSFS))
>>> +               return orders;
>>> +
>>> +       mask = always;
>>> +       if (has_madvise)
>>> +               mask |= madvise;
>>> +       if (hugepage_global_always() || (has_madvise && inherit_enabled))
>>> +               mask |= inherit;
>>
>> Similarly, this can maybe become (not 100% sure if I got it right, the
>> condition above is confusing)
>>
>> if (!has_madvise) {
>> 	/*
>> 	 * Without VM_HUGEPAGE, only allow orders that are set to
>> 	 * ALWAYS directly ...
>> 	  */
>> 	order &= (always | inherit);
> 
> Obviously orders is corrupted at this point so this won't work, but I'm not
> sure this is right?
> 
> If no madvise, only then obey always/inherit? Hm?
> 
> 
>> 	/* ... or through inheritance. */
>> 	if (!hugepage_global_always())
>> 		orders &= ~inherit;
> 
> I'm not sure about this ~inherit again, that means we ignore inherit no?
> 
>> }
> 
> And we need a branch for madvise too no?
> 
> I think all of this is a _clear_ example of what a mess all this is.
> 
> I think we need a deeper refactor, but I think my suggested changes make at
> least what we have here less horrid to get through.
> 
> I think maybe a better refactoring that's in the spirit of this is:
> 
> if (has_madvise) {
> 	mask |= madvise;
> 	if (inherit_enabled)
> 		mask |= inherit;
> } else if (hugepage_global_always()) {
> 	mask |= inherit;
> }
> 
> What do you think?

The masks are just disgusting :(

While you were writing that reply, I just sent out something else. Not 
sure if that makes sense.

I'm having a hard time figuring out what we even want here in the 
existing code.

-- 
Cheers,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ