Received: by 10.192.165.148 with SMTP id m20csp1201928imm; Wed, 25 Apr 2018 14:23:52 -0700 (PDT) X-Google-Smtp-Source: AIpwx49IGLoN4xbAW9/hzLEYfJOc9iTAVzHHgfS28ZeJQFWiPF+/AWo0GZkC/CDrT3lSURSok9Ka X-Received: by 10.167.134.70 with SMTP id a6mr29526928pfo.203.1524691432249; Wed, 25 Apr 2018 14:23:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524691432; cv=none; d=google.com; s=arc-20160816; b=j8V4kyi0HM6du/RtlLFr0Ggm0sHpI/FZmHNsCRyxYRCzNcBRLsEOeNMdaLSLko4Sm5 1h9I1MoKcwZ4JrWxKOiq6mrkYX3Y1A4YeiBrfXtz29sRAhcjxl7Cp/y2KATUxf22VF8v R7xYArKWRT61unyHMVdhAGiuL1bBRJeiJq83R2isI/sIE2CCo9UzilPRHsqi7Lk4eeE1 Fs6nfU7mCtoCGqtKkFyOTnqc4FnqY9mx6+g/9WNhh1T2+safgXZJO1KyVhiKNvwJqFHa ji6TffgLJsoOgO+nNkTFBeFxwNdpwDNZxs+OzhACVz2NpuvV7l84z5FyooK7sG1gPExz 1O9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=lOuhrJg+JeP4Ta5RcQSDvy1zH+kCD5+oKeL4UMKQy4A=; b=01ep4CAwcVZT/AaRntbRaxQIkJT9QqpODYOLrL8vFZje6u5chOqSDcicFfkgk1LeWe /mi+4FEwtaeOXqKbSX81p51I4SK9ihpZAwg+dnA9oEXTsIHodOaJllROXqoA/8543LSh OppAyebG+ea5thsekgF4IDBLvJWBgpvQouVofQau0VWcCFn8liNtatnZUqYQq1ssn4nG /HL6eP5VsDHpSPBSKCQYh3g2gVGahTk3g/3M4I5CfGFdovffW3jvyE8wRa9cadCOLhpF zfox5vvt/cZ36Gm2FDWXMUIio1x+r6qriOlU3NRcRyycM51cyvZiwIH59F2XXJyG/8vc MJIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y6si15829327pfe.248.2018.04.25.14.23.37; Wed, 25 Apr 2018 14:23:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752866AbeDYVWc (ORCPT + 99 others); Wed, 25 Apr 2018 17:22:32 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:54750 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751973AbeDYVW3 (ORCPT ); Wed, 25 Apr 2018 17:22:29 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5EE8D8182D05; Wed, 25 Apr 2018 21:22:28 +0000 (UTC) Received: from file01.intranet.prod.int.rdu2.redhat.com (file01.intranet.prod.int.rdu2.redhat.com [10.11.5.7]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DDB382166BAD; Wed, 25 Apr 2018 21:22:27 +0000 (UTC) Received: from file01.intranet.prod.int.rdu2.redhat.com (localhost [127.0.0.1]) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4) with ESMTP id w3PLMRvS014373; Wed, 25 Apr 2018 17:22:27 -0400 Received: from localhost (mpatocka@localhost) by file01.intranet.prod.int.rdu2.redhat.com (8.14.4/8.14.4/Submit) with ESMTP id w3PLMRpt014369; Wed, 25 Apr 2018 17:22:27 -0400 X-Authentication-Warning: file01.intranet.prod.int.rdu2.redhat.com: mpatocka owned process doing -bs Date: Wed, 25 Apr 2018 17:22:27 -0400 (EDT) From: Mikulas Patocka X-X-Sender: mpatocka@file01.intranet.prod.int.rdu2.redhat.com To: David Rientjes cc: Randy Dunlap , Michal Hocko , Matthew Wilcox , David Miller , Andrew Morton , linux-mm@kvack.org, eric.dumazet@gmail.com, edumazet@google.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, mst@redhat.com, jasowang@redhat.com, virtualization@lists.linux-foundation.org, dm-devel@redhat.com, Vlastimil Babka Subject: Re: [PATCH v5] fault-injection: introduce kvmalloc fallback options In-Reply-To: Message-ID: References: <20180421144757.GC14610@bombadil.infradead.org> <20180423151545.GU17484@dhcp22.suse.cz> <20180424125121.GA17484@dhcp22.suse.cz> <20180424162906.GM17484@dhcp22.suse.cz> <20180424170349.GQ17484@dhcp22.suse.cz> <20180424173836.GR17484@dhcp22.suse.cz> <1114eda5-9b1f-4db8-2090-556b4a37c532@infradead.org> User-Agent: Alpine 2.02 (LRH 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 25 Apr 2018 21:22:28 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 25 Apr 2018 21:22:28 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'mpatocka@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 25 Apr 2018, David Rientjes wrote: > On Wed, 25 Apr 2018, Mikulas Patocka wrote: > > > From: Mikulas Patocka > > Subject: [PATCH] fault-injection: introduce kvmalloc fallback options > > > > This patch introduces a fault-injection option "kvmalloc_fallback". This > > option makes kvmalloc randomly fall back to vmalloc. > > > > Unfortunately, some kernel code has bugs - it uses kvmalloc and then > > uses DMA-API on the returned memory or frees it with kfree. Such bugs were > > found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific > > code. This options helps to test for these bugs. > > > > The patch introduces a config option FAIL_KVMALLOC_FALLBACK_PROBABILITY. > > It can be enabled in distribution debug kernels, so that kvmalloc abuse > > can be tested by the users. The default can be overridden with > > "kvmalloc_fallback" parameter or in /sys/kernel/debug/kvmalloc_fallback/. > > > > Do we really need the new config option? This could just be manually > tunable via fault injection IIUC. We do, because we want to enable it in RHEL and Fedora debugging kernels, so that it will be tested by the users. The users won't use some extra magic kernel options or debugfs files. Mikulas > > Signed-off-by: Mikulas Patocka > > > > --- > > Documentation/fault-injection/fault-injection.txt | 7 +++++ > > include/linux/fault-inject.h | 9 +++--- > > kernel/futex.c | 2 - > > lib/Kconfig.debug | 15 +++++++++++ > > mm/failslab.c | 2 - > > mm/page_alloc.c | 2 - > > mm/util.c | 30 ++++++++++++++++++++++ > > 7 files changed, 60 insertions(+), 7 deletions(-) > > > > Index: linux-2.6/Documentation/fault-injection/fault-injection.txt > > =================================================================== > > --- linux-2.6.orig/Documentation/fault-injection/fault-injection.txt 2018-04-16 21:08:34.000000000 +0200 > > +++ linux-2.6/Documentation/fault-injection/fault-injection.txt 2018-04-25 21:36:36.000000000 +0200 > > @@ -15,6 +15,12 @@ o fail_page_alloc > > > > injects page allocation failures. (alloc_pages(), get_free_pages(), ...) > > > > +o kvmalloc_fallback > > + > > + makes the function kvmalloc randomly fall back to vmalloc. This could be used > > + to detects bugs such as using DMA-API on the result of kvmalloc or freeing > > + the result of kvmalloc with free. > > + > > o fail_futex > > > > injects futex deadlock and uaddr fault errors. > > @@ -167,6 +173,7 @@ use the boot option: > > > > failslab= > > fail_page_alloc= > > + kvmalloc_fallback= > > fail_make_request= > > fail_futex= > > mmc_core.fail_request=,,, > > Index: linux-2.6/include/linux/fault-inject.h > > =================================================================== > > --- linux-2.6.orig/include/linux/fault-inject.h 2018-04-16 21:08:36.000000000 +0200 > > +++ linux-2.6/include/linux/fault-inject.h 2018-04-25 21:38:22.000000000 +0200 > > @@ -31,17 +31,18 @@ struct fault_attr { > > struct dentry *dname; > > }; > > > > -#define FAULT_ATTR_INITIALIZER { \ > > +#define FAULT_ATTR_INITIALIZER(p) { \ > > + .probability = (p), \ > > .interval = 1, \ > > - .times = ATOMIC_INIT(1), \ > > + .times = ATOMIC_INIT((p) ? -1 : 1), \ > > + .verbose = (p) ? 0 : 2, \ > > .require_end = ULONG_MAX, \ > > .stacktrace_depth = 32, \ > > .ratelimit_state = RATELIMIT_STATE_INIT_DISABLED, \ > > - .verbose = 2, \ > > .dname = NULL, \ > > } > > > > -#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER > > +#define DECLARE_FAULT_ATTR(name) struct fault_attr name = FAULT_ATTR_INITIALIZER(0) > > int setup_fault_attr(struct fault_attr *attr, char *str); > > bool should_fail(struct fault_attr *attr, ssize_t size); > > > > Index: linux-2.6/lib/Kconfig.debug > > =================================================================== > > --- linux-2.6.orig/lib/Kconfig.debug 2018-04-25 15:56:16.000000000 +0200 > > +++ linux-2.6/lib/Kconfig.debug 2018-04-25 21:39:45.000000000 +0200 > > @@ -1527,6 +1527,21 @@ config FAIL_PAGE_ALLOC > > help > > Provide fault-injection capability for alloc_pages(). > > > > +config FAIL_KVMALLOC_FALLBACK_PROBABILITY > > + int "Default kvmalloc fallback probability" > > + depends on FAULT_INJECTION > > + range 0 100 > > + default "0" > > + help > > + This option will make kvmalloc randomly fall back to vmalloc. > > + Normally, kvmalloc falls back to vmalloc only rarely, if memory > > + is fragmented. > > + > > + This option helps to detect hard-to-reproduce driver bugs, for > > + example using DMA API on the result of kvmalloc. > > + > > + The default may be overridden with the kvmalloc_fallback parameter. > > + > > config FAIL_MAKE_REQUEST > > bool "Fault-injection capability for disk IO" > > depends on FAULT_INJECTION && BLOCK > > Index: linux-2.6/mm/util.c > > =================================================================== > > --- linux-2.6.orig/mm/util.c 2018-04-25 15:48:39.000000000 +0200 > > +++ linux-2.6/mm/util.c 2018-04-25 21:43:31.000000000 +0200 > > @@ -14,6 +14,7 @@ > > #include > > #include > > #include > > +#include > > > > #include > > #include > > @@ -377,6 +378,29 @@ unsigned long vm_mmap(struct file *file, > > } > > EXPORT_SYMBOL(vm_mmap); > > > > +#ifdef CONFIG_FAULT_INJECTION > > + > > +static struct fault_attr kvmalloc_fallback = > > + FAULT_ATTR_INITIALIZER(CONFIG_FAIL_KVMALLOC_FALLBACK_PROBABILITY); > > + > > +static int __init setup_kvmalloc_fallback(char *str) > > +{ > > + return setup_fault_attr(&kvmalloc_fallback, str); > > +} > > + > > +__setup("kvmalloc_fallback=", setup_kvmalloc_fallback); > > + > > +#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS > > +static int __init kvmalloc_fallback_debugfs_init(void) > > +{ > > + fault_create_debugfs_attr("kvmalloc_fallback", NULL, &kvmalloc_fallback); > > + return 0; > > +} > > +late_initcall(kvmalloc_fallback_debugfs_init); > > +#endif > > + > > +#endif > > + > > /** > > * kvmalloc_node - attempt to allocate physically contiguous memory, but upon > > * failure, fall back to non-contiguous (vmalloc) allocation. > > @@ -404,6 +428,11 @@ void *kvmalloc_node(size_t size, gfp_t f > > */ > > WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL); > > > > +#ifdef CONFIG_FAULT_INJECTION > > + if (should_fail(&kvmalloc_fallback, size)) > > + goto do_vmalloc; > > +#endif > > + > > /* > > * We want to attempt a large physically contiguous block first because > > * it is less likely to fragment multiple larger blocks and therefore > > @@ -427,6 +456,7 @@ void *kvmalloc_node(size_t size, gfp_t f > > if (ret || size <= PAGE_SIZE) > > return ret; > > > > +do_vmalloc: __maybe_unused > > return __vmalloc_node_flags_caller(size, node, flags, > > __builtin_return_address(0)); > > } > > Index: linux-2.6/kernel/futex.c > > =================================================================== > > --- linux-2.6.orig/kernel/futex.c 2018-02-14 20:24:42.000000000 +0100 > > +++ linux-2.6/kernel/futex.c 2018-04-25 21:11:33.000000000 +0200 > > @@ -288,7 +288,7 @@ static struct { > > > > bool ignore_private; > > } fail_futex = { > > - .attr = FAULT_ATTR_INITIALIZER, > > + .attr = FAULT_ATTR_INITIALIZER(0), > > .ignore_private = false, > > }; > > > > Index: linux-2.6/mm/failslab.c > > =================================================================== > > --- linux-2.6.orig/mm/failslab.c 2018-04-16 21:08:36.000000000 +0200 > > +++ linux-2.6/mm/failslab.c 2018-04-25 21:11:40.000000000 +0200 > > @@ -9,7 +9,7 @@ static struct { > > bool ignore_gfp_reclaim; > > bool cache_filter; > > } failslab = { > > - .attr = FAULT_ATTR_INITIALIZER, > > + .attr = FAULT_ATTR_INITIALIZER(0), > > .ignore_gfp_reclaim = true, > > .cache_filter = false, > > }; > > Index: linux-2.6/mm/page_alloc.c > > =================================================================== > > --- linux-2.6.orig/mm/page_alloc.c 2018-04-16 21:08:36.000000000 +0200 > > +++ linux-2.6/mm/page_alloc.c 2018-04-25 21:11:47.000000000 +0200 > > @@ -3055,7 +3055,7 @@ static struct { > > bool ignore_gfp_reclaim; > > u32 min_order; > > } fail_page_alloc = { > > - .attr = FAULT_ATTR_INITIALIZER, > > + .attr = FAULT_ATTR_INITIALIZER(0), > > .ignore_gfp_reclaim = true, > > .ignore_gfp_highmem = true, > > .min_order = 1, > > > > >