lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a6703e66-a8bc-43c9-a2b9-08f2a849c4ff@gmail.com>
Date: Sat, 19 Oct 2024 16:33:00 +0800
From: Yunsheng Lin <yunshenglin0825@...il.com>
To: Alexander Duyck <alexander.duyck@...il.com>,
 Yunsheng Lin <linyunsheng@...wei.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
 netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org
Subject: Re: [PATCH net-next v22 10/14] mm: page_frag: introduce
 prepare/probe/commit API

On 10/19/2024 2:03 AM, Alexander Duyck wrote:

> 
> Not a huge fan of introducing a ton of new API calls and then having
> to have them all applied at once in the follow-on patches. Ideally the
> functions and the header documentation for them would be introduced in
> the same patch as well as examples on how it would be used.
> 
> I really think we should break these up as some are used in one case,
> and others in another and it is a pain to have a pile of abstractions
> that are all using these functions in different ways.

I am guessing this patch may be split into three parts to make it more
reviewable and easier to discuss here:
1. Prepare & commit related API, which is still the large one.
2. Probe API related API.
3. Abort API.

And it is worthing mentioning that even if this patch is split into more
patches, it seems impossible to break patch 12 up as almost everything
related to changing "page_frag" to "page_frag_cache" need to be one
patch to avoid compile error.

> 
>> +static inline void page_frag_alloc_abort(struct page_frag_cache *nc,
>> +                                        unsigned int fragsz)
>> +{
>> +       VM_BUG_ON(fragsz > nc->offset);
>> +
>> +       nc->pagecnt_bias++;
>> +       nc->offset -= fragsz;
>> +}
>> +
> 
> We should probably have the same checks here you had on the earlier
> commit. We should not be allowing blind changes. If we are using the
> commit or abort interfaces we should be verifying a page frag with
> them to verify that the request to modify this is legitimate.

As an example in 'Preparation & committing API' section of patch 13, the
abort API is used to abort the operation of page_frag_alloc_*() related
API, so 'page_frag' is not available for doing those checking like the
commit API. For some case without the needing of complicated prepare &
commit API like tun_build_skb(), the abort API can be used to abort the
operation of page_frag_alloc_*() related API when bpf_prog_run_xdp()
returns XDP_DROP knowing that no one else is taking extra reference to
the just allocated fragment.

+Allocation & freeing API
+------------------------
+
+.. code-block:: c
+
+    void *va;
+
+    va = page_frag_alloc_align(nc, size, gfp, align);
+    if (!va)
+        goto do_error;
+
+    err = do_something(va, size);
+    if (err) {
+        page_frag_alloc_abort(nc, size);
+        goto do_error;
+    }
+
+    ...
+
+    page_frag_free(va);


If there is a need to abort the commit API operation, we probably call
it something like page_frag_commit_abort()?

> 
>>   void page_frag_free(void *addr);
>>
>>   #endif
>> diff --git a/mm/page_frag_cache.c b/mm/page_frag_cache.c
>> index f55d34cf7d43..5ea4b663ab8e 100644
>> --- a/mm/page_frag_cache.c
>> +++ b/mm/page_frag_cache.c
>> @@ -112,6 +112,27 @@ unsigned int __page_frag_cache_commit_noref(struct page_frag_cache *nc,
>>   }
>>   EXPORT_SYMBOL(__page_frag_cache_commit_noref);
>>
>> +void *__page_frag_alloc_refill_probe_align(struct page_frag_cache *nc,
>> +                                          unsigned int fragsz,
>> +                                          struct page_frag *pfrag,
>> +                                          unsigned int align_mask)
>> +{
>> +       unsigned long encoded_page = nc->encoded_page;
>> +       unsigned int size, offset;
>> +
>> +       size = PAGE_SIZE << encoded_page_decode_order(encoded_page);
>> +       offset = __ALIGN_KERNEL_MASK(nc->offset, ~align_mask);
>> +       if (unlikely(!encoded_page || offset + fragsz > size))
>> +               return NULL;
>> +
>> +       pfrag->page = encoded_page_decode_page(encoded_page);
>> +       pfrag->size = size - offset;
>> +       pfrag->offset = offset;
>> +
>> +       return encoded_page_decode_virt(encoded_page) + offset;
>> +}
>> +EXPORT_SYMBOL(__page_frag_alloc_refill_probe_align);
>> +
> 
> If I am not mistaken this would be the equivalent of allocating a size
> 0 fragment right? The only difference is that you are copying out the
> "remaining" size, but we could get that from the offset if we knew the
> size couldn't we? Would it maybe make sense to look at limiting this
> to PAGE_SIZE instead of passing the size of the actual fragment?

I am not sure if I understand what does "limiting this to PAGE_SIZE"
mean here.

I probably should mention the usecase of probe API here. For the usecase
of mptcp_sendmsg(), the minimum size of a fragment can be smaller when
the new fragment can be coalesced to previous fragment as there is an
extra memory needed for some header if the fragment can not be coalesced
to previous fragment. The probe API is mainly used to see if there is
any memory left in the 'page_frag_cache' that can be coalesced to
previous fragment.

> 
>>   void *__page_frag_cache_prepare(struct page_frag_cache *nc, unsigned int fragsz,
>>                                  struct page_frag *pfrag, gfp_t gfp_mask,
>>                                  unsigned int align_mask)
>> --
>> 2.33.0
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ