From: Michal Hocko <mhocko@kernel.org>
To: Alexander Potapenko <glider@google.com>
Cc: Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
Christoph Lameter <cl@linux.com>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Nick Desaulniers <ndesaulniers@google.com>,
Kostya Serebryany <kcc@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Sandeep Patil <sspatil@android.com>,
Laura Abbott <labbott@redhat.com>,
Randy Dunlap <rdunlap@infradead.org>,
Jann Horn <jannh@google.com>, Mark Rutland <mark.rutland@arm.com>,
Souptick Joarder <jrdr.linux@gmail.com>,
Matthew Wilcox <willy@infradead.org>,
Linux Memory Management List <linux-mm@kvack.org>,
linux-security-module <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v2 3/4] gfp: mm: introduce __GFP_NO_AUTOINIT
Date: Fri, 17 May 2019 15:25:42 +0200 [thread overview]
Message-ID: <20190517132542.GJ6836@dhcp22.suse.cz> (raw)
In-Reply-To: <CAG_fn=VG6vrCdpEv0g73M-Au4wW07w8g0uydEiHA96QOfcCVhA@mail.gmail.com>
On Fri 17-05-19 15:18:19, Alexander Potapenko wrote:
> On Fri, May 17, 2019 at 2:59 PM Michal this flag Hocko
> <mhocko@kernel.org> wrote:
> >
> > [It would be great to keep people involved in the previous version in the
> > CC list]
> Yes, I've been trying to keep everyone in the loop, but your email
> fell through the cracks.
> Sorry about that.
No problem
> > On Tue 14-05-19 16:35:36, Alexander Potapenko wrote:
> > > When passed to an allocator (either pagealloc or SL[AOU]B),
> > > __GFP_NO_AUTOINIT tells it to not initialize the requested memory if the
> > > init_on_alloc boot option is enabled. This can be useful in the cases
> > > newly allocated memory is going to be initialized by the caller right
> > > away.
> > >
> > > __GFP_NO_AUTOINIT doesn't affect init_on_free behavior, except for SLOB,
> > > where init_on_free implies init_on_alloc.
> > >
> > > __GFP_NO_AUTOINIT basically defeats the hardening against information
> > > leaks provided by init_on_alloc, so one should use it with caution.
> > >
> > > This patch also adds __GFP_NO_AUTOINIT to alloc_pages() calls in SL[AOU]B.
> > > Doing so is safe, because the heap allocators initialize the pages they
> > > receive before passing memory to the callers.
> >
> > I still do not like the idea of a new gfp flag as explained in the
> > previous email. People will simply use it incorectly or arbitrarily.
> > We have that juicy experience from the past.
>
> Just to preserve some context, here's the previous email:
> https://patchwork.kernel.org/patch/10907595/
> (plus the patch removing GFP_TEMPORARY for the curious ones:
> https://lwn.net/Articles/729145/)
Not only. GFP_REPEAT being another one and probably others I cannot
remember from the top of my head.
> > Freeing a memory is an opt-in feature and the slab allocator can already
> > tell many (with constructor or GFP_ZERO) do not need it.
> Sorry, I didn't understand this piece. Could you please elaborate?
The allocator can assume that caches with a constructor will initialize
the object so additional zeroying is not needed. GFP_ZERO should be self
explanatory.
> > So can we go without this gfp thing and see whether somebody actually
> > finds a performance problem with the feature enabled and think about
> > what can we do about it rather than add this maint. nightmare from the
> > very beginning?
>
> There were two reasons to introduce this flag initially.
> The first was double initialization of pages allocated for SLUB.
Could you elaborate please?
> However the benchmark results provided in this and the previous patch
> don't show any noticeable difference - most certainly because the cost
> of initializing the page is amortized.
> The second one was to fine-tune hackbench, for which the slowdown
> drops by a factor of 2.
> But optimizing a mitigation for certain benchmarks is a questionable
> measure, so maybe we could really go without it.
Agreed. Over optimization based on an artificial workloads tend to be
dubious IMHO.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2019-05-17 13:25 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190514143537.10435-1-glider@google.com>
2019-05-14 14:35 ` [PATCH v2 1/4] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options Alexander Potapenko
2019-05-16 16:19 ` Kees Cook
2019-05-16 16:42 ` Alexander Potapenko
2019-05-16 17:03 ` Kees Cook
2019-05-17 1:26 ` Kees Cook
2019-05-17 14:38 ` Alexander Potapenko
2019-05-17 14:04 ` Michal Hocko
2019-05-17 14:11 ` Alexander Potapenko
2019-05-17 14:20 ` Michal Hocko
2019-05-17 16:36 ` Kees Cook
2019-05-17 17:11 ` Michal Hocko
2019-05-14 14:35 ` [PATCH v2 2/4] lib: introduce test_meminit module Alexander Potapenko
2019-05-16 1:02 ` Kees Cook
2019-05-17 15:51 ` Alexander Potapenko
2019-05-17 16:37 ` Kees Cook
2019-05-14 14:35 ` [PATCH v2 3/4] gfp: mm: introduce __GFP_NO_AUTOINIT Alexander Potapenko
2019-05-17 12:59 ` Michal Hocko
2019-05-17 13:18 ` Alexander Potapenko
2019-05-17 13:25 ` Michal Hocko [this message]
2019-05-17 13:37 ` Alexander Potapenko
2019-05-17 14:01 ` Michal Hocko
2019-05-17 16:27 ` Kees Cook
2019-05-17 17:11 ` Michal Hocko
2019-05-21 14:18 ` Alexander Potapenko
2019-05-21 14:25 ` Michal Hocko
2019-05-14 14:35 ` [PATCH v2 4/4] net: apply __GFP_NO_AUTOINIT to AF_UNIX sk_buff allocations Alexander Potapenko
2019-05-16 16:53 ` Kees Cook
2019-05-17 0:26 ` Kees Cook
2019-05-17 8:49 ` Alexander Potapenko
2019-05-17 13:50 ` Alexander Potapenko
2019-05-17 16:13 ` Kees Cook
2019-05-17 0:50 ` [PATCH 5/4] mm: Introduce SLAB_NO_FREE_INIT and mark excluded caches Kees Cook
2019-05-17 8:34 ` Alexander Potapenko
2019-05-17 15:59 ` Kees Cook
2019-05-20 6:10 ` Mathias Krause
2019-05-20 16:12 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190517132542.GJ6836@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=jrdr.linux@gmail.com \
--cc=kcc@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=ndesaulniers@google.com \
--cc=rdunlap@infradead.org \
--cc=serge@hallyn.com \
--cc=sspatil@android.com \
--cc=willy@infradead.org \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).