From: Ingo Molnar <mingo@kernel.org>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Steven Rostedt <rostedt@goodmis.org>,
LKML <linux-kernel@vger.kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Xunlei Pang <xlpang@redhat.com>
Subject: Re: [RFC][PATCH] Add __GFP_ZERO to alloc_cpumask_var_node() if ptr is zero
Date: Sun, 6 Dec 2015 18:29:36 +0100 [thread overview]
Message-ID: <20151206172936.GA29582@gmail.com> (raw)
In-Reply-To: <877fku553z.fsf@rustcorp.com.au>
* Rusty Russell <rusty@rustcorp.com.au> wrote:
> Ingo Molnar <mingo@kernel.org> writes:
> > * Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> >> On Fri, 04 Dec 2015 12:05:12 +1030
> >> Rusty Russell <rusty@rustcorp.com.au> wrote:
> >>
> >> > This is clever, but I would advise against such subtle code. We will never be
> >> > able to remove this code once it is in.
> >> >
> >> > Would suggest making the non-CPUMASK_OFFSTACK stubs write garbage into the
> >> > cpumasks instead, iff !(flags & __GFP_ZERO).
> >>
> >> I actually thought of the same thing, but thought it was a bit harsh. If others
> >> think that's a better solution, then I'll submit a patch to do that.
> >
> > That just makes things more fragile - 'garbage' will spread the breakage, and if
> > the breakage is subtle, it will spread subtle breakage.
> >
> > So why not use a kzmalloc_node() [equivalent] call instead of kmalloc_node(), to
> > make sure it's all zeroed instead of uninitialized?
>
> OTOH, why not make *every* kmalloc a kzmalloc?
The big difference to alloc_cpumask_var_node() is that kmalloc() is well-defined
in the sense that it will return uninitialized buffers (sometimes even poisoned
ones), all the time.
But alloc_cpumask_var_node() will return a zeroed cpumask 99.9% of the time when
the kernel being run is using on-stack cpumasks. So it's very easy to not
initialize and not discover it for extended periods of time.
As it happened here, and as was fixed with the patch. Hence my suggestion.
> The issue here is not that the issue is subtle (not using a zeroing allocator is
> a pretty clear bug), it's that it's papered over by the normal config.
Exactly.
> If we had a config option already to garbage-fill allocations, it'd be a simple
> solution.
>
> I don't think there are great answers here. But adding more subtle zeroing
> semantics feels wrong, even if it will mostly Just Work.
It's not subtle if the naming clearly reflects it (hence my suggestion to rename
the API) - and the status quo for on-stack allocations is zeroing anyway, so it's
not a big jump...
Thanks,
Ingo
next prev parent reply other threads:[~2015-12-06 17:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-03 22:24 [RFC][PATCH] Add __GFP_ZERO to alloc_cpumask_var_node() if ptr is zero Steven Rostedt
2015-12-04 1:35 ` Rusty Russell
2015-12-04 2:37 ` Steven Rostedt
2015-12-04 7:34 ` Ingo Molnar
2015-12-04 20:30 ` Rusty Russell
2015-12-06 17:29 ` Ingo Molnar [this message]
2015-12-07 1:56 ` Rusty Russell
2015-12-07 8:23 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151206172936.GA29582@gmail.com \
--to=mingo@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=rusty@rustcorp.com.au \
--cc=sergey.senozhatsky@gmail.com \
--cc=xlpang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).