Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1114028iog; Sat, 18 Jun 2022 00:40:15 -0700 (PDT) X-Google-Smtp-Source: AGRyM1st/YqW24e9CriQuAmQPlfa9e+yM1OMBl0RtiqbtSZqllYZhdk+t0CZtYZImlrV+tbJFoMv X-Received: by 2002:a05:6402:2999:b0:434:edcc:f12c with SMTP id eq25-20020a056402299900b00434edccf12cmr16671361edb.96.1655538015712; Sat, 18 Jun 2022 00:40:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655538015; cv=none; d=google.com; s=arc-20160816; b=bGZxKJ3ATpFjKwHhd9NumUMS1rhxNhbyAtaUrW3I6F65y4Df4oJOWh21VYpHZ5LkA8 dx1Vl8Jf93wDxJtAB7WBmzhMvqfeK7j4LhaGvpZAzQdW9+z/drbRMVWc78dTj7BzR4Wa 2ij6Yfgzl9WF4dMpVl0BoJjWCY83s+5znoccAa2tR5EOYdif6M+ZR4oHDHw7k7OhWOHD mvDLQbZaVbT/lIvF2NXHGN9yLJ4bNdcXDszn38rNkLtedZILG4Sa9QM9prAD3tQGY5IV 5E7MyPuTNQImp8O32QOei/Rv5aQ/yu5IBA1Gu/UGX7JaLW5LSfKa8PIRyFhWJKCZIRhK wVrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=uQqM9LQGvodvBIx3lVML0KpeXHQSHPr+GSlQNM9qoO8=; b=f+RVVrw/lhQmKgtbI5qYhTT2T6iwDYvG+xmmjmwFUICgLNWjMBg0HnqRr9s7t7IX4B /Sy20bZ+f/wN31Nw5NfDbq09Z11M/ZOxpqv8AyiBtn+WTJioregACrYsXTfdik7jVHgW 9Rn7NkIXzYJUODy/6o+AMv8c/iDSp5A/9KY4a5OobJZb6btk26to+0OqRKdz7s4RWLmm E809WlJXmoHFNYlobUS/DpCsagh0JlzNPll+aWDUubUgq5sye6qg72gBlKwq5bw3dMcA 9qL5L50e0l58xeTu5kB+c4K+LMGhkTXwELzKkluBTbM2ysi70RvoYh0965GQ3wsem9LQ mMbQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e9-20020aa7d7c9000000b00435730fa6c9si12883eds.307.2022.06.18.00.39.50; Sat, 18 Jun 2022 00:40:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233747AbiFRHb3 (ORCPT + 99 others); Sat, 18 Jun 2022 03:31:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230250AbiFRHb2 (ORCPT ); Sat, 18 Jun 2022 03:31:28 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA3EC29806 for ; Sat, 18 Jun 2022 00:31:20 -0700 (PDT) Received: from canpemm500002.china.huawei.com (unknown [172.30.72.54]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4LQ6vJ1T85zBsWl; Sat, 18 Jun 2022 15:27:56 +0800 (CST) Received: from [10.174.177.76] (10.174.177.76) by canpemm500002.china.huawei.com (7.192.104.244) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Sat, 18 Jun 2022 15:31:16 +0800 Subject: Re: [PATCH v2 1/3] mm/swapfile: make security_vm_enough_memory_mm() work as expected To: David Hildenbrand , CC: , References: <20220608144031.829-1-linmiaohe@huawei.com> <20220608144031.829-2-linmiaohe@huawei.com> <76e468b4-c6ac-426c-7ec9-99c620e08cda@redhat.com> <24fd3f78-f7e5-a1dc-cad0-15ff826744a9@redhat.com> From: Miaohe Lin Message-ID: Date: Sat, 18 Jun 2022 15:31:16 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <24fd3f78-f7e5-a1dc-cad0-15ff826744a9@redhat.com> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.177.76] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To canpemm500002.china.huawei.com (7.192.104.244) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022/6/18 15:10, David Hildenbrand wrote: > On 18.06.22 04:43, Miaohe Lin wrote: >> On 2022/6/17 15:33, David Hildenbrand wrote: >>> On 08.06.22 16:40, Miaohe Lin wrote: >>>> security_vm_enough_memory_mm() checks whether a process has enough memory >>>> to allocate a new virtual mapping. And total_swap_pages is considered as >>>> available memory while swapoff tries to make sure there's enough memory >>>> that can hold the swapped out memory. But total_swap_pages contains the >>>> swap space that is being swapoff. So security_vm_enough_memory_mm() will >>>> success even if there's no memory to hold the swapped out memory because >>> >>> s/success/succeed/ >> >> OK. Thanks. >> >>> >>>> total_swap_pages always greater than or equal to p->pages. >>>> >>>> In order to fix it, p->pages should be retracted from total_swap_pages >>> >>> s/retracted/subtracted/ >> >> OK. Thanks. >> >>> >>>> first and then check whether there's enough memory for inuse swap pages. >>>> >>>> Signed-off-by: Miaohe Lin >>>> --- >>>> mm/swapfile.c | 10 +++++++--- >>>> 1 file changed, 7 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/mm/swapfile.c b/mm/swapfile.c >>>> index ec4c1b276691..d2bead7b8b70 100644 >>>> --- a/mm/swapfile.c >>>> +++ b/mm/swapfile.c >>>> @@ -2398,6 +2398,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) >>>> struct filename *pathname; >>>> int err, found = 0; >>>> unsigned int old_block_size; >>>> + unsigned int inuse_pages; >>>> >>>> if (!capable(CAP_SYS_ADMIN)) >>>> return -EPERM; >>>> @@ -2428,9 +2429,13 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) >>>> spin_unlock(&swap_lock); >>>> goto out_dput; >>>> } >>>> - if (!security_vm_enough_memory_mm(current->mm, p->pages)) >>>> - vm_unacct_memory(p->pages); >>>> + >>>> + total_swap_pages -= p->pages; >>>> + inuse_pages = READ_ONCE(p->inuse_pages); >>>> + if (!security_vm_enough_memory_mm(current->mm, inuse_pages)) >>>> + vm_unacct_memory(inuse_pages); >>>> else { >>>> + total_swap_pages += p->pages; >>> >>> That implies that whenever we fail in security_vm_enough_memory_mm(), >>> that other concurrent users might see a wrong total_swap_pages. >>> >>> Assume 4 GiB memory and 8 GiB swap. Let's assume 10 GiB are in use. >>> >>> Temporarily, we'd have >>> >>> CommitLimit 4 GiB >>> Committed_AS 10 GiB >> >> IIUC, even if without this change, the other concurrent users if come after vm_acct_memory() >> is done in __vm_enough_memory(), they might see >> >> CommitLimit 12 GiB (4 GiB memory + 8GiB total swap) >> Committed_AS 18 GiB (10 GiB in use + 8GiB swap space to swapoff) >> >> Or am I miss something? >> > > I think you are right! > > Reviewed-by: David Hildenbrand Thanks a lot! > >