Re: [PATCH v6 4/5] mm/migrate: skip migrating folios under writeback with AS_WRITEBACK_INDETERMINATE mappings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 19, 2024 at 07:04:40PM +0100, Bernd Schubert wrote:
> 
> 
> On 12/19/24 18:55, Joanne Koong wrote:
> > On Thu, Dec 19, 2024 at 9:26 AM David Hildenbrand <david@xxxxxxxxxx> wrote:
> >>
> >> On 19.12.24 18:14, Shakeel Butt wrote:
> >>> On Thu, Dec 19, 2024 at 05:41:36PM +0100, David Hildenbrand wrote:
> >>>> On 19.12.24 17:40, Shakeel Butt wrote:
> >>>>> On Thu, Dec 19, 2024 at 05:29:08PM +0100, David Hildenbrand wrote:
> >>>>> [...]
> >>>>>>>
> >>>>>>> If you check the code just above this patch, this
> >>>>>>> mapping_writeback_indeterminate() check only happen for pages under
> >>>>>>> writeback which is a temp state. Anyways, fuse folios should not be
> >>>>>>> unmovable for their lifetime but only while under writeback which is
> >>>>>>> same for all fs.
> >>>>>>
> >>>>>> But there, writeback is expected to be a temporary thing, not possibly:
> >>>>>> "AS_WRITEBACK_INDETERMINATE", that is a BIG difference.
> >>>>>>
> >>>>>> I'll have to NACK anything that violates ZONE_MOVABLE / ALLOC_CMA
> >>>>>> guarantees, and unfortunately, it sounds like this is the case here, unless
> >>>>>> I am missing something important.
> >>>>>>
> >>>>>
> >>>>> It might just be the name "AS_WRITEBACK_INDETERMINATE" is causing
> >>>>> the confusion. The writeback state is not indefinite. A proper fuse fs,
> >>>>> like anyother fs, should handle writeback pages appropriately. These
> >>>>> additional checks and skips are for (I think) untrusted fuse servers.
> >>>>
> >>>> Can unprivileged user space provoke this case?
> >>>
> >>> Let's ask Joanne and other fuse folks about the above question.
> >>>
> >>> Let's say unprivileged user space can start a untrusted fuse server,
> >>> mount fuse, allocate and dirty a lot of fuse folios (within its dirty
> >>> and memcg limits) and trigger the writeback. To cause pain (through
> >>> fragmentation), it is not clearing the writeback state. Is this the
> >>> scenario you are envisioning?
> >>
> > 
> > This scenario can already happen with temp pages. An untrusted
> > malicious fuse server may allocate and dirty a lot of fuse folios
> > within its dirty/memcg limits and never clear writeback on any of them
> > and tie up system resources. This certainly isn't the common case, but
> > it is a possibility. However, request timeouts can be set by the
> > system admin [1] to protect against malicious/buggy fuse servers that
> > try to do this. If the request isn't replied to by a certain amount of
> > time, then the connection will be aborted and writeback state and
> > other resources will be cleared/freed.
> > 
> 
> I think what Zi points out that that is a current implementation issue
> and these temp pages should be in a continues range. 
> Obviously better to avoid a tmp copy at all.

The current tmp pages are allocated from MIGRATE_UNMOVABLE. I don't see
any additional benefit of reserving any continuous unmovable memory
regions for tmp pages. It will just add complexity without any clear
benefit.




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux