lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Apr 2024 19:00:51 -0400
From: Kent Overstreet <kent.overstreet@...ux.dev>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Matthew Wilcox <willy@...radead.org>, 
	Suren Baghdasaryan <surenb@...gle.com>, joro@...tes.org, will@...nel.org, 
	trond.myklebust@...merspace.com, anna@...nel.org, arnd@...db.de, herbert@...dor.apana.org.au, 
	davem@...emloft.net, jikos@...nel.org, benjamin.tissoires@...hat.com, tytso@....edu, 
	jack@...e.com, dennis@...nel.org, tj@...nel.org, cl@...ux.com, 
	jakub@...udflare.com, penberg@...nel.org, rientjes@...gle.com, iamjoonsoo.kim@....com, 
	vbabka@...e.cz, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, 
	iommu@...ts.linux.dev, linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org, 
	linux-acpi@...r.kernel.org, acpica-devel@...ts.linux.dev, linux-arch@...r.kernel.org, 
	linux-crypto@...r.kernel.org, bpf@...r.kernel.org, linux-input@...r.kernel.org, 
	linux-ext4@...r.kernel.org, linux-mm@...ck.org, netdev@...r.kernel.org, 
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH 1/1] mm: change inlined allocation helpers to account at
 the call site

On Thu, Apr 04, 2024 at 03:41:50PM -0700, Andrew Morton wrote:
> On Thu, 4 Apr 2024 18:38:39 -0400 Kent Overstreet <kent.overstreet@...ux.dev> wrote:
> 
> > On Thu, Apr 04, 2024 at 11:33:22PM +0100, Matthew Wilcox wrote:
> > > On Thu, Apr 04, 2024 at 03:17:43PM -0700, Suren Baghdasaryan wrote:
> > > > Ironically, checkpatch generates warnings for these type casts:
> > > > 
> > > > WARNING: unnecessary cast may hide bugs, see
> > > > http://c-faq.com/malloc/mallocnocast.html
> > > > #425: FILE: include/linux/dma-fence-chain.h:90:
> > > > + ((struct dma_fence_chain *)kmalloc(sizeof(struct dma_fence_chain),
> > > > GFP_KERNEL))
> > > > 
> > > > I guess I can safely ignore them in this case (since we cast to the
> > > > expected type)?
> > > 
> > > I find ignoring checkpatch to be a solid move 99% of the time.
> > > 
> > > I really don't like the codetags.  This is so much churn, and it could
> > > all be avoided by just passing in _RET_IP_ or _THIS_IP_ depending on
> > > whether we wanted to profile this function or its caller.  vmalloc
> > > has done it this way since 2008 (OK, using __builtin_return_address())
> > > and lockdep has used _THIS_IP_ / _RET_IP_ since 2006.
> > 
> > Except you can't. We've been over this; using that approach for tracing
> > is one thing, using it for actual accounting isn't workable.
> 
> I missed that.  There have been many emails.  Please remind us of the
> reasoning here.

I think it's on the other people claiming 'oh this would be so easy if
you just do it this other way' to put up some code - or at least more
than hot takes.

But, since you asked - one of the main goals of this patchset was to be
fast enough to run in production, and if you do it by return address
then you've added at minimum a hash table lookup to every allocate and
free; if you do that, running it in production is completely out of the
question.

Besides that - the issues with annotating and tracking the correct
callsite really don't go away, they just shift around a bit. It's true
that the return address approach would be easier initially, but that's
not all we're concerned with; we're concerned with making sure
allocations get accounted to the _correct_ callsite so that we're giving
numbers that you can trust, and by making things less explicit you make
that harder.

Additionally: the alloc_hooks() macro is for more than this. It's also
for more usable fault injection - remember every thread we have where
people are begging for every allocation to be __GFP_NOFAIL - "oh, error
paths are hard to test, let's just get rid of them" - never mind that
actually do have to have error paths - but _per callsite_ selectable
fault injection will actually make it practical to test memory error
paths.

And Kees working on stuff that'll make use of the alloc_hooks() macro
for segregating kmem_caches.

This is all stuff that I've explained before; let's please dial back on
the whining - or I'll just bookmark this for next time...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ