From: Josh Poimboeuf <jpoimboe@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Jeff Layton <jlayton@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>,
Shakeel Butt <shakeelb@google.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Johannes Weiner <hannes@cmpxchg.org>,
Michal Hocko <mhocko@kernel.org>
Cc: linux-kernel@vger.kernel.org, Jens Axboe <axboe@kernel.dk>,
Tejun Heo <tj@kernel.org>,
Vasily Averin <vasily.averin@linux.dev>,
Michal Koutny <mkoutny@suse.com>,
Waiman Long <longman@redhat.com>,
Muchun Song <muchun.song@linux.dev>,
Jiri Kosina <jikos@kernel.org>,
cgroups@vger.kernel.org, linux-mm@kvack.org
Subject: [PATCH RFC 0/4] Fix file lock cache accounting, again
Date: Wed, 17 Jan 2024 08:14:42 -0800 [thread overview]
Message-ID: <cover.1705507931.git.jpoimboe@kernel.org> (raw)
This is an attempt to fix file lock cache accounting (again). The bug
was originally reported 2+ years ago [1] but was quickly reverted [2]
for performance reasons.
A few years ago some ideas [3] were floated about how to improve the
performance. Did any of those ever get implemented?
Testing shows "mm: improve performance of accounted kernel memory
allocations" [4] helping some. But even with those patches, much of the
original performance regression still remains, at least according to
microbenchmarks.
Despite that regression, this being a security and correctness issue, it
really needs to be fixed by default. Those who want to live on the edge
(or have trusted user space) can disable it.
Patch 1 enables the fix by default, but allows disabling it at boot
time.
Patch 2 allows disabling it at build time.
Patches 3 and 4 allow disabling it (along with all the CPU mitigations)
using mitigations=off.
[1] 0f12156dff28 ("memcg: enable accounting for file lock caches")
[2] 3754707bcc3e ("Revert "memcg: enable accounting for file lock caches"")
[3] https://lore.kernel.org/lkml/dbc9955d-6c28-1dd5-b842-ef39a762aa3b@kernel.dk/
[4] https://lore.kernel.org/lkml/20231019225346.1822282-1-roman.gushchin@linux.dev/
Josh Poimboeuf (4):
fs/locks: Fix file lock cache accounting, again
fs/locks: Add CONFIG_FLOCK_ACCOUNTING
mitigations: Expand 'mitigations=off' to include optional software
mitigations
mitigations: Add flock cache accounting to 'mitigations=off'
.../admin-guide/kernel-parameters.txt | 48 ++++++++++++++----
arch/arm64/kernel/cpufeature.c | 2 +-
arch/arm64/kernel/proton-pack.c | 6 +--
arch/powerpc/kernel/security.c | 14 +++---
arch/s390/kernel/nospec-branch.c | 2 +-
arch/x86/kernel/cpu/bugs.c | 35 ++++++-------
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/mm/pti.c | 3 +-
fs/Kconfig | 15 ++++++
fs/locks.c | 31 +++++++++++-
include/linux/bpf.h | 5 +-
include/linux/cpu.h | 3 --
include/linux/mitigations.h | 4 ++
kernel/Makefile | 3 +-
kernel/cpu.c | 43 ----------------
kernel/mitigations.c | 50 +++++++++++++++++++
16 files changed, 174 insertions(+), 92 deletions(-)
create mode 100644 include/linux/mitigations.h
create mode 100644 kernel/mitigations.c
--
2.43.0
next reply other threads:[~2024-01-17 16:15 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-17 16:14 Josh Poimboeuf [this message]
2024-01-17 16:14 ` [PATCH RFC 1/4] fs/locks: Fix file lock cache accounting, again Josh Poimboeuf
2024-01-17 19:00 ` Jeff Layton
2024-01-17 19:39 ` Josh Poimboeuf
2024-01-17 20:20 ` Linus Torvalds
2024-01-17 21:02 ` Shakeel Butt
2024-01-17 22:20 ` Roman Gushchin
2024-01-17 22:56 ` Shakeel Butt
2024-01-22 5:10 ` Linus Torvalds
2024-01-22 17:38 ` Shakeel Butt
2024-01-26 9:50 ` Vlastimil Babka
2024-01-30 11:04 ` Vlastimil Babka
2024-01-19 7:47 ` Shakeel Butt
2024-01-17 21:19 ` Vlastimil Babka
2024-01-17 21:50 ` Roman Gushchin
2024-01-18 9:49 ` Michal Hocko
2024-01-17 16:14 ` [PATCH RFC 2/4] fs/locks: Add CONFIG_FLOCK_ACCOUNTING Josh Poimboeuf
2024-01-17 16:14 ` [PATCH RFC 3/4] mitigations: Expand 'mitigations=off' to include optional software mitigations Josh Poimboeuf
2024-01-17 16:14 ` [PATCH RFC 4/4] mitigations: Add flock cache accounting to 'mitigations=off' Josh Poimboeuf
2024-01-18 9:04 ` Michal Koutný
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1705507931.git.jpoimboe@kernel.org \
--to=jpoimboe@kernel.org \
--cc=axboe@kernel.dk \
--cc=cgroups@vger.kernel.org \
--cc=chuck.lever@oracle.com \
--cc=hannes@cmpxchg.org \
--cc=jikos@kernel.org \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=longman@redhat.com \
--cc=mhocko@kernel.org \
--cc=mkoutny@suse.com \
--cc=muchun.song@linux.dev \
--cc=roman.gushchin@linux.dev \
--cc=shakeelb@google.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vasily.averin@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).