Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4436912img;
        Tue, 26 Mar 2019 09:21:37 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwckF19YWQWDsWhX/Zoe5tKuEOXboLNJzIV0uGWwXGRp/ENPFSViAbr0QnPeXInAQPL4+IG
X-Received: by 2002:a62:cd8c:: with SMTP id o134mr30138342pfg.84.1553617297556;
        Tue, 26 Mar 2019 09:21:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553617297; cv=none;
        d=google.com; s=arc-20160816;
        b=l4GiZIkJRpkttDiCxy7b/4UQxx7qKX9h9ATnrzBnStsv2bj+nQM7lxk0SXWl3NxheS
         NOz6sbBybqBVNQc/fZaes0CgH8njRPjAARejlhVh1JLhBvifP06qhNaVWt+eX2zheznu
         N6NE7ylcNDpW/hl48kW7KfNKVGX4VoD/ZUHgX6OVrw7dU8+Ib7O76P6hrLYc1O0GsKNV
         WehYCXocuOEzQtifeskaEOlTa9qr0Q4G7ahlPFQaVRhorC/8pC0cfUebjdBG3z9PIPF/
         l5GKPn5+odYp4fpNGbZFSU4Dyt5Fht5dpCqwo7T63Na0H8e3z31d5JeUm0Cmvw67z0Dm
         MVJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=+RqaqKFaDkoipj6c7EP4i4OyiQJhrt0DmQWk9zSsCmc=;
        b=HCDFkhW9BFNnJBQ4jdHTPdsUCNg6guTHc55RDSmk3LDVE8aG/OBjzIraDmyUjqxq5F
         Gi9nX3F47tb/nWsSoweghwq98Emh7wV1By/Hj2oaWoUobpuBGxASIzl0lzT2x+eZptjz
         NzREqJq6AEgCGStpR4vibfwtEy/tkpR6Ci09quaa05vW/g5GqUJCi9lqnElHNnuT3R0O
         /BctbZfJ3DtR2c/AYFVek0tfc8FRT0YU3Sovr0UA7fx8edJd5UKMfYanyUdJUuZPyZ/t
         NR3gQpHzSs22fnj8PFGxJbed8rHrbBtCWboUBy9U9/IMcW343eLyHibVC6fQk2DZK/LN
         uxEw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id gn6si6092128plb.167.2019.03.26.09.21.22;
        Tue, 26 Mar 2019 09:21:37 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731540AbfCZQUr (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Tue, 26 Mar 2019 12:20:47 -0400
Received: from foss.arm.com ([217.140.101.70]:39400 "EHLO foss.arm.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726127AbfCZQUr (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Mar 2019 12:20:47 -0400
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 458091596;
        Tue, 26 Mar 2019 09:20:46 -0700 (PDT)
Received: from arrakis.emea.arm.com (arrakis.cambridge.arm.com [10.1.196.78])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 51A8A3F614;
        Tue, 26 Mar 2019 09:20:44 -0700 (PDT)
Date:   Tue, 26 Mar 2019 16:20:41 +0000
From:   Catalin Marinas <catalin.marinas@arm.com>
To:     Matthew Wilcox <willy@infradead.org>
Cc:     Qian Cai <cai@lca.pw>, akpm@linux-foundation.org,
        mhocko@kernel.org, cl@linux.com, penberg@kernel.org,
        rientjes@google.com, iamjoonsoo.kim@lge.com, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] kmemleaak: survive in a low-memory situation
Message-ID: <20190326162038.GH33308@arrakis.emea.arm.com>
References: <20190326154338.20594-1-cai@lca.pw>
 <20190326160536.GO10344@bombadil.infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190326160536.GO10344@bombadil.infradead.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 26, 2019 at 09:05:36AM -0700, Matthew Wilcox wrote:
> On Tue, Mar 26, 2019 at 11:43:38AM -0400, Qian Cai wrote:
> > Unless there is a brave soul to reimplement the kmemleak to embed it's
> > metadata into the tracked memory itself in a foreseeable future, this
> > provides a good balance between enabling kmemleak in a low-memory
> > situation and not introducing too much hackiness into the existing
> > code for now.
> 
> I don't understand kmemleak.  Kirill pointed me at this a few days ago:
> 
> https://gist.github.com/kiryl/3225e235fea390aa2e49bf625bbe83ec
> 
> It's caused by the XArray allocating memory using GFP_NOWAIT | __GFP_NOWARN.
> kmemleak then decides it needs to allocate memory to track this memory.
> So it calls kmem_cache_alloc(object_cache, gfp_kmemleak_mask(gfp));
> 
> #define gfp_kmemleak_mask(gfp)  (((gfp) & (GFP_KERNEL | GFP_ATOMIC)) | \
>                                  __GFP_NORETRY | __GFP_NOMEMALLOC | \
>                                  __GFP_NOWARN | __GFP_NOFAIL)
> 
> then the page allocator gets to see GFP_NOFAIL | GFP_NOWAIT and gets angry.
> 
> But I don't understand why kmemleak needs to mess with the GFP flags at
> all.

Originally, it was just preserving GFP_KERNEL | GFP_ATOMIC. Starting
with commit 6ae4bd1f0bc4 ("kmemleak: Allow kmemleak metadata allocations
to fail"), this mask changed, aimed at making kmemleak allocation
failures less verbose (i.e. just disable it since it's a debug tool).

Commit d9570ee3bd1d ("kmemleak: allow to coexist with fault injection")
introduced __GFP_NOFAIL but this came with its own problems which have
been previously reported (the warning you mentioned is another one of
these). We didn't get to any clear conclusion on how best to allow
allocations to fail with fault injection but not for the kmemleak
metadata. Your suggestion below would probably do the trick.

> Just allocate using the same flags as the caller, and fail the original
> allocation if the kmemleak allocation fails.  Like this:
> 
> +++ b/mm/slab.h
> @@ -435,12 +435,22 @@ static inline void slab_post_alloc_hook(struct kmem_cache *s, gfp_t flags,
>         for (i = 0; i < size; i++) {
>                 p[i] = kasan_slab_alloc(s, p[i], flags);
>                 /* As p[i] might get tagged, call kmemleak hook after KASAN. */
> -               kmemleak_alloc_recursive(p[i], s->object_size, 1,
> -                                        s->flags, flags);
> +               if (kmemleak_alloc_recursive(p[i], s->object_size, 1,
> +                                        s->flags, flags))
> +                       goto fail;
>         }
>  
>         if (memcg_kmem_enabled())
>                 memcg_kmem_put_cache(s);
> +       return;
> +
> +fail:
> +       while (i > 0) {
> +               kasan_blah(...);
> +               kmemleak_blah();
> +               i--;
> +       }
> +	free_blah(p);
> +       *p = NULL;
>  }
>  
>  #ifndef CONFIG_SLOB
> 
> 
> and if we had something like this, we wouldn't need kmemleak to have this
> self-disabling or must-succeed property.

We'd still need the self-disabling in place since there are a few other
places where we call kmemleak_alloc() from.

-- 
Catalin