Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp436377rdg; Thu, 12 Oct 2023 09:43:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFjiEbV7wWIjWh7/fapM1aDOgxXrNZ+nJEFAgk26vpu65qo+uw2z5mZhdrviyYQ1BaRlrpn X-Received: by 2002:a17:902:c215:b0:1c9:cc41:76e4 with SMTP id 21-20020a170902c21500b001c9cc4176e4mr5532532pll.10.1697129035525; Thu, 12 Oct 2023 09:43:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697129035; cv=none; d=google.com; s=arc-20160816; b=uft5E/lfDdULMjzMX0kfE64lMM/eE9uvzZAN2cq74pvFT6Iupy2txAS7Ck2xpXl+Sb /ZB9o+of3TE5TiUIgRiHcSH77mCn/9b1QB7GbpVRV4akozk5UluFCta84JDRz9EcCX2T vx5NbFdJbq/VPdjR2mzbRRvV2ENLtXNtLqSAXMFkuMb1ngAkfwoHpxIbF+ik5pDAcKRm HKcHAdGccIcz4RQNB6s9lPSLNeYuRuUX2acX+MnFzDE0KCRxT0nYeW4QjC8HH45bHOd7 cj23tBPBavv6qlmF6SJ+MFYTTsK++D/tidAHJIMD1cXlSkWTkPcyBMESjo8yhumpAb5D AHKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=FheJ03zTB1r9h7STvwuIv4tGnbOBTf52Cw7EqZS0/H8=; fh=EHGayxlRHsOwgz3WhOklI+Lzke3xUWD5LwRPVZxrLms=; b=A+nsu4YUzsqU1oXYjDRKOHBlYfuPdUKuIny2MwTuhHyO5KwHaGYKftZBk7SGb3LYBl ETW+8tKKaOZ3PJclyAUO6HQrBrSdGy9upYoWWgD2W+N7Dxhn0OkXQX5/JDHCEnuTTWxX O4E118QtG7IG6aOjzt3n+78OYCwNqnUn9+PqatUIzH699BQ64bYoknvC9NiUf4LyPf7W qYCYq0z0X6aRasjd0rzCq8/NiX/yBFpzirUEIT+E8E/5LeLjhkbG26ftCbuIDveoXRiV fT0Ex1Ubc1CihBrVWOc43yD6+4cE90MD8KgrOiQSkpLicdS7YmtYI1tCJO7C/Dc3hORo eeXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=nTHBI++d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id 19-20020a170902ee5300b001bbb175a81asi2465836plo.263.2023.10.12.09.43.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 09:43:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=nTHBI++d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id F41F4826CB62; Thu, 12 Oct 2023 09:43:52 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379509AbjJLQng (ORCPT + 99 others); Thu, 12 Oct 2023 12:43:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379320AbjJLQnf (ORCPT ); Thu, 12 Oct 2023 12:43:35 -0400 Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA05EC0 for ; Thu, 12 Oct 2023 09:43:33 -0700 (PDT) Received: by mail-pf1-x42b.google.com with SMTP id d2e1a72fcca58-692779f583fso955792b3a.0 for ; Thu, 12 Oct 2023 09:43:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697129013; x=1697733813; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=FheJ03zTB1r9h7STvwuIv4tGnbOBTf52Cw7EqZS0/H8=; b=nTHBI++d5+Qn9gfJqO2AOra/gPHc//57WHEi8CYbo2HWijiGgnFA8NngeOJfhjZ8cT Ao7kVhZvgL+SD/oYRSdQYZcnlciebeIsmhPpY3sceCBwJEBQOA87fuC/VRMLXnJmoSJH MqcyGdNbi4/eXb4lPQuCxZseaa/OsDjchqcW4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697129013; x=1697733813; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=FheJ03zTB1r9h7STvwuIv4tGnbOBTf52Cw7EqZS0/H8=; b=E6PgRFRPo7NzyYwVYoAw3WE2+YJ95S7gxhr1lWboKOxRsu8vxtcdf6KnaNoam5tEeq TbNzXSDliUeW3oJglY22cg7UpSVdsE+oE+h0KOAOgE0ChROm+VYeTJWBycRnzXW03V8s jUj0kcaTbolg5/yTRAyCTzQu5jpmvGgXaBxOBuNVbI0THTppxiksA7CeAEi8u3nvQEFW FZcwiLHx1rtGUFLo6HjxdexcoFixYECGQVfFzBOJmwm+hQEfdSCBsIKm0v/X5C1u4AcA Qr2zge0z66Upd2GvVT3Mf9+yG5dgrOhO7kivSLKCeEfbOJlYJgcky9Fwi2H/vI7pgweQ wL+A== X-Gm-Message-State: AOJu0Yx+Lpq0424FmsPEkxzdc4gZLlTMMgwig38iyTbwzn8js2koYEbE TXsIbqf4oYcph+IwSnckuXURmw== X-Received: by 2002:a05:6a20:4287:b0:16b:aad0:effe with SMTP id o7-20020a056a20428700b0016baad0effemr19212702pzj.62.1697129013159; Thu, 12 Oct 2023 09:43:33 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id k10-20020a637b4a000000b0059d8ecb79dcsm1970301pgn.20.2023.10.12.09.43.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 09:43:32 -0700 (PDT) Date: Thu, 12 Oct 2023 09:43:31 -0700 From: Kees Cook To: Vlastimil Babka Cc: Roman Gushchin , David Rientjes , Julian Pidancet , Christoph Lameter , Pekka Enberg , Joonsoo Kim , Andrew Morton , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Matthew Wilcox , Rafael Aquini , Linus Torvalds Subject: Re: [PATCH] mm/slub: disable slab merging in the default configuration Message-ID: <202310120935.E066A3FE4@keescook> References: <20230627132131.214475-1-julian.pidancet@oracle.com> <48bd9819-3571-6b53-f1ad-ec013be742c0@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 12 Oct 2023 09:43:53 -0700 (PDT) On Thu, Jun 29, 2023 at 09:21:14AM +0200, Vlastimil Babka wrote: > On 6/28/23 18:44, Roman Gushchin wrote: > > On Tue, Jun 27, 2023 at 12:32:15PM -0700, David Rientjes wrote: > >> On Tue, 27 Jun 2023, Julian Pidancet wrote: > >> > >> > Make CONFIG_SLAB_MERGE_DEFAULT default to n unless CONFIG_SLUB_TINY is > >> > enabled. Benefits of slab merging is limited on systems that are not > >> > memory constrained: the overhead is negligible and evidence of its > >> > effect on cache hotness is hard to come by. > >> > > >> > >> I don't have an objection to this, I think it makes sense. > > > > +1 > > > > I believe the overhead was much larger when we had per-memcg slab caches, > > but now it should be fairly small on most systems. > > > > But I wonder if we need a new flag (SLAB_MERGE?) to explicitly force merging > > on per-slab cache basis. > > Damn, we just tried to add SLAB_NO_MERGE, that is if Linus pulls the PR, as > I've just found out that the last time he hated the idea [1] :) (but at the > same time I think the current attempt is very different in that it's not > coming via a random tree, and the comments make it clear that it's not for > everyone to enable in production configs just because they think they are > special). > > But SLAB_MERGE, I doubt it would get many users being opt-in. People would > have to consciously opt-in to not being special. > > As for changing the default, we definitely need to see the memory usage > results first, as was mentioned. It's not expected that disabling merging > would decrease performance, so no wonder the test didn't find such decrease, > but the expected downside is really increased memory overhead. Did this analysis happen? Apologies if I missed it... > But then again it's just a default and most people would use a distro config > anyway, and neither option seems to be an obvious winner to me? As for the > "security by default" argument, AFAIK we don't enable freelist > hardening/randomization by default, and I thought (not being the expert on > this) the heap spraying attacks concerned mainly generic kmalloc cache users > (see also [2]) and not some specific named caches being merged? > > [1] https://lore.kernel.org/all/CA+55aFyepmdpbg9U2Pvp+aHjKmmGCrTK2ywzqfmaOTMXQasYNw@mail.gmail.com/ > [2] https://lore.kernel.org/all/20230626031835.2279738-1-gongruiqi@huaweicloud.com/ I'm a fan of turning on any of these "by default", as that's been the historical approach, which tends to span years: - security feature introduced, default off in the kernel - distros enable it by default - kernel makes it default on So perhaps we're better off making the other hardening features on by default since distros have been shipping with them for years now? -Kees -- Kees Cook