Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Date:   Wed, 27 Mar 2019 09:44:32 +0100
From:   Michal Hocko <mhocko@kernel.org>
To:     Qian Cai <cai@lca.pw>
Cc:     akpm@linux-foundation.org, catalin.marinas@arm.com, cl@linux.com,
        willy@infradead.org, penberg@kernel.org, rientjes@google.com,
        iamjoonsoo.kim@lge.com, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4] kmemleak: survive in a low-memory situation
Message-ID: <20190327084432.GA11927@dhcp22.suse.cz>
References: <20190327005948.24263-1-cai@lca.pw>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190327005948.24263-1-cai@lca.pw>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

On Tue 26-03-19 20:59:48, Qian Cai wrote:
[...]
> Unless there is a brave soul to reimplement the kmemleak to embed it's
> metadata into the tracked memory itself in a foreseeable future, this
> provides a good balance between enabling kmemleak in a low-memory
> situation and not introducing too much hackiness into the existing
> code for now. Another approach is to fail back the original allocation
> once kmemleak_alloc() failed, but there are too many call sites to
> deal with which makes it error-prone.

As long as there is an implicit __GFP_NOFAIL then kmemleak is simply
broken no matter what other gfp flags you play with. Has anybody looked
at some sort of preallocation where gfpflags_allow_blocking context
allocate objects into a pool that non-sleeping allocations can eat from?

> kmemleak: Cannot allocate a kmemleak_object structure
> kmemleak: Kernel memory leak detector disabled
> kmemleak: Automatic memory scanning thread ended
> RIP: 0010:__alloc_pages_nodemask+0x242a/0x2ab0
> Call Trace:
>  allocate_slab+0x4d9/0x930
>  new_slab+0x46/0x70
>  ___slab_alloc+0x5d3/0x9c0
>  __slab_alloc+0x12/0x20
>  kmem_cache_alloc+0x30a/0x360
>  create_object+0x96/0x9a0
>  kmemleak_alloc+0x71/0xa0
>  kmem_cache_alloc+0x254/0x360
>  mempool_alloc_slab+0x3f/0x60
>  mempool_alloc+0x120/0x329
>  bio_alloc_bioset+0x1a8/0x510
>  get_swap_bio+0x107/0x470
>  __swap_writepage+0xab4/0x1650
>  swap_writepage+0x86/0xe0
> 
> Signed-off-by: Qian Cai <cai@lca.pw>
> ---
> 
> v4: Update the commit log.
>     Fix a typo in comments per Christ.
>     Consolidate the allocation.
> v3: Update the commit log.
>     Simplify the code inspired by graph_trace_open() from ftrace.
> v2: Remove the needless checking for NULL objects in slab_post_alloc_hook()
>     per Catalin.
> 
>  mm/kmemleak.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> index a2d894d3de07..7f4545ab1f84 100644
> --- a/mm/kmemleak.c
> +++ b/mm/kmemleak.c
> @@ -580,7 +580,16 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
>  	struct rb_node **link, *rb_parent;
>  	unsigned long untagged_ptr;
>  
> -	object = kmem_cache_alloc(object_cache, gfp_kmemleak_mask(gfp));
> +	/*
> +	 * The tracked memory was allocated successful, if the kmemleak object
> +	 * failed to allocate for some reasons, it ends up with the whole
> +	 * kmemleak disabled, so try it harder.
> +	 */
> +	gfp = (in_atomic() || irqs_disabled()) ?
> +	       gfp_kmemleak_mask(gfp) | GFP_ATOMIC :
> +	       gfp_kmemleak_mask(gfp) | __GFP_DIRECT_RECLAIM;


The comment for in_atomic says:
 * Are we running in atomic context?  WARNING: this macro cannot
 * always detect atomic context; in particular, it cannot know about
 * held spinlocks in non-preemptible kernels.  Thus it should not be
 * used in the general case to determine whether sleeping is possible.
 * Do not use in_atomic() in driver code.

-- 
Michal Hocko
SUSE Labs