[PATCH 1/1] mm: change inlined allocation helpers to account at the call site
Kent Overstreet
kent.overstreet at linux.dev
Thu Apr 4 23:00:51 UTC 2024
On Thu, Apr 04, 2024 at 03:41:50PM -0700, Andrew Morton wrote:
> On Thu, 4 Apr 2024 18:38:39 -0400 Kent Overstreet <kent.overstreet at linux.dev> wrote:
>
> > On Thu, Apr 04, 2024 at 11:33:22PM +0100, Matthew Wilcox wrote:
> > > On Thu, Apr 04, 2024 at 03:17:43PM -0700, Suren Baghdasaryan wrote:
> > > > Ironically, checkpatch generates warnings for these type casts:
> > > >
> > > > WARNING: unnecessary cast may hide bugs, see
> > > > http://c-faq.com/malloc/mallocnocast.html
> > > > #425: FILE: include/linux/dma-fence-chain.h:90:
> > > > + ((struct dma_fence_chain *)kmalloc(sizeof(struct dma_fence_chain),
> > > > GFP_KERNEL))
> > > >
> > > > I guess I can safely ignore them in this case (since we cast to the
> > > > expected type)?
> > >
> > > I find ignoring checkpatch to be a solid move 99% of the time.
> > >
> > > I really don't like the codetags. This is so much churn, and it could
> > > all be avoided by just passing in _RET_IP_ or _THIS_IP_ depending on
> > > whether we wanted to profile this function or its caller. vmalloc
> > > has done it this way since 2008 (OK, using __builtin_return_address())
> > > and lockdep has used _THIS_IP_ / _RET_IP_ since 2006.
> >
> > Except you can't. We've been over this; using that approach for tracing
> > is one thing, using it for actual accounting isn't workable.
>
> I missed that. There have been many emails. Please remind us of the
> reasoning here.
I think it's on the other people claiming 'oh this would be so easy if
you just do it this other way' to put up some code - or at least more
than hot takes.
But, since you asked - one of the main goals of this patchset was to be
fast enough to run in production, and if you do it by return address
then you've added at minimum a hash table lookup to every allocate and
free; if you do that, running it in production is completely out of the
question.
Besides that - the issues with annotating and tracking the correct
callsite really don't go away, they just shift around a bit. It's true
that the return address approach would be easier initially, but that's
not all we're concerned with; we're concerned with making sure
allocations get accounted to the _correct_ callsite so that we're giving
numbers that you can trust, and by making things less explicit you make
that harder.
Additionally: the alloc_hooks() macro is for more than this. It's also
for more usable fault injection - remember every thread we have where
people are begging for every allocation to be __GFP_NOFAIL - "oh, error
paths are hard to test, let's just get rid of them" - never mind that
actually do have to have error paths - but _per callsite_ selectable
fault injection will actually make it practical to test memory error
paths.
And Kees working on stuff that'll make use of the alloc_hooks() macro
for segregating kmem_caches.
This is all stuff that I've explained before; let's please dial back on
the whining - or I'll just bookmark this for next time...
More information about the Linux-security-module-archive
mailing list