2013-05-20 09:14:39

by Oskar Andero

[permalink] [raw]
Subject: [PATCH] mm: vmscan: add BUG_ON on illegal return values from scan_objects

Add a BUG_ON to catch any illegal value from the shrinkers. This fixes a
potential bug if scan_objects returns a negative other than -1, which
would lead to undefined behaviour.

Cc: Glauber Costa <[email protected]>
Cc: Dave Chinner <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Hugh Dickins <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Oskar Andero <[email protected]>
---
mm/vmscan.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/mm/vmscan.c b/mm/vmscan.c
index 6bac41e..fbe6742 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -293,6 +293,7 @@ shrink_slab_one(struct shrinker *shrinker, struct shrink_control *shrinkctl,
ret = shrinker->scan_objects(shrinker, shrinkctl);
if (ret == -1)
break;
+ BUG_ON(ret < -1);
freed += ret;

count_vm_events(SLABS_SCANNED, nr_to_scan);
--
1.8.1.5


2013-05-20 13:56:20

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH] mm: vmscan: add BUG_ON on illegal return values from scan_objects

On Mon, May 20, 2013 at 11:14:27AM +0200, Oskar Andero wrote:
> Add a BUG_ON to catch any illegal value from the shrinkers. This fixes a
> potential bug if scan_objects returns a negative other than -1, which
> would lead to undefined behaviour.

So it's better to crash a machine and keep anyone from using it?
Instead of recovering from an error you found? Not good.

greg k-h

2013-05-20 22:24:57

by David Rientjes

[permalink] [raw]
Subject: Re: [PATCH] mm: vmscan: add BUG_ON on illegal return values from scan_objects

On Mon, 20 May 2013, Oskar Andero wrote:

> Add a BUG_ON to catch any illegal value from the shrinkers. This fixes a
> potential bug if scan_objects returns a negative other than -1, which
> would lead to undefined behaviour.
>
> Cc: Glauber Costa <[email protected]>
> Cc: Dave Chinner <[email protected]>
> Cc: Andrew Morton <[email protected]>
> Cc: Hugh Dickins <[email protected]>
> Cc: Greg Kroah-Hartman <[email protected]>
> Signed-off-by: Oskar Andero <[email protected]>
> ---
> mm/vmscan.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/vmscan.c b/mm/vmscan.c
> index 6bac41e..fbe6742 100644
> --- a/mm/vmscan.c
> +++ b/mm/vmscan.c
> @@ -293,6 +293,7 @@ shrink_slab_one(struct shrinker *shrinker, struct shrink_control *shrinkctl,
> ret = shrinker->scan_objects(shrinker, shrinkctl);
> if (ret == -1)
> break;
> + BUG_ON(ret < -1);
> freed += ret;
>
> count_vm_events(SLABS_SCANNED, nr_to_scan);

Nack, this doesn't fix anything. I can see the intention, and for that it
might make sense to turn this into VM_BUG_ON() so that anybody debugging
an issue related to this with CONFIG_DEBUG_VM would get the indication,
but I don't think we need to enforce the API with BUG_ON().

2013-05-21 10:35:07

by Dave Chinner

[permalink] [raw]
Subject: Re: [PATCH] mm: vmscan: add BUG_ON on illegal return values from scan_objects

On Mon, May 20, 2013 at 11:14:27AM +0200, Oskar Andero wrote:
> Add a BUG_ON to catch any illegal value from the shrinkers. This fixes a
> potential bug if scan_objects returns a negative other than -1, which
> would lead to undefined behaviour.
>
> Cc: Glauber Costa <[email protected]>
> Cc: Dave Chinner <[email protected]>
> Cc: Andrew Morton <[email protected]>
> Cc: Hugh Dickins <[email protected]>
> Cc: Greg Kroah-Hartman <[email protected]>
> Signed-off-by: Oskar Andero <[email protected]>
> ---
> mm/vmscan.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/vmscan.c b/mm/vmscan.c
> index 6bac41e..fbe6742 100644
> --- a/mm/vmscan.c
> +++ b/mm/vmscan.c
> @@ -293,6 +293,7 @@ shrink_slab_one(struct shrinker *shrinker, struct shrink_control *shrinkctl,
> ret = shrinker->scan_objects(shrinker, shrinkctl);
> if (ret == -1)
> break;
> + BUG_ON(ret < -1);
> freed += ret;
>
> count_vm_events(SLABS_SCANNED, nr_to_scan);

NACK. we've got to fix the damn shrinkers first.

If you want this sort of guard added to the patchset Glauber and I
are working on that does this, then discuss it in the context of
that patch set.

Even if you do, you'll get the same answer: we need to first all the
busted shrinkers before we even consider being nasty about enforcing
the API constraints to prevent furture breakage.

If you want to do something useful, look at all the comments about
broken shrinkers in Glauber's patch set and work with the owners of
the code to understand what they really need and get them fixed.

-Dave.
--
Dave Chinner
[email protected]