License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 17:07:57 +03:00
/* SPDX-License-Identifier: GPL-2.0 */
2012-07-07 00:25:11 +04:00
# ifndef MM_SLAB_H
# define MM_SLAB_H
/*
* Internal slab definitions
*/
2014-10-10 02:26:00 +04:00
# ifdef CONFIG_SLOB
/*
* Common fields provided in kmem_cache by all slab allocators
* This struct is either used directly by the allocator ( SLOB )
* or the allocator must include definitions for all fields
* provided in kmem_cache_common in their definition of kmem_cache .
*
* Once we can do anonymous structs ( C11 standard ) we could put a
* anonymous struct definition in these allocators so that the
* separate allocations in the kmem_cache structure of SLAB and
* SLUB is no longer needed .
*/
struct kmem_cache {
unsigned int object_size ; /* The original size of the object */
unsigned int size ; /* The aligned/padded/added on size */
unsigned int align ; /* Alignment as calculated */
2017-11-16 04:32:18 +03:00
slab_flags_t flags ; /* Active flags on the slab */
2018-04-06 02:21:31 +03:00
unsigned int useroffset ; /* Usercopy region offset */
unsigned int usersize ; /* Usercopy region size */
2014-10-10 02:26:00 +04:00
const char * name ; /* Slab name for sysfs */
int refcount ; /* Use counter */
void ( * ctor ) ( void * ) ; /* Called on object slot creation */
struct list_head list ; /* List of all slab caches on the system */
} ;
2019-09-24 01:33:49 +03:00
# else /* !CONFIG_SLOB */
struct memcg_cache_array {
struct rcu_head rcu ;
struct kmem_cache * entries [ 0 ] ;
} ;
/*
* This is the main placeholder for memcg - related information in kmem caches .
* Both the root cache and the child caches will have it . For the root cache ,
* this will hold a dynamically allocated array large enough to hold
* information about the currently limited memcgs in the system . To allow the
* array to be accessed without taking any locks , on relocation we free the old
* version only after a grace period .
*
* Root and child caches hold different metadata .
*
* @ root_cache : Common to root and child caches . NULL for root , pointer to
* the root cache for children .
*
* The following fields are specific to root caches .
*
* @ memcg_caches : kmemcg ID indexed table of child caches . This table is
* used to index child cachces during allocation and cleared
* early during shutdown .
*
* @ root_caches_node : List node for slab_root_caches list .
*
* @ children : List of all child caches . While the child caches are also
* reachable through @ memcg_caches , a child cache remains on
* this list until it is actually destroyed .
*
* The following fields are specific to child caches .
*
* @ memcg : Pointer to the memcg this cache belongs to .
*
* @ children_node : List node for @ root_cache - > children list .
*
* @ kmem_caches_node : List node for @ memcg - > kmem_caches list .
*/
struct memcg_cache_params {
struct kmem_cache * root_cache ;
union {
struct {
struct memcg_cache_array __rcu * memcg_caches ;
struct list_head __root_caches_node ;
struct list_head children ;
bool dying ;
} ;
struct {
struct mem_cgroup * memcg ;
struct list_head children_node ;
struct list_head kmem_caches_node ;
struct percpu_ref refcnt ;
void ( * work_fn ) ( struct kmem_cache * ) ;
union {
struct rcu_head rcu_head ;
struct work_struct work ;
} ;
} ;
} ;
} ;
2014-10-10 02:26:00 +04:00
# endif /* CONFIG_SLOB */
# ifdef CONFIG_SLAB
# include <linux/slab_def.h>
# endif
# ifdef CONFIG_SLUB
# include <linux/slub_def.h>
# endif
# include <linux/memcontrol.h>
2016-03-16 00:53:35 +03:00
# include <linux/fault-inject.h>
# include <linux/kasan.h>
# include <linux/kmemleak.h>
2016-07-27 01:21:56 +03:00
# include <linux/random.h>
2017-03-03 12:13:38 +03:00
# include <linux/sched/mm.h>
2014-10-10 02:26:00 +04:00
2012-07-07 00:25:11 +04:00
/*
* State of the slab allocator .
*
* This is used to describe the states of the allocator during bootup .
* Allocators use this to gradually bootstrap themselves . Most allocators
* have the problem that the structures used for managing slab caches are
* allocated from slab caches themselves .
*/
enum slab_state {
DOWN , /* No slab functionality yet */
PARTIAL , /* SLUB: kmem_cache_node available */
2013-01-10 23:14:19 +04:00
PARTIAL_NODE , /* SLAB: kmalloc size for node struct available */
2012-07-07 00:25:11 +04:00
UP , /* Slab caches usable but not all extras yet */
FULL /* Everything is working */
} ;
extern enum slab_state slab_state ;
2012-07-07 00:25:12 +04:00
/* The slab cache mutex protects the management structures during changes */
extern struct mutex slab_mutex ;
2012-09-05 04:20:33 +04:00
/* The list of all slab caches on the system */
2012-07-07 00:25:12 +04:00
extern struct list_head slab_caches ;
2012-09-05 04:20:33 +04:00
/* The slab cache that manages slab cache information */
extern struct kmem_cache * kmem_cache ;
2017-02-23 02:41:05 +03:00
/* A table of kmalloc cache names and sizes */
extern const struct kmalloc_info_struct {
const char * name ;
2018-04-06 02:20:29 +03:00
unsigned int size ;
2017-02-23 02:41:05 +03:00
} kmalloc_info [ ] ;
2013-01-10 23:12:17 +04:00
# ifndef CONFIG_SLOB
/* Kmalloc array related functions */
2015-06-25 02:55:57 +03:00
void setup_kmalloc_cache_index_table ( void ) ;
2017-11-16 04:32:18 +03:00
void create_kmalloc_caches ( slab_flags_t ) ;
2013-01-10 23:14:19 +04:00
/* Find the kmalloc slab corresponding for a certain size */
struct kmem_cache * kmalloc_slab ( size_t , gfp_t ) ;
2013-01-10 23:12:17 +04:00
# endif
2012-09-05 04:20:33 +04:00
/* Functions provided by the slab allocators */
2017-11-16 04:32:18 +03:00
int __kmem_cache_create ( struct kmem_cache * , slab_flags_t flags ) ;
2012-07-07 00:25:11 +04:00
2018-04-06 02:20:29 +03:00
struct kmem_cache * create_kmalloc_cache ( const char * name , unsigned int size ,
slab_flags_t flags , unsigned int useroffset ,
unsigned int usersize ) ;
2012-11-28 20:23:07 +04:00
extern void create_boot_cache ( struct kmem_cache * , const char * name ,
2018-04-06 02:20:33 +03:00
unsigned int size , slab_flags_t flags ,
unsigned int useroffset , unsigned int usersize ) ;
2012-11-28 20:23:07 +04:00
2014-10-10 02:26:22 +04:00
int slab_unmergeable ( struct kmem_cache * s ) ;
2018-04-06 02:20:37 +03:00
struct kmem_cache * find_mergeable ( unsigned size , unsigned align ,
2017-11-16 04:32:18 +03:00
slab_flags_t flags , const char * name , void ( * ctor ) ( void * ) ) ;
2014-10-10 02:26:24 +04:00
# ifndef CONFIG_SLOB
2012-12-19 02:22:34 +04:00
struct kmem_cache *
2018-04-06 02:20:37 +03:00
__kmem_cache_alias ( const char * name , unsigned int size , unsigned int align ,
2017-11-16 04:32:18 +03:00
slab_flags_t flags , void ( * ctor ) ( void * ) ) ;
2014-10-10 02:26:22 +04:00
2018-04-06 02:21:24 +03:00
slab_flags_t kmem_cache_flags ( unsigned int object_size ,
2017-11-16 04:32:18 +03:00
slab_flags_t flags , const char * name ,
2014-10-10 02:26:22 +04:00
void ( * ctor ) ( void * ) ) ;
2012-09-05 04:18:32 +04:00
# else
2012-12-19 02:22:34 +04:00
static inline struct kmem_cache *
2018-04-06 02:20:37 +03:00
__kmem_cache_alias ( const char * name , unsigned int size , unsigned int align ,
2017-11-16 04:32:18 +03:00
slab_flags_t flags , void ( * ctor ) ( void * ) )
2012-09-05 04:18:32 +04:00
{ return NULL ; }
2014-10-10 02:26:22 +04:00
2018-04-06 02:21:24 +03:00
static inline slab_flags_t kmem_cache_flags ( unsigned int object_size ,
2017-11-16 04:32:18 +03:00
slab_flags_t flags , const char * name ,
2014-10-10 02:26:22 +04:00
void ( * ctor ) ( void * ) )
{
return flags ;
}
2012-09-05 04:18:32 +04:00
# endif
2012-10-17 15:36:51 +04:00
/* Legal flag mask for kmem_cache_create(), for various configurations */
mm: add support for kmem caches in DMA32 zone
Patch series "iommu/io-pgtable-arm-v7s: Use DMA32 zone for page tables",
v6.
This is a followup to the discussion in [1], [2].
IOMMUs using ARMv7 short-descriptor format require page tables (level 1
and 2) to be allocated within the first 4GB of RAM, even on 64-bit
systems.
For L1 tables that are bigger than a page, we can just use
__get_free_pages with GFP_DMA32 (on arm64 systems only, arm would still
use GFP_DMA).
For L2 tables that only take 1KB, it would be a waste to allocate a full
page, so we considered 3 approaches:
1. This series, adding support for GFP_DMA32 slab caches.
2. genalloc, which requires pre-allocating the maximum number of L2 page
tables (4096, so 4MB of memory).
3. page_frag, which is not very memory-efficient as it is unable to reuse
freed fragments until the whole page is freed. [3]
This series is the most memory-efficient approach.
stable@ note:
We confirmed that this is a regression, and IOMMU errors happen on 4.19
and linux-next/master on MT8173 (elm, Acer Chromebook R13). The issue
most likely starts from commit ad67f5a6545f ("arm64: replace ZONE_DMA
with ZONE_DMA32"), i.e. 4.15, and presumably breaks a number of Mediatek
platforms (and maybe others?).
[1] https://lists.linuxfoundation.org/pipermail/iommu/2018-November/030876.html
[2] https://lists.linuxfoundation.org/pipermail/iommu/2018-December/031696.html
[3] https://patchwork.codeaurora.org/patch/671639/
This patch (of 3):
IOMMUs using ARMv7 short-descriptor format require page tables to be
allocated within the first 4GB of RAM, even on 64-bit systems. On arm64,
this is done by passing GFP_DMA32 flag to memory allocation functions.
For IOMMU L2 tables that only take 1KB, it would be a waste to allocate
a full page using get_free_pages, so we considered 3 approaches:
1. This patch, adding support for GFP_DMA32 slab caches.
2. genalloc, which requires pre-allocating the maximum number of L2
page tables (4096, so 4MB of memory).
3. page_frag, which is not very memory-efficient as it is unable
to reuse freed fragments until the whole page is freed.
This change makes it possible to create a custom cache in DMA32 zone using
kmem_cache_create, then allocate memory using kmem_cache_alloc.
We do not create a DMA32 kmalloc cache array, as there are currently no
users of kmalloc(..., GFP_DMA32). These calls will continue to trigger a
warning, as we keep GFP_DMA32 in GFP_SLAB_BUG_MASK.
This implies that calls to kmem_cache_*alloc on a SLAB_CACHE_DMA32
kmem_cache must _not_ use GFP_DMA32 (it is anyway redundant and
unnecessary).
Link: http://lkml.kernel.org/r/20181210011504.122604-2-drinkcat@chromium.org
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Will Deacon <will.deacon@arm.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Sasha Levin <Alexander.Levin@microsoft.com>
Cc: Huaisheng Ye <yehs1@lenovo.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Yong Wu <yong.wu@mediatek.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Tomasz Figa <tfiga@google.com>
Cc: Yingjoe Chen <yingjoe.chen@mediatek.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-29 06:43:42 +03:00
# define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | \
SLAB_CACHE_DMA32 | SLAB_PANIC | \
2017-01-18 13:53:44 +03:00
SLAB_TYPESAFE_BY_RCU | SLAB_DEBUG_OBJECTS )
2012-10-17 15:36:51 +04:00
# if defined(CONFIG_DEBUG_SLAB)
# define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
# elif defined(CONFIG_SLUB_DEBUG)
# define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
2016-03-16 00:55:06 +03:00
SLAB_TRACE | SLAB_CONSISTENCY_CHECKS )
2012-10-17 15:36:51 +04:00
# else
# define SLAB_DEBUG_FLAGS (0)
# endif
# if defined(CONFIG_SLAB)
# define SLAB_CACHE_FLAGS (SLAB_MEM_SPREAD | SLAB_NOLEAKTRACE | \
2016-01-15 02:18:15 +03:00
SLAB_RECLAIM_ACCOUNT | SLAB_TEMPORARY | \
2017-11-16 04:35:54 +03:00
SLAB_ACCOUNT )
2012-10-17 15:36:51 +04:00
# elif defined(CONFIG_SLUB)
# define SLAB_CACHE_FLAGS (SLAB_NOLEAKTRACE | SLAB_RECLAIM_ACCOUNT | \
2017-11-16 04:35:54 +03:00
SLAB_TEMPORARY | SLAB_ACCOUNT )
2012-10-17 15:36:51 +04:00
# else
# define SLAB_CACHE_FLAGS (0)
# endif
2016-12-13 03:41:38 +03:00
/* Common flags available with current configuration */
2012-10-17 15:36:51 +04:00
# define CACHE_CREATE_MASK (SLAB_CORE_FLAGS | SLAB_DEBUG_FLAGS | SLAB_CACHE_FLAGS)
2016-12-13 03:41:38 +03:00
/* Common flags permitted for kmem_cache_create */
# define SLAB_FLAGS_PERMITTED (SLAB_CORE_FLAGS | \
SLAB_RED_ZONE | \
SLAB_POISON | \
SLAB_STORE_USER | \
SLAB_TRACE | \
SLAB_CONSISTENCY_CHECKS | \
SLAB_MEM_SPREAD | \
SLAB_NOLEAKTRACE | \
SLAB_RECLAIM_ACCOUNT | \
SLAB_TEMPORARY | \
SLAB_ACCOUNT )
2018-04-06 02:21:57 +03:00
bool __kmem_cache_empty ( struct kmem_cache * ) ;
2012-09-05 03:18:33 +04:00
int __kmem_cache_shutdown ( struct kmem_cache * ) ;
2016-02-18 00:11:37 +03:00
void __kmem_cache_release ( struct kmem_cache * ) ;
2017-02-23 02:41:27 +03:00
int __kmem_cache_shrink ( struct kmem_cache * ) ;
void __kmemcg_cache_deactivate ( struct kmem_cache * s ) ;
2019-07-12 06:56:09 +03:00
void __kmemcg_cache_deactivate_after_rcu ( struct kmem_cache * s ) ;
2014-05-06 23:50:08 +04:00
void slab_kmem_cache_release ( struct kmem_cache * ) ;
2019-09-24 01:33:46 +03:00
void kmem_cache_shrink_all ( struct kmem_cache * s ) ;
2012-09-05 03:18:33 +04:00
2012-10-19 18:20:25 +04:00
struct seq_file ;
struct file ;
2012-10-19 18:20:27 +04:00
struct slabinfo {
unsigned long active_objs ;
unsigned long num_objs ;
unsigned long active_slabs ;
unsigned long num_slabs ;
unsigned long shared_avail ;
unsigned int limit ;
unsigned int batchcount ;
unsigned int shared ;
unsigned int objects_per_slab ;
unsigned int cache_order ;
} ;
void get_slabinfo ( struct kmem_cache * s , struct slabinfo * sinfo ) ;
void slabinfo_show_stats ( struct seq_file * m , struct kmem_cache * s ) ;
2012-10-19 18:20:25 +04:00
ssize_t slabinfo_write ( struct file * file , const char __user * buffer ,
size_t count , loff_t * ppos ) ;
2012-12-19 02:22:27 +04:00
2015-09-05 01:45:34 +03:00
/*
* Generic implementation of bulk operations
* These are useful for situations in which the allocator cannot
2016-03-16 00:54:03 +03:00
* perform optimizations . In that case segments of the object listed
2015-09-05 01:45:34 +03:00
* may be allocated or freed using these operations .
*/
void __kmem_cache_free_bulk ( struct kmem_cache * , size_t , void * * ) ;
2015-11-21 02:57:58 +03:00
int __kmem_cache_alloc_bulk ( struct kmem_cache * , gfp_t , size_t , void * * ) ;
2015-09-05 01:45:34 +03:00
2019-07-12 06:56:16 +03:00
static inline int cache_vmstat_idx ( struct kmem_cache * s )
{
return ( s - > flags & SLAB_RECLAIM_ACCOUNT ) ?
NR_SLAB_RECLAIMABLE : NR_SLAB_UNRECLAIMABLE ;
}
2018-08-18 01:47:25 +03:00
# ifdef CONFIG_MEMCG_KMEM
2017-02-23 02:41:24 +03:00
/* List of all root caches. */
extern struct list_head slab_root_caches ;
# define root_caches_node memcg_params.__root_caches_node
2015-02-13 01:59:23 +03:00
/*
* Iterate over all memcg caches of the given root cache . The caller must hold
* slab_mutex .
*/
# define for_each_memcg_cache(iter, root) \
2017-02-23 02:41:17 +03:00
list_for_each_entry ( iter , & ( root ) - > memcg_params . children , \
memcg_params . children_node )
2015-02-13 01:59:23 +03:00
2012-12-19 02:22:27 +04:00
static inline bool is_root_cache ( struct kmem_cache * s )
{
2017-02-23 02:41:17 +03:00
return ! s - > memcg_params . root_cache ;
2012-12-19 02:22:27 +04:00
}
2012-12-19 02:22:34 +04:00
2012-12-19 02:22:46 +04:00
static inline bool slab_equal_or_root ( struct kmem_cache * s ,
2015-02-13 01:59:20 +03:00
struct kmem_cache * p )
2012-12-19 02:22:46 +04:00
{
2015-02-13 01:59:20 +03:00
return p = = s | | p = = s - > memcg_params . root_cache ;
2012-12-19 02:22:46 +04:00
}
2012-12-19 02:23:01 +04:00
/*
* We use suffixes to the name in memcg because we can ' t have caches
* created in the system with the same name . But when we print them
* locally , better refer to them with the base name
*/
static inline const char * cache_name ( struct kmem_cache * s )
{
if ( ! is_root_cache ( s ) )
2015-02-13 01:59:20 +03:00
s = s - > memcg_params . root_cache ;
2012-12-19 02:23:01 +04:00
return s - > name ;
}
2012-12-19 02:23:03 +04:00
static inline struct kmem_cache * memcg_root_cache ( struct kmem_cache * s )
{
if ( is_root_cache ( s ) )
return s ;
2015-02-13 01:59:20 +03:00
return s - > memcg_params . root_cache ;
2012-12-19 02:23:03 +04:00
}
2014-06-05 03:06:38 +04:00
2019-07-12 06:56:31 +03:00
/*
* Expects a pointer to a slab page . Please note , that PageSlab ( ) check
* isn ' t sufficient , as it returns true also for tail compound slab pages ,
* which do not have slab_cache pointer set .
* So this function assumes that the page can pass PageHead ( ) and PageSlab ( )
* checks .
mm: memcg/slab: reparent memcg kmem_caches on cgroup removal
Let's reparent non-root kmem_caches on memcg offlining. This allows us to
release the memory cgroup without waiting for the last outstanding kernel
object (e.g. dentry used by another application).
Since the parent cgroup is already charged, everything we need to do is to
splice the list of kmem_caches to the parent's kmem_caches list, swap the
memcg pointer, drop the css refcounter for each kmem_cache and adjust the
parent's css refcounter.
Please, note that kmem_cache->memcg_params.memcg isn't a stable pointer
anymore. It's safe to read it under rcu_read_lock(), cgroup_mutex held,
or any other way that protects the memory cgroup from being released.
We can race with the slab allocation and deallocation paths. It's not a
big problem: parent's charge and slab global stats are always correct, and
we don't care anymore about the child usage and global stats. The child
cgroup is already offline, so we don't use or show it anywhere.
Local slab stats (NR_SLAB_RECLAIMABLE and NR_SLAB_UNRECLAIMABLE) aren't
used anywhere except count_shadow_nodes(). But even there it won't break
anything: after reparenting "nodes" will be 0 on child level (because
we're already reparenting shrinker lists), and on parent level page stats
always were 0, and this patch won't change anything.
[guro@fb.com: properly handle kmem_caches reparented to root_mem_cgroup]
Link: http://lkml.kernel.org/r/20190620213427.1691847-1-guro@fb.com
Link: http://lkml.kernel.org/r/20190611231813.3148843-11-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Waiman Long <longman@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:34 +03:00
*
* The kmem_cache can be reparented asynchronously . The caller must ensure
* the memcg lifetime , e . g . by taking rcu_read_lock ( ) or cgroup_mutex .
2019-07-12 06:56:31 +03:00
*/
static inline struct mem_cgroup * memcg_from_slab_page ( struct page * page )
{
struct kmem_cache * s ;
s = READ_ONCE ( page - > slab_cache ) ;
if ( s & & ! is_root_cache ( s ) )
mm: memcg/slab: reparent memcg kmem_caches on cgroup removal
Let's reparent non-root kmem_caches on memcg offlining. This allows us to
release the memory cgroup without waiting for the last outstanding kernel
object (e.g. dentry used by another application).
Since the parent cgroup is already charged, everything we need to do is to
splice the list of kmem_caches to the parent's kmem_caches list, swap the
memcg pointer, drop the css refcounter for each kmem_cache and adjust the
parent's css refcounter.
Please, note that kmem_cache->memcg_params.memcg isn't a stable pointer
anymore. It's safe to read it under rcu_read_lock(), cgroup_mutex held,
or any other way that protects the memory cgroup from being released.
We can race with the slab allocation and deallocation paths. It's not a
big problem: parent's charge and slab global stats are always correct, and
we don't care anymore about the child usage and global stats. The child
cgroup is already offline, so we don't use or show it anywhere.
Local slab stats (NR_SLAB_RECLAIMABLE and NR_SLAB_UNRECLAIMABLE) aren't
used anywhere except count_shadow_nodes(). But even there it won't break
anything: after reparenting "nodes" will be 0 on child level (because
we're already reparenting shrinker lists), and on parent level page stats
always were 0, and this patch won't change anything.
[guro@fb.com: properly handle kmem_caches reparented to root_mem_cgroup]
Link: http://lkml.kernel.org/r/20190620213427.1691847-1-guro@fb.com
Link: http://lkml.kernel.org/r/20190611231813.3148843-11-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Waiman Long <longman@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:34 +03:00
return READ_ONCE ( s - > memcg_params . memcg ) ;
2019-07-12 06:56:31 +03:00
return NULL ;
}
/*
* Charge the slab page belonging to the non - root kmem_cache .
* Can be called for non - root kmem_caches only .
*/
memcg: unify slab and other kmem pages charging
We have memcg_kmem_charge and memcg_kmem_uncharge methods for charging and
uncharging kmem pages to memcg, but currently they are not used for
charging slab pages (i.e. they are only used for charging pages allocated
with alloc_kmem_pages). The only reason why the slab subsystem uses
special helpers, memcg_charge_slab and memcg_uncharge_slab, is that it
needs to charge to the memcg of kmem cache while memcg_charge_kmem charges
to the memcg that the current task belongs to.
To remove this diversity, this patch adds an extra argument to
__memcg_kmem_charge that can be a pointer to a memcg or NULL. If it is
not NULL, the function tries to charge to the memcg it points to,
otherwise it charge to the current context. Next, it makes the slab
subsystem use this function to charge slab pages.
Since memcg_charge_kmem and memcg_uncharge_kmem helpers are now used only
in __memcg_kmem_charge and __memcg_kmem_uncharge, they are inlined. Since
__memcg_kmem_charge stores a pointer to the memcg in the page struct, we
don't need memcg_uncharge_slab anymore and can use free_kmem_pages.
Besides, one can now detect which memcg a slab page belongs to by reading
/proc/kpagecgroup.
Note, this patch switches slab to charge-after-alloc design. Since this
design is already used for all other memcg charges, it should not make any
difference.
[hannes@cmpxchg.org: better to have an outer function than a magic parameter for the memcg lookup]
Signed-off-by: Vladimir Davydov <vdavydov@virtuozzo.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-11-06 05:49:01 +03:00
static __always_inline int memcg_charge_slab ( struct page * page ,
gfp_t gfp , int order ,
struct kmem_cache * s )
2014-06-05 03:06:38 +04:00
{
2019-07-12 06:56:31 +03:00
struct mem_cgroup * memcg ;
struct lruvec * lruvec ;
2019-07-12 06:56:27 +03:00
int ret ;
mm: memcg/slab: reparent memcg kmem_caches on cgroup removal
Let's reparent non-root kmem_caches on memcg offlining. This allows us to
release the memory cgroup without waiting for the last outstanding kernel
object (e.g. dentry used by another application).
Since the parent cgroup is already charged, everything we need to do is to
splice the list of kmem_caches to the parent's kmem_caches list, swap the
memcg pointer, drop the css refcounter for each kmem_cache and adjust the
parent's css refcounter.
Please, note that kmem_cache->memcg_params.memcg isn't a stable pointer
anymore. It's safe to read it under rcu_read_lock(), cgroup_mutex held,
or any other way that protects the memory cgroup from being released.
We can race with the slab allocation and deallocation paths. It's not a
big problem: parent's charge and slab global stats are always correct, and
we don't care anymore about the child usage and global stats. The child
cgroup is already offline, so we don't use or show it anywhere.
Local slab stats (NR_SLAB_RECLAIMABLE and NR_SLAB_UNRECLAIMABLE) aren't
used anywhere except count_shadow_nodes(). But even there it won't break
anything: after reparenting "nodes" will be 0 on child level (because
we're already reparenting shrinker lists), and on parent level page stats
always were 0, and this patch won't change anything.
[guro@fb.com: properly handle kmem_caches reparented to root_mem_cgroup]
Link: http://lkml.kernel.org/r/20190620213427.1691847-1-guro@fb.com
Link: http://lkml.kernel.org/r/20190611231813.3148843-11-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Waiman Long <longman@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:34 +03:00
rcu_read_lock ( ) ;
memcg = READ_ONCE ( s - > memcg_params . memcg ) ;
while ( memcg & & ! css_tryget_online ( & memcg - > css ) )
memcg = parent_mem_cgroup ( memcg ) ;
rcu_read_unlock ( ) ;
if ( unlikely ( ! memcg | | mem_cgroup_is_root ( memcg ) ) ) {
mod_node_page_state ( page_pgdat ( page ) , cache_vmstat_idx ( s ) ,
( 1 < < order ) ) ;
percpu_ref_get_many ( & s - > memcg_params . refcnt , 1 < < order ) ;
return 0 ;
}
2019-07-12 06:56:31 +03:00
ret = memcg_kmem_charge_memcg ( page , gfp , order , memcg ) ;
2019-07-12 06:56:27 +03:00
if ( ret )
mm: memcg/slab: reparent memcg kmem_caches on cgroup removal
Let's reparent non-root kmem_caches on memcg offlining. This allows us to
release the memory cgroup without waiting for the last outstanding kernel
object (e.g. dentry used by another application).
Since the parent cgroup is already charged, everything we need to do is to
splice the list of kmem_caches to the parent's kmem_caches list, swap the
memcg pointer, drop the css refcounter for each kmem_cache and adjust the
parent's css refcounter.
Please, note that kmem_cache->memcg_params.memcg isn't a stable pointer
anymore. It's safe to read it under rcu_read_lock(), cgroup_mutex held,
or any other way that protects the memory cgroup from being released.
We can race with the slab allocation and deallocation paths. It's not a
big problem: parent's charge and slab global stats are always correct, and
we don't care anymore about the child usage and global stats. The child
cgroup is already offline, so we don't use or show it anywhere.
Local slab stats (NR_SLAB_RECLAIMABLE and NR_SLAB_UNRECLAIMABLE) aren't
used anywhere except count_shadow_nodes(). But even there it won't break
anything: after reparenting "nodes" will be 0 on child level (because
we're already reparenting shrinker lists), and on parent level page stats
always were 0, and this patch won't change anything.
[guro@fb.com: properly handle kmem_caches reparented to root_mem_cgroup]
Link: http://lkml.kernel.org/r/20190620213427.1691847-1-guro@fb.com
Link: http://lkml.kernel.org/r/20190611231813.3148843-11-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Waiman Long <longman@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:34 +03:00
goto out ;
2019-07-12 06:56:27 +03:00
2019-07-12 06:56:31 +03:00
lruvec = mem_cgroup_lruvec ( page_pgdat ( page ) , memcg ) ;
mod_lruvec_state ( lruvec , cache_vmstat_idx ( s ) , 1 < < order ) ;
/* transer try_charge() page references to kmem_cache */
2019-07-12 06:56:27 +03:00
percpu_ref_get_many ( & s - > memcg_params . refcnt , 1 < < order ) ;
2019-07-12 06:56:31 +03:00
css_put_many ( & memcg - > css , 1 < < order ) ;
mm: memcg/slab: reparent memcg kmem_caches on cgroup removal
Let's reparent non-root kmem_caches on memcg offlining. This allows us to
release the memory cgroup without waiting for the last outstanding kernel
object (e.g. dentry used by another application).
Since the parent cgroup is already charged, everything we need to do is to
splice the list of kmem_caches to the parent's kmem_caches list, swap the
memcg pointer, drop the css refcounter for each kmem_cache and adjust the
parent's css refcounter.
Please, note that kmem_cache->memcg_params.memcg isn't a stable pointer
anymore. It's safe to read it under rcu_read_lock(), cgroup_mutex held,
or any other way that protects the memory cgroup from being released.
We can race with the slab allocation and deallocation paths. It's not a
big problem: parent's charge and slab global stats are always correct, and
we don't care anymore about the child usage and global stats. The child
cgroup is already offline, so we don't use or show it anywhere.
Local slab stats (NR_SLAB_RECLAIMABLE and NR_SLAB_UNRECLAIMABLE) aren't
used anywhere except count_shadow_nodes(). But even there it won't break
anything: after reparenting "nodes" will be 0 on child level (because
we're already reparenting shrinker lists), and on parent level page stats
always were 0, and this patch won't change anything.
[guro@fb.com: properly handle kmem_caches reparented to root_mem_cgroup]
Link: http://lkml.kernel.org/r/20190620213427.1691847-1-guro@fb.com
Link: http://lkml.kernel.org/r/20190611231813.3148843-11-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Waiman Long <longman@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:34 +03:00
out :
css_put ( & memcg - > css ) ;
return ret ;
2016-03-18 00:17:35 +03:00
}
2019-07-12 06:56:31 +03:00
/*
* Uncharge a slab page belonging to a non - root kmem_cache .
* Can be called for non - root kmem_caches only .
*/
2016-03-18 00:17:35 +03:00
static __always_inline void memcg_uncharge_slab ( struct page * page , int order ,
struct kmem_cache * s )
{
2019-07-12 06:56:31 +03:00
struct mem_cgroup * memcg ;
struct lruvec * lruvec ;
mm: memcg/slab: reparent memcg kmem_caches on cgroup removal
Let's reparent non-root kmem_caches on memcg offlining. This allows us to
release the memory cgroup without waiting for the last outstanding kernel
object (e.g. dentry used by another application).
Since the parent cgroup is already charged, everything we need to do is to
splice the list of kmem_caches to the parent's kmem_caches list, swap the
memcg pointer, drop the css refcounter for each kmem_cache and adjust the
parent's css refcounter.
Please, note that kmem_cache->memcg_params.memcg isn't a stable pointer
anymore. It's safe to read it under rcu_read_lock(), cgroup_mutex held,
or any other way that protects the memory cgroup from being released.
We can race with the slab allocation and deallocation paths. It's not a
big problem: parent's charge and slab global stats are always correct, and
we don't care anymore about the child usage and global stats. The child
cgroup is already offline, so we don't use or show it anywhere.
Local slab stats (NR_SLAB_RECLAIMABLE and NR_SLAB_UNRECLAIMABLE) aren't
used anywhere except count_shadow_nodes(). But even there it won't break
anything: after reparenting "nodes" will be 0 on child level (because
we're already reparenting shrinker lists), and on parent level page stats
always were 0, and this patch won't change anything.
[guro@fb.com: properly handle kmem_caches reparented to root_mem_cgroup]
Link: http://lkml.kernel.org/r/20190620213427.1691847-1-guro@fb.com
Link: http://lkml.kernel.org/r/20190611231813.3148843-11-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Waiman Long <longman@redhat.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:34 +03:00
rcu_read_lock ( ) ;
memcg = READ_ONCE ( s - > memcg_params . memcg ) ;
if ( likely ( ! mem_cgroup_is_root ( memcg ) ) ) {
lruvec = mem_cgroup_lruvec ( page_pgdat ( page ) , memcg ) ;
mod_lruvec_state ( lruvec , cache_vmstat_idx ( s ) , - ( 1 < < order ) ) ;
memcg_kmem_uncharge_memcg ( page , order , memcg ) ;
} else {
mod_node_page_state ( page_pgdat ( page ) , cache_vmstat_idx ( s ) ,
- ( 1 < < order ) ) ;
}
rcu_read_unlock ( ) ;
2019-07-12 06:56:31 +03:00
percpu_ref_put_many ( & s - > memcg_params . refcnt , 1 < < order ) ;
2014-06-05 03:06:38 +04:00
}
2015-02-13 01:59:20 +03:00
extern void slab_init_memcg_params ( struct kmem_cache * ) ;
mm: memcg/slab: postpone kmem_cache memcg pointer initialization to memcg_link_cache()
Patch series "mm: reparent slab memory on cgroup removal", v7.
# Why do we need this?
We've noticed that the number of dying cgroups is steadily growing on most
of our hosts in production. The following investigation revealed an issue
in the userspace memory reclaim code [1], accounting of kernel stacks [2],
and also the main reason: slab objects.
The underlying problem is quite simple: any page charged to a cgroup holds
a reference to it, so the cgroup can't be reclaimed unless all charged
pages are gone. If a slab object is actively used by other cgroups, it
won't be reclaimed, and will prevent the origin cgroup from being
reclaimed.
Slab objects, and first of all vfs cache, is shared between cgroups, which
are using the same underlying fs, and what's even more important, it's
shared between multiple generations of the same workload. So if something
is running periodically every time in a new cgroup (like how systemd
works), we do accumulate multiple dying cgroups.
Strictly speaking pagecache isn't different here, but there is a key
difference: we disable protection and apply some extra pressure on LRUs of
dying cgroups, and these LRUs contain all charged pages. My experiments
show that with the disabled kernel memory accounting the number of dying
cgroups stabilizes at a relatively small number (~100, depends on memory
pressure and cgroup creation rate), and with kernel memory accounting it
grows pretty steadily up to several thousands.
Memory cgroups are quite complex and big objects (mostly due to percpu
stats), so it leads to noticeable memory losses. Memory occupied by dying
cgroups is measured in hundreds of megabytes. I've even seen a host with
more than 100Gb of memory wasted for dying cgroups. It leads to a
degradation of performance with the uptime, and generally limits the usage
of cgroups.
My previous attempt [3] to fix the problem by applying extra pressure on
slab shrinker lists caused a regressions with xfs and ext4, and has been
reverted [4]. The following attempts to find the right balance [5, 6]
were not successful.
So instead of trying to find a maybe non-existing balance, let's do
reparent accounted slab caches to the parent cgroup on cgroup removal.
# Implementation approach
There is however a significant problem with reparenting of slab memory:
there is no list of charged pages. Some of them are in shrinker lists,
but not all. Introducing of a new list is really not an option.
But fortunately there is a way forward: every slab page has a stable
pointer to the corresponding kmem_cache. So the idea is to reparent
kmem_caches instead of slab pages.
It's actually simpler and cheaper, but requires some underlying changes:
1) Make kmem_caches to hold a single reference to the memory cgroup,
instead of a separate reference per every slab page.
2) Stop setting page->mem_cgroup pointer for memcg slab pages and use
page->kmem_cache->memcg indirection instead. It's used only on
slab page release, so performance overhead shouldn't be a big issue.
3) Introduce a refcounter for non-root slab caches. It's required to
be able to destroy kmem_caches when they become empty and release
the associated memory cgroup.
There is a bonus: currently we release all memcg kmem_caches all together
with the memory cgroup itself. This patchset allows individual
kmem_caches to be released as soon as they become inactive and free.
Some additional implementation details are provided in corresponding
commit messages.
# Results
Below is the average number of dying cgroups on two groups of our
production hosts. They do run some sort of web frontend workload, the
memory pressure is moderate. As we can see, with the kernel memory
reparenting the number stabilizes in 60s range; however with the original
version it grows almost linearly and doesn't show any signs of plateauing.
The difference in slab and percpu usage between patched and unpatched
versions also grows linearly. In 7 days it exceeded 200Mb.
day 0 1 2 3 4 5 6 7
original 56 362 628 752 1070 1250 1490 1560
patched 23 46 51 55 60 57 67 69
mem diff(Mb) 22 74 123 152 164 182 214 241
# Links
[1]: commit 68600f623d69 ("mm: don't miss the last page because of round-off error")
[2]: commit 9b6f7e163cd0 ("mm: rework memcg kernel stack accounting")
[3]: commit 172b06c32b94 ("mm: slowly shrink slabs with a relatively small number of objects")
[4]: commit a9a238e83fbb ("Revert "mm: slowly shrink slabs with a relatively small number of objects")
[5]: https://lkml.org/lkml/2019/1/28/1865
[6]: https://marc.info/?l=linux-mm&m=155064763626437&w=2
This patch (of 10):
Initialize kmem_cache->memcg_params.memcg pointer in memcg_link_cache()
rather than in init_memcg_params().
Once kmem_cache will hold a reference to the memory cgroup, it will
simplify the refcounting.
For non-root kmem_caches memcg_link_cache() is always called before the
kmem_cache becomes visible to a user, so it's safe.
Link: http://lkml.kernel.org/r/20190611231813.3148843-2-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:02 +03:00
extern void memcg_link_cache ( struct kmem_cache * s , struct mem_cgroup * memcg ) ;
2015-02-13 01:59:20 +03:00
2018-08-18 01:47:25 +03:00
# else /* CONFIG_MEMCG_KMEM */
2015-02-13 01:59:20 +03:00
2017-02-23 02:41:24 +03:00
/* If !memcg, all caches are root. */
# define slab_root_caches slab_caches
# define root_caches_node list
2015-02-13 01:59:23 +03:00
# define for_each_memcg_cache(iter, root) \
for ( ( void ) ( iter ) , ( void ) ( root ) ; 0 ; )
2012-12-19 02:22:27 +04:00
static inline bool is_root_cache ( struct kmem_cache * s )
{
return true ;
}
2012-12-19 02:22:46 +04:00
static inline bool slab_equal_or_root ( struct kmem_cache * s ,
struct kmem_cache * p )
{
2019-07-12 06:53:23 +03:00
return s = = p ;
2012-12-19 02:22:46 +04:00
}
2012-12-19 02:23:01 +04:00
static inline const char * cache_name ( struct kmem_cache * s )
{
return s - > name ;
}
2012-12-19 02:23:03 +04:00
static inline struct kmem_cache * memcg_root_cache ( struct kmem_cache * s )
{
return s ;
}
2014-06-05 03:06:38 +04:00
2019-07-12 06:56:31 +03:00
static inline struct mem_cgroup * memcg_from_slab_page ( struct page * page )
{
return NULL ;
}
memcg: unify slab and other kmem pages charging
We have memcg_kmem_charge and memcg_kmem_uncharge methods for charging and
uncharging kmem pages to memcg, but currently they are not used for
charging slab pages (i.e. they are only used for charging pages allocated
with alloc_kmem_pages). The only reason why the slab subsystem uses
special helpers, memcg_charge_slab and memcg_uncharge_slab, is that it
needs to charge to the memcg of kmem cache while memcg_charge_kmem charges
to the memcg that the current task belongs to.
To remove this diversity, this patch adds an extra argument to
__memcg_kmem_charge that can be a pointer to a memcg or NULL. If it is
not NULL, the function tries to charge to the memcg it points to,
otherwise it charge to the current context. Next, it makes the slab
subsystem use this function to charge slab pages.
Since memcg_charge_kmem and memcg_uncharge_kmem helpers are now used only
in __memcg_kmem_charge and __memcg_kmem_uncharge, they are inlined. Since
__memcg_kmem_charge stores a pointer to the memcg in the page struct, we
don't need memcg_uncharge_slab anymore and can use free_kmem_pages.
Besides, one can now detect which memcg a slab page belongs to by reading
/proc/kpagecgroup.
Note, this patch switches slab to charge-after-alloc design. Since this
design is already used for all other memcg charges, it should not make any
difference.
[hannes@cmpxchg.org: better to have an outer function than a magic parameter for the memcg lookup]
Signed-off-by: Vladimir Davydov <vdavydov@virtuozzo.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-11-06 05:49:01 +03:00
static inline int memcg_charge_slab ( struct page * page , gfp_t gfp , int order ,
struct kmem_cache * s )
2014-06-05 03:06:38 +04:00
{
return 0 ;
}
2016-03-18 00:17:35 +03:00
static inline void memcg_uncharge_slab ( struct page * page , int order ,
struct kmem_cache * s )
{
}
2015-02-13 01:59:20 +03:00
static inline void slab_init_memcg_params ( struct kmem_cache * s )
{
}
2017-02-23 02:41:24 +03:00
mm: memcg/slab: postpone kmem_cache memcg pointer initialization to memcg_link_cache()
Patch series "mm: reparent slab memory on cgroup removal", v7.
# Why do we need this?
We've noticed that the number of dying cgroups is steadily growing on most
of our hosts in production. The following investigation revealed an issue
in the userspace memory reclaim code [1], accounting of kernel stacks [2],
and also the main reason: slab objects.
The underlying problem is quite simple: any page charged to a cgroup holds
a reference to it, so the cgroup can't be reclaimed unless all charged
pages are gone. If a slab object is actively used by other cgroups, it
won't be reclaimed, and will prevent the origin cgroup from being
reclaimed.
Slab objects, and first of all vfs cache, is shared between cgroups, which
are using the same underlying fs, and what's even more important, it's
shared between multiple generations of the same workload. So if something
is running periodically every time in a new cgroup (like how systemd
works), we do accumulate multiple dying cgroups.
Strictly speaking pagecache isn't different here, but there is a key
difference: we disable protection and apply some extra pressure on LRUs of
dying cgroups, and these LRUs contain all charged pages. My experiments
show that with the disabled kernel memory accounting the number of dying
cgroups stabilizes at a relatively small number (~100, depends on memory
pressure and cgroup creation rate), and with kernel memory accounting it
grows pretty steadily up to several thousands.
Memory cgroups are quite complex and big objects (mostly due to percpu
stats), so it leads to noticeable memory losses. Memory occupied by dying
cgroups is measured in hundreds of megabytes. I've even seen a host with
more than 100Gb of memory wasted for dying cgroups. It leads to a
degradation of performance with the uptime, and generally limits the usage
of cgroups.
My previous attempt [3] to fix the problem by applying extra pressure on
slab shrinker lists caused a regressions with xfs and ext4, and has been
reverted [4]. The following attempts to find the right balance [5, 6]
were not successful.
So instead of trying to find a maybe non-existing balance, let's do
reparent accounted slab caches to the parent cgroup on cgroup removal.
# Implementation approach
There is however a significant problem with reparenting of slab memory:
there is no list of charged pages. Some of them are in shrinker lists,
but not all. Introducing of a new list is really not an option.
But fortunately there is a way forward: every slab page has a stable
pointer to the corresponding kmem_cache. So the idea is to reparent
kmem_caches instead of slab pages.
It's actually simpler and cheaper, but requires some underlying changes:
1) Make kmem_caches to hold a single reference to the memory cgroup,
instead of a separate reference per every slab page.
2) Stop setting page->mem_cgroup pointer for memcg slab pages and use
page->kmem_cache->memcg indirection instead. It's used only on
slab page release, so performance overhead shouldn't be a big issue.
3) Introduce a refcounter for non-root slab caches. It's required to
be able to destroy kmem_caches when they become empty and release
the associated memory cgroup.
There is a bonus: currently we release all memcg kmem_caches all together
with the memory cgroup itself. This patchset allows individual
kmem_caches to be released as soon as they become inactive and free.
Some additional implementation details are provided in corresponding
commit messages.
# Results
Below is the average number of dying cgroups on two groups of our
production hosts. They do run some sort of web frontend workload, the
memory pressure is moderate. As we can see, with the kernel memory
reparenting the number stabilizes in 60s range; however with the original
version it grows almost linearly and doesn't show any signs of plateauing.
The difference in slab and percpu usage between patched and unpatched
versions also grows linearly. In 7 days it exceeded 200Mb.
day 0 1 2 3 4 5 6 7
original 56 362 628 752 1070 1250 1490 1560
patched 23 46 51 55 60 57 67 69
mem diff(Mb) 22 74 123 152 164 182 214 241
# Links
[1]: commit 68600f623d69 ("mm: don't miss the last page because of round-off error")
[2]: commit 9b6f7e163cd0 ("mm: rework memcg kernel stack accounting")
[3]: commit 172b06c32b94 ("mm: slowly shrink slabs with a relatively small number of objects")
[4]: commit a9a238e83fbb ("Revert "mm: slowly shrink slabs with a relatively small number of objects")
[5]: https://lkml.org/lkml/2019/1/28/1865
[6]: https://marc.info/?l=linux-mm&m=155064763626437&w=2
This patch (of 10):
Initialize kmem_cache->memcg_params.memcg pointer in memcg_link_cache()
rather than in init_memcg_params().
Once kmem_cache will hold a reference to the memory cgroup, it will
simplify the refcounting.
For non-root kmem_caches memcg_link_cache() is always called before the
kmem_cache becomes visible to a user, so it's safe.
Link: http://lkml.kernel.org/r/20190611231813.3148843-2-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Qian Cai <cai@lca.pw>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:56:02 +03:00
static inline void memcg_link_cache ( struct kmem_cache * s ,
struct mem_cgroup * memcg )
2017-02-23 02:41:24 +03:00
{
}
2018-08-18 01:47:25 +03:00
# endif /* CONFIG_MEMCG_KMEM */
2012-12-19 02:22:46 +04:00
2019-07-12 06:53:26 +03:00
static inline struct kmem_cache * virt_to_cache ( const void * obj )
{
struct page * page ;
page = virt_to_head_page ( obj ) ;
if ( WARN_ONCE ( ! PageSlab ( page ) , " %s: Object is not a Slab page! \n " ,
__func__ ) )
return NULL ;
return page - > slab_cache ;
}
2019-07-12 06:56:16 +03:00
static __always_inline int charge_slab_page ( struct page * page ,
gfp_t gfp , int order ,
struct kmem_cache * s )
{
2019-07-12 06:56:31 +03:00
if ( is_root_cache ( s ) ) {
mod_node_page_state ( page_pgdat ( page ) , cache_vmstat_idx ( s ) ,
1 < < order ) ;
return 0 ;
}
2019-07-12 06:56:16 +03:00
2019-07-12 06:56:31 +03:00
return memcg_charge_slab ( page , gfp , order , s ) ;
2019-07-12 06:56:16 +03:00
}
static __always_inline void uncharge_slab_page ( struct page * page , int order ,
struct kmem_cache * s )
{
2019-07-12 06:56:31 +03:00
if ( is_root_cache ( s ) ) {
mod_node_page_state ( page_pgdat ( page ) , cache_vmstat_idx ( s ) ,
- ( 1 < < order ) ) ;
return ;
}
2019-07-12 06:56:16 +03:00
memcg_uncharge_slab ( page , order , s ) ;
}
2012-12-19 02:22:46 +04:00
static inline struct kmem_cache * cache_from_obj ( struct kmem_cache * s , void * x )
{
struct kmem_cache * cachep ;
/*
* When kmemcg is not being used , both assignments should return the
* same value . but we don ' t want to pay the assignment price in that
* case . If it is not compiled in , the compiler should be smart enough
* to not do even the assignment . In that case , slab_equal_or_root
* will also be a constant .
*/
2016-03-16 00:55:06 +03:00
if ( ! memcg_kmem_enabled ( ) & &
2019-07-12 06:53:23 +03:00
! IS_ENABLED ( CONFIG_SLAB_FREELIST_HARDENED ) & &
2016-03-16 00:55:06 +03:00
! unlikely ( s - > flags & SLAB_CONSISTENCY_CHECKS ) )
2012-12-19 02:22:46 +04:00
return s ;
2019-07-12 06:53:26 +03:00
cachep = virt_to_cache ( x ) ;
WARN_ONCE ( cachep & & ! slab_equal_or_root ( cachep , s ) ,
2019-07-12 06:53:23 +03:00
" %s: Wrong slab cache. %s but object is from %s \n " ,
__func__ , s - > name , cachep - > name ) ;
return cachep ;
2012-12-19 02:22:46 +04:00
}
2013-01-10 23:14:19 +04:00
2016-03-16 00:53:35 +03:00
static inline size_t slab_ksize ( const struct kmem_cache * s )
{
# ifndef CONFIG_SLUB
return s - > object_size ;
# else /* CONFIG_SLUB */
# ifdef CONFIG_SLUB_DEBUG
/*
* Debugging requires use of the padding between object
* and whatever may come after it .
*/
if ( s - > flags & ( SLAB_RED_ZONE | SLAB_POISON ) )
return s - > object_size ;
# endif
2016-07-29 01:49:07 +03:00
if ( s - > flags & SLAB_KASAN )
return s - > object_size ;
2016-03-16 00:53:35 +03:00
/*
* If we have the need to store the freelist pointer
* back there or track user information then we can
* only use the space before that information .
*/
2017-01-18 13:53:44 +03:00
if ( s - > flags & ( SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER ) )
2016-03-16 00:53:35 +03:00
return s - > inuse ;
/*
* Else we can use all the padding etc for the allocation
*/
return s - > size ;
# endif
}
static inline struct kmem_cache * slab_pre_alloc_hook ( struct kmem_cache * s ,
gfp_t flags )
{
flags & = gfp_allowed_mask ;
2017-03-03 12:13:38 +03:00
fs_reclaim_acquire ( flags ) ;
fs_reclaim_release ( flags ) ;
2016-03-16 00:53:35 +03:00
might_sleep_if ( gfpflags_allow_blocking ( flags ) ) ;
2016-03-16 00:53:38 +03:00
if ( should_failslab ( s , flags ) )
2016-03-16 00:53:35 +03:00
return NULL ;
2016-07-27 01:24:21 +03:00
if ( memcg_kmem_enabled ( ) & &
( ( flags & __GFP_ACCOUNT ) | | ( s - > flags & SLAB_ACCOUNT ) ) )
return memcg_kmem_get_cache ( s ) ;
return s ;
2016-03-16 00:53:35 +03:00
}
static inline void slab_post_alloc_hook ( struct kmem_cache * s , gfp_t flags ,
size_t size , void * * p )
{
size_t i ;
flags & = gfp_allowed_mask ;
for ( i = 0 ; i < size ; i + + ) {
2019-02-21 09:19:11 +03:00
p [ i ] = kasan_slab_alloc ( s , p [ i ] , flags ) ;
2019-02-21 09:19:16 +03:00
/* As p[i] might get tagged, call kmemleak hook after KASAN. */
2019-02-21 09:19:11 +03:00
kmemleak_alloc_recursive ( p [ i ] , s - > object_size , 1 ,
2016-03-16 00:53:35 +03:00
s - > flags , flags ) ;
}
2016-07-27 01:24:21 +03:00
if ( memcg_kmem_enabled ( ) )
memcg_kmem_put_cache ( s ) ;
2016-03-16 00:53:35 +03:00
}
2014-08-07 03:04:07 +04:00
# ifndef CONFIG_SLOB
2013-01-10 23:14:19 +04:00
/*
* The slab lists for all objects .
*/
struct kmem_cache_node {
spinlock_t list_lock ;
# ifdef CONFIG_SLAB
struct list_head slabs_partial ; /* partial list first, better asm code */
struct list_head slabs_full ;
struct list_head slabs_free ;
2016-12-13 03:41:44 +03:00
unsigned long total_slabs ; /* length of all slab lists */
unsigned long free_slabs ; /* length of free slab list only */
2013-01-10 23:14:19 +04:00
unsigned long free_objects ;
unsigned int free_limit ;
unsigned int colour_next ; /* Per-node cache coloring */
struct array_cache * shared ; /* shared per node */
2014-08-07 03:04:29 +04:00
struct alien_cache * * alien ; /* on other nodes */
2013-01-10 23:14:19 +04:00
unsigned long next_reap ; /* updated without locking */
int free_touched ; /* updated without locking */
# endif
# ifdef CONFIG_SLUB
unsigned long nr_partial ;
struct list_head partial ;
# ifdef CONFIG_SLUB_DEBUG
atomic_long_t nr_slabs ;
atomic_long_t total_objects ;
struct list_head full ;
# endif
# endif
} ;
2013-07-04 04:33:23 +04:00
2014-08-07 03:04:07 +04:00
static inline struct kmem_cache_node * get_node ( struct kmem_cache * s , int node )
{
return s - > node [ node ] ;
}
/*
* Iterator over all nodes . The body will be executed for each node that has
* a kmem_cache_node structure allocated ( which is true for all online nodes )
*/
# define for_each_kmem_cache_node(__s, __node, __n) \
2014-10-10 02:26:20 +04:00
for ( __node = 0 ; __node < nr_node_ids ; __node + + ) \
if ( ( __n = get_node ( __s , __node ) ) )
2014-08-07 03:04:07 +04:00
# endif
2014-12-11 02:42:16 +03:00
void * slab_start ( struct seq_file * m , loff_t * pos ) ;
2013-07-08 04:08:28 +04:00
void * slab_next ( struct seq_file * m , void * p , loff_t * pos ) ;
void slab_stop ( struct seq_file * m , void * p ) ;
2017-02-23 02:41:21 +03:00
void * memcg_slab_start ( struct seq_file * m , loff_t * pos ) ;
void * memcg_slab_next ( struct seq_file * m , void * p , loff_t * pos ) ;
void memcg_slab_stop ( struct seq_file * m , void * p ) ;
2014-12-11 02:44:19 +03:00
int memcg_slab_show ( struct seq_file * m , void * p ) ;
2014-08-07 03:04:14 +04:00
2017-11-16 04:32:07 +03:00
# if defined(CONFIG_SLAB) || defined(CONFIG_SLUB_DEBUG)
void dump_unreclaimable_slab ( void ) ;
# else
static inline void dump_unreclaimable_slab ( void )
{
}
# endif
mm: kasan: initial memory quarantine implementation
Quarantine isolates freed objects in a separate queue. The objects are
returned to the allocator later, which helps to detect use-after-free
errors.
When the object is freed, its state changes from KASAN_STATE_ALLOC to
KASAN_STATE_QUARANTINE. The object is poisoned and put into quarantine
instead of being returned to the allocator, therefore every subsequent
access to that object triggers a KASAN error, and the error handler is
able to say where the object has been allocated and deallocated.
When it's time for the object to leave quarantine, its state becomes
KASAN_STATE_FREE and it's returned to the allocator. From now on the
allocator may reuse it for another allocation. Before that happens,
it's still possible to detect a use-after free on that object (it
retains the allocation/deallocation stacks).
When the allocator reuses this object, the shadow is unpoisoned and old
allocation/deallocation stacks are wiped. Therefore a use of this
object, even an incorrect one, won't trigger ASan warning.
Without the quarantine, it's not guaranteed that the objects aren't
reused immediately, that's why the probability of catching a
use-after-free is lower than with quarantine in place.
Quarantine isolates freed objects in a separate queue. The objects are
returned to the allocator later, which helps to detect use-after-free
errors.
Freed objects are first added to per-cpu quarantine queues. When a
cache is destroyed or memory shrinking is requested, the objects are
moved into the global quarantine queue. Whenever a kmalloc call allows
memory reclaiming, the oldest objects are popped out of the global queue
until the total size of objects in quarantine is less than 3/4 of the
maximum quarantine size (which is a fraction of installed physical
memory).
As long as an object remains in the quarantine, KASAN is able to report
accesses to it, so the chance of reporting a use-after-free is
increased. Once the object leaves quarantine, the allocator may reuse
it, in which case the object is unpoisoned and KASAN can't detect
incorrect accesses to it.
Right now quarantine support is only enabled in SLAB allocator.
Unification of KASAN features in SLAB and SLUB will be done later.
This patch is based on the "mm: kasan: quarantine" patch originally
prepared by Dmitry Chernenkov. A number of improvements have been
suggested by Andrey Ryabinin.
[glider@google.com: v9]
Link: http://lkml.kernel.org/r/1462987130-144092-1-git-send-email-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Andrey Konovalov <adech.fo@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Konstantin Serebryany <kcc@google.com>
Cc: Dmitry Chernenkov <dmitryc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-05-21 02:59:11 +03:00
void ___cache_free ( struct kmem_cache * cache , void * x , unsigned long addr ) ;
2016-07-27 01:21:56 +03:00
# ifdef CONFIG_SLAB_FREELIST_RANDOM
int cache_random_seq_create ( struct kmem_cache * cachep , unsigned int count ,
gfp_t gfp ) ;
void cache_random_seq_destroy ( struct kmem_cache * cachep ) ;
# else
static inline int cache_random_seq_create ( struct kmem_cache * cachep ,
unsigned int count , gfp_t gfp )
{
return 0 ;
}
static inline void cache_random_seq_destroy ( struct kmem_cache * cachep ) { }
# endif /* CONFIG_SLAB_FREELIST_RANDOM */
mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Patch series "add init_on_alloc/init_on_free boot options", v10.
Provide init_on_alloc and init_on_free boot options.
These are aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic.
Enabling either of the options guarantees that the memory returned by the
page allocator and SL[AU]B is initialized with zeroes. SLOB allocator
isn't supported at the moment, as its emulation of kmem caches complicates
handling of SLAB_TYPESAFE_BY_RCU caches correctly.
Enabling init_on_free also guarantees that pages and heap objects are
initialized right after they're freed, so it won't be possible to access
stale data by using a dangling pointer.
As suggested by Michal Hocko, right now we don't let the heap users to
disable initialization for certain allocations. There's not enough
evidence that doing so can speed up real-life cases, and introducing ways
to opt-out may result in things going out of control.
This patch (of 2):
The new options are needed to prevent possible information leaks and make
control-flow bugs that depend on uninitialized values more deterministic.
This is expected to be on-by-default on Android and Chrome OS. And it
gives the opportunity for anyone else to use it under distros too via the
boot args. (The init_on_free feature is regularly requested by folks
where memory forensics is included in their threat models.)
init_on_alloc=1 makes the kernel initialize newly allocated pages and heap
objects with zeroes. Initialization is done at allocation time at the
places where checks for __GFP_ZERO are performed.
init_on_free=1 makes the kernel initialize freed pages and heap objects
with zeroes upon their deletion. This helps to ensure sensitive data
doesn't leak via use-after-free accesses.
Both init_on_alloc=1 and init_on_free=1 guarantee that the allocator
returns zeroed memory. The two exceptions are slab caches with
constructors and SLAB_TYPESAFE_BY_RCU flag. Those are never
zero-initialized to preserve their semantics.
Both init_on_alloc and init_on_free default to zero, but those defaults
can be overridden with CONFIG_INIT_ON_ALLOC_DEFAULT_ON and
CONFIG_INIT_ON_FREE_DEFAULT_ON.
If either SLUB poisoning or page poisoning is enabled, those options take
precedence over init_on_alloc and init_on_free: initialization is only
applied to unpoisoned allocations.
Slowdown for the new features compared to init_on_free=0, init_on_alloc=0:
hackbench, init_on_free=1: +7.62% sys time (st.err 0.74%)
hackbench, init_on_alloc=1: +7.75% sys time (st.err 2.14%)
Linux build with -j12, init_on_free=1: +8.38% wall time (st.err 0.39%)
Linux build with -j12, init_on_free=1: +24.42% sys time (st.err 0.52%)
Linux build with -j12, init_on_alloc=1: -0.13% wall time (st.err 0.42%)
Linux build with -j12, init_on_alloc=1: +0.57% sys time (st.err 0.40%)
The slowdown for init_on_free=0, init_on_alloc=0 compared to the baseline
is within the standard error.
The new features are also going to pave the way for hardware memory
tagging (e.g. arm64's MTE), which will require both on_alloc and on_free
hooks to set the tags for heap objects. With MTE, tagging will have the
same cost as memory initialization.
Although init_on_free is rather costly, there are paranoid use-cases where
in-memory data lifetime is desired to be minimized. There are various
arguments for/against the realism of the associated threat models, but
given that we'll need the infrastructure for MTE anyway, and there are
people who want wipe-on-free behavior no matter what the performance cost,
it seems reasonable to include it in this series.
[glider@google.com: v8]
Link: http://lkml.kernel.org/r/20190626121943.131390-2-glider@google.com
[glider@google.com: v9]
Link: http://lkml.kernel.org/r/20190627130316.254309-2-glider@google.com
[glider@google.com: v10]
Link: http://lkml.kernel.org/r/20190628093131.199499-2-glider@google.com
Link: http://lkml.kernel.org/r/20190617151050.92663-2-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Michal Hocko <mhocko@suse.cz> [page and dmapool parts
Acked-by: James Morris <jamorris@linux.microsoft.com>]
Cc: Christoph Lameter <cl@linux.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Sandeep Patil <sspatil@android.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Jann Horn <jannh@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-12 06:59:19 +03:00
static inline bool slab_want_init_on_alloc ( gfp_t flags , struct kmem_cache * c )
{
if ( static_branch_unlikely ( & init_on_alloc ) ) {
if ( c - > ctor )
return false ;
if ( c - > flags & ( SLAB_TYPESAFE_BY_RCU | SLAB_POISON ) )
return flags & __GFP_ZERO ;
return true ;
}
return flags & __GFP_ZERO ;
}
static inline bool slab_want_init_on_free ( struct kmem_cache * c )
{
if ( static_branch_unlikely ( & init_on_free ) )
return ! ( c - > ctor | |
( c - > flags & ( SLAB_TYPESAFE_BY_RCU | SLAB_POISON ) ) ) ;
return false ;
}
2014-08-07 03:04:14 +04:00
# endif /* MM_SLAB_H */