From: Jason Gunthorpe <jgg@nvidia.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Matthew Wilcox <willy@infradead.org>,
Akinobu Mita <akinobu.mita@gmail.com>,
linux-fsdevel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
syzkaller <syzkaller@googlegroups.com>
Subject: Re: xarray, fault injection and syzkaller
Date: Thu, 3 Nov 2022 21:21:29 -0300 [thread overview]
Message-ID: <Y2RbCUdEY2syxRLW@nvidia.com> (raw)
In-Reply-To: <CACT4Y+YViHZh0xzy_=RU=vUrM145e9hsD09CyKShUbUmH=1Cdg@mail.gmail.com>
On Thu, Nov 03, 2022 at 05:11:04PM -0700, Dmitry Vyukov wrote:
> On Thu, 3 Nov 2022 at 13:07, 'Jason Gunthorpe' via syzkaller-bugs
> <syzkaller-bugs@googlegroups.com> wrote:
> >
> > On Thu, Nov 03, 2022 at 08:00:25PM +0000, Matthew Wilcox wrote:
> > > On Thu, Nov 03, 2022 at 04:09:04PM -0300, Jason Gunthorpe wrote:
> > > > Hi All,
> > > >
> > > > I wonder if anyone has some thoughts on this - I have spent some time
> > > > setting up syzkaller for a new subsystem and I've noticed that nth
> > > > fault injection does not reliably cause things like xa_store() to
> > > > fail.
>
> Hi Jason, Matthew,
>
> Interesting. Where exactly is that kmalloc sequence? xa_store() itself
> does not have any allocations:
> https://elixir.bootlin.com/linux/v6.1-rc3/source/lib/xarray.c#L1577
The first effort is this call chain
__xa_store()
xas_store()
xas_create()
xas_alloc()
kmem_cache_alloc_lru(GFP_NOWAIT | __GFP_NOWARN)
If that fails then __xa_store() will do:
__xa_store()
__xas_nomem()
xas_unlock_type(xas, lock_type);
kmem_cache_alloc_lru(GFP_KERNEL);
xas_lock_type(xas, lock_type);
They key point being that the retry is structured in a way that allows
dropping the spinlocks that are forcing the first allocation to be
atomic.
> Do we know how common/useful such an allocation pattern is?
I have coded something like this a few times, in my cases it is
usually something like: try to allocate a big chunk of memory hoping
for a huge page, then fall back to a smaller allocation
Most likely the key consideration is that the callsites are using
GFP_NOWARN, so perhaps we can just avoid decrementing the nth on a
NOWARN case assuming that another allocation attempt will closely
follow?
> If it's common/useful, then it can be turned into a single kmalloc()
> with some special flag that will try both allocation modes at once.
A single call doesn't really suit the use cases..
> Potentially fail-nth interface can be extended to accept a set of
> sites, e.g. "5,7" or, "5-100".
For my purposes this is possibly Ok, you'd just set N->large and step
N to naively cover the error paths.
However, this would also have to fix the obnoxious behavior of fail
nth where it fails its own copy_from_user on its write system call -
meaning there would be no way to turn it off.
> > > Hahaha. I didn't intentionally set out to thwart memory allocation
> > > fault injection. Realistically, do we want it to fail though?
> > > GFP_KERNEL allocations of small sizes are supposed to never fail.
> > > (for those not aware, node allocations are 576 bytes; typically the slab
> > > allocator bundles 28 of them into an order-2 allocation).
>
> I hear this statement periodically. But I can't understand its
> status. We discussed it recently here:
I was thinking about this after, and at least for what I am doing it
doesn't apply. All the allocations here are GFP_KERNEL_ACCOUNT and the
cgroup can definitely reject any allocation at any time even if it is
"small"
So I can't ignore allocation failures as something that is unlikely. A
hostile userspace contained in a cgroup sandbox can reliably trigger
them at will.
Jason
next prev parent reply other threads:[~2022-11-04 0:21 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-03 19:09 xarray, fault injection and syzkaller Jason Gunthorpe
2022-11-03 20:00 ` Matthew Wilcox
2022-11-03 20:07 ` Jason Gunthorpe
2022-11-04 0:11 ` Dmitry Vyukov
2022-11-04 0:21 ` Jason Gunthorpe [this message]
2022-11-04 17:47 ` Dmitry Vyukov
2022-11-04 18:03 ` Jason Gunthorpe
2022-11-04 18:21 ` Dmitry Vyukov
2022-11-04 18:30 ` Jason Gunthorpe
2022-11-04 18:38 ` Dmitry Vyukov
2022-11-04 18:45 ` Jason Gunthorpe
2022-11-04 22:43 ` Qi Zheng
2022-11-05 12:16 ` Qi Zheng
2022-11-06 17:36 ` Dmitry Vyukov
2022-11-07 2:13 ` Qi Zheng
2022-11-07 3:31 ` [PATCH] mm: fix unexpected changes to {failslab|fail_page_alloc}.attr Qi Zheng
2022-11-07 12:42 ` Jason Gunthorpe
2022-11-07 15:05 ` Qi Zheng
2022-11-07 16:26 ` Jason Gunthorpe
2022-11-08 2:47 ` Qi Zheng
2022-11-08 3:52 ` [PATCH v2] " Qi Zheng
2022-11-08 8:44 ` Wei Yongjun
2022-11-08 8:58 ` Qi Zheng
2022-11-08 9:32 ` Wei Yongjun
2022-11-08 9:45 ` Qi Zheng
2022-11-08 12:04 ` Jason Gunthorpe
2022-11-09 3:57 ` Wei Yongjun
2022-11-08 17:36 ` Akinobu Mita
2022-11-14 3:59 ` Qi Zheng
2022-11-04 18:42 ` xarray, fault injection and syzkaller Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y2RbCUdEY2syxRLW@nvidia.com \
--to=jgg@nvidia.com \
--cc=akinobu.mita@gmail.com \
--cc=dvyukov@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=syzkaller@googlegroups.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.