On 18.06.22 04:43, Miaohe Lin wrote: > On 2022/6/17 15:33, David Hildenbrand wrote: >> On 08.06.22 16:40, Miaohe Lin wrote: >>> security_vm_enough_memory_mm() checks whether a process has enough memory >>> to allocate a new virtual mapping. And total_swap_pages is considered as >>> available memory while swapoff tries to make sure there's enough memory >>> that can hold the swapped out memory. But total_swap_pages contains the >>> swap space that is being swapoff. So security_vm_enough_memory_mm() will >>> success even if there's no memory to hold the swapped out memory because >> >> s/success/succeed/ > > OK. Thanks. > >> >>> total_swap_pages always greater than or equal to p->pages. >>> >>> In order to fix it, p->pages should be retracted from total_swap_pages >> >> s/retracted/subtracted/ > > OK. Thanks. > >> >>> first and then check whether there's enough memory for inuse swap pages. >>> >>> Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx> >>> --- >>> mm/swapfile.c | 10 +++++++--- >>> 1 file changed, 7 insertions(+), 3 deletions(-) >>> >>> diff --git a/mm/swapfile.c b/mm/swapfile.c >>> index ec4c1b276691..d2bead7b8b70 100644 >>> --- a/mm/swapfile.c >>> +++ b/mm/swapfile.c >>> @@ -2398,6 +2398,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) >>> struct filename *pathname; >>> int err, found = 0; >>> unsigned int old_block_size; >>> + unsigned int inuse_pages; >>> >>> if (!capable(CAP_SYS_ADMIN)) >>> return -EPERM; >>> @@ -2428,9 +2429,13 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) >>> spin_unlock(&swap_lock); >>> goto out_dput; >>> } >>> - if (!security_vm_enough_memory_mm(current->mm, p->pages)) >>> - vm_unacct_memory(p->pages); >>> + >>> + total_swap_pages -= p->pages; >>> + inuse_pages = READ_ONCE(p->inuse_pages); >>> + if (!security_vm_enough_memory_mm(current->mm, inuse_pages)) >>> + vm_unacct_memory(inuse_pages); >>> else { >>> + total_swap_pages += p->pages; >> >> That implies that whenever we fail in security_vm_enough_memory_mm(), >> that other concurrent users might see a wrong total_swap_pages. >> >> Assume 4 GiB memory and 8 GiB swap. Let's assume 10 GiB are in use. >> >> Temporarily, we'd have >> >> CommitLimit 4 GiB >> Committed_AS 10 GiB > > IIUC, even if without this change, the other concurrent users if come after vm_acct_memory() > is done in __vm_enough_memory(), they might see > > CommitLimit 12 GiB (4 GiB memory + 8GiB total swap) > Committed_AS 18 GiB (10 GiB in use + 8GiB swap space to swapoff) > > Or am I miss something? > I think you are right! Reviewed-by: David Hildenbrand <david@xxxxxxxxxx> -- Thanks, David / dhildenb