mm/slab_common.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
Duplicate slab cache names can create havoc for userspace tooling that
expects slab cache names to be unique. This is a reasonable expectation.
Sadly, too many duplicate name problems are out there in the wild, so
simply pr_warn instead of pr_err() + failing the sanity check.
Link: https://lore.kernel.org/linux-fsdevel/2d1d053da1cafb3e7940c4f25952da4f0af34e38.1722293276.git.osandov@fb.com/
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
---
v2:
- Replace the pr_err() + failure with a simple pr_warn
Contrary to Vlastimil's suggestion, we don't seem to require a refcount
== 0 check, because shutdown_cache already synchronously deletes the cache from the list (even reusing
the same list_head for TYPESAFE_BY_RCU).
mm/slab_common.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/mm/slab_common.c b/mm/slab_common.c
index 40b582a014b..1abe6a577d5 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -88,6 +88,19 @@ unsigned int kmem_cache_size(struct kmem_cache *s)
EXPORT_SYMBOL(kmem_cache_size);
#ifdef CONFIG_DEBUG_VM
+
+static bool kmem_cache_is_duplicate_name(const char *name)
+{
+ struct kmem_cache *s;
+
+ list_for_each_entry(s, &slab_caches, list) {
+ if (!strcmp(s->name, name))
+ return true;
+ }
+
+ return false;
+}
+
static int kmem_cache_sanity_check(const char *name, unsigned int size)
{
if (!name || in_interrupt() || size > KMALLOC_MAX_SIZE) {
@@ -95,6 +108,11 @@ static int kmem_cache_sanity_check(const char *name, unsigned int size)
return -EINVAL;
}
+ if (kmem_cache_is_duplicate_name(name)) {
+ /* Duplicate names will confuse slabtop, et al */
+ pr_warn("%s: name %s already exists as a cache\n", __func__, name);
+ }
+
WARN_ON(strchr(name, ' ')); /* It confuses parsers */
return 0;
}
--
2.46.0On Wed, 7 Aug 2024, Pedro Falcato wrote:
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index 40b582a014b..1abe6a577d5 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -88,6 +88,19 @@ unsigned int kmem_cache_size(struct kmem_cache *s)
> EXPORT_SYMBOL(kmem_cache_size);
>
> #ifdef CONFIG_DEBUG_VM
> +
> +static bool kmem_cache_is_duplicate_name(const char *name)
> +{
> + struct kmem_cache *s;
> +
> + list_for_each_entry(s, &slab_caches, list) {
> + if (!strcmp(s->name, name))
> + return true;
> + }
> +
> + return false;
> +}
> +
> static int kmem_cache_sanity_check(const char *name, unsigned int size)
> {
> if (!name || in_interrupt() || size > KMALLOC_MAX_SIZE) {
> @@ -95,6 +108,11 @@ static int kmem_cache_sanity_check(const char *name, unsigned int size)
> return -EINVAL;
> }
>
> + if (kmem_cache_is_duplicate_name(name)) {
> + /* Duplicate names will confuse slabtop, et al */
> + pr_warn("%s: name %s already exists as a cache\n", __func__, name);
Shouldn't this be a full WARN_ON() instead of pr_warn()? I assume we'll
be interested in who is adding the cache when the name already exists.
On Sun, Aug 11, 2024 at 9:30 PM David Rientjes <rientjes@google.com> wrote:
>
> On Wed, 7 Aug 2024, Pedro Falcato wrote:
>
> > diff --git a/mm/slab_common.c b/mm/slab_common.c
> > index 40b582a014b..1abe6a577d5 100644
> > --- a/mm/slab_common.c
> > +++ b/mm/slab_common.c
> > @@ -88,6 +88,19 @@ unsigned int kmem_cache_size(struct kmem_cache *s)
> > EXPORT_SYMBOL(kmem_cache_size);
> >
> > #ifdef CONFIG_DEBUG_VM
> > +
> > +static bool kmem_cache_is_duplicate_name(const char *name)
> > +{
> > + struct kmem_cache *s;
> > +
> > + list_for_each_entry(s, &slab_caches, list) {
> > + if (!strcmp(s->name, name))
> > + return true;
> > + }
> > +
> > + return false;
> > +}
> > +
> > static int kmem_cache_sanity_check(const char *name, unsigned int size)
> > {
> > if (!name || in_interrupt() || size > KMALLOC_MAX_SIZE) {
> > @@ -95,6 +108,11 @@ static int kmem_cache_sanity_check(const char *name, unsigned int size)
> > return -EINVAL;
> > }
> >
> > + if (kmem_cache_is_duplicate_name(name)) {
> > + /* Duplicate names will confuse slabtop, et al */
> > + pr_warn("%s: name %s already exists as a cache\n", __func__, name);
>
>
> Shouldn't this be a full WARN_ON() instead of pr_warn()? I assume we'll
> be interested in who is adding the cache when the name already exists.
panic_on_warn? :)
Personally I don't have anything against WARN_ON, but we've seen that
panic_on_warn is a real thing on real systems, and DEBUG_VM is also
set on real prod configs (like Fedora does/used to do). I've sent out
one or two loose patches for problems I did find in my own testing
around, but there may be many more (e.g some drivers may call
kmem_cache_create repeatedly in some sort of callback, like 9pfs was
doing when mounting; this is not greppable). And I'd guess grepping
for cache names tends to be easy enough?
--
Pedro
On Sun, 11 Aug 2024, Pedro Falcato wrote:
> > > diff --git a/mm/slab_common.c b/mm/slab_common.c
> > > index 40b582a014b..1abe6a577d5 100644
> > > --- a/mm/slab_common.c
> > > +++ b/mm/slab_common.c
> > > @@ -88,6 +88,19 @@ unsigned int kmem_cache_size(struct kmem_cache *s)
> > > EXPORT_SYMBOL(kmem_cache_size);
> > >
> > > #ifdef CONFIG_DEBUG_VM
> > > +
> > > +static bool kmem_cache_is_duplicate_name(const char *name)
> > > +{
> > > + struct kmem_cache *s;
> > > +
> > > + list_for_each_entry(s, &slab_caches, list) {
> > > + if (!strcmp(s->name, name))
> > > + return true;
> > > + }
> > > +
> > > + return false;
> > > +}
> > > +
> > > static int kmem_cache_sanity_check(const char *name, unsigned int size)
> > > {
> > > if (!name || in_interrupt() || size > KMALLOC_MAX_SIZE) {
> > > @@ -95,6 +108,11 @@ static int kmem_cache_sanity_check(const char *name, unsigned int size)
> > > return -EINVAL;
> > > }
> > >
> > > + if (kmem_cache_is_duplicate_name(name)) {
> > > + /* Duplicate names will confuse slabtop, et al */
> > > + pr_warn("%s: name %s already exists as a cache\n", __func__, name);
> >
> >
> > Shouldn't this be a full WARN_ON() instead of pr_warn()? I assume we'll
> > be interested in who is adding the cache when the name already exists.
>
> panic_on_warn? :)
>
Would get the problem fixed up pretty fast, no? :)
> Personally I don't have anything against WARN_ON, but we've seen that
> panic_on_warn is a real thing on real systems, and DEBUG_VM is also
> set on real prod configs (like Fedora does/used to do). I've sent out
> one or two loose patches for problems I did find in my own testing
> around, but there may be many more (e.g some drivers may call
> kmem_cache_create repeatedly in some sort of callback, like 9pfs was
> doing when mounting; this is not greppable). And I'd guess grepping
> for cache names tends to be easy enough?
>
Can we add a dump_stack() to make this way easier instead of hiding who is
creating the duplicate name?
On Mon, Aug 12, 2024 at 1:55 AM David Rientjes <rientjes@google.com> wrote:
>
> On Sun, 11 Aug 2024, Pedro Falcato wrote:
> > > > + if (kmem_cache_is_duplicate_name(name)) {
> > > > + /* Duplicate names will confuse slabtop, et al */
> > > > + pr_warn("%s: name %s already exists as a cache\n", __func__, name);
> > >
> > >
> > > Shouldn't this be a full WARN_ON() instead of pr_warn()? I assume we'll
> > > be interested in who is adding the cache when the name already exists.
> >
> > panic_on_warn? :)
> >
>
> Would get the problem fixed up pretty fast, no? :)
>
> > Personally I don't have anything against WARN_ON, but we've seen that
> > panic_on_warn is a real thing on real systems, and DEBUG_VM is also
> > set on real prod configs (like Fedora does/used to do). I've sent out
> > one or two loose patches for problems I did find in my own testing
> > around, but there may be many more (e.g some drivers may call
> > kmem_cache_create repeatedly in some sort of callback, like 9pfs was
> > doing when mounting; this is not greppable). And I'd guess grepping
> > for cache names tends to be easy enough?
> >
>
> Can we add a dump_stack() to make this way easier instead of hiding who is
> creating the duplicate name?
Bah, sorry for the delay.
I'm fully in favour of adding a dump_stack(), but it seems like hand
coding WARN_ON a bit. Oh well.
If y'all agree, please squash this in (praying gmail doesn't mangle
this diff, in any case it's a trivial change):
diff --git a/mm/slab_common.c b/mm/slab_common.c
index 1abe6a577d52..d183655e4b1b 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -111,6 +111,7 @@ static int kmem_cache_sanity_check(const char
*name, unsigned int size)
if (kmem_cache_is_duplicate_name(name)) {
/* Duplicate names will confuse slabtop, et al */
pr_warn("%s: name %s already exists as a cache\n",
__func__, name);
+ dump_stack_lvl(KERN_WARNING);
}
WARN_ON(strchr(name, ' ')); /* It confuses parsers */
On 8/16/24 14:17, Pedro Falcato wrote:
> On Mon, Aug 12, 2024 at 1:55 AM David Rientjes <rientjes@google.com> wrote:
>>
>> On Sun, 11 Aug 2024, Pedro Falcato wrote:
>> > > > + if (kmem_cache_is_duplicate_name(name)) {
>> > > > + /* Duplicate names will confuse slabtop, et al */
>> > > > + pr_warn("%s: name %s already exists as a cache\n", __func__, name);
>> > >
>> > >
>> > > Shouldn't this be a full WARN_ON() instead of pr_warn()? I assume we'll
>> > > be interested in who is adding the cache when the name already exists.
>> >
>> > panic_on_warn? :)
>> >
>>
>> Would get the problem fixed up pretty fast, no? :)
>>
>> > Personally I don't have anything against WARN_ON, but we've seen that
>> > panic_on_warn is a real thing on real systems, and DEBUG_VM is also
>> > set on real prod configs (like Fedora does/used to do). I've sent out
>> > one or two loose patches for problems I did find in my own testing
>> > around, but there may be many more (e.g some drivers may call
>> > kmem_cache_create repeatedly in some sort of callback, like 9pfs was
>> > doing when mounting; this is not greppable). And I'd guess grepping
>> > for cache names tends to be easy enough?
>> >
>>
>> Can we add a dump_stack() to make this way easier instead of hiding who is
>> creating the duplicate name?
>
>
> Bah, sorry for the delay.
>
> I'm fully in favour of adding a dump_stack(), but it seems like hand
> coding WARN_ON a bit. Oh well.
After some pondering I've decided we should just go with WARN_ON and not do
a hand coded workaround for hypothetical people who run CONFIG_DEBUG_VM
together with panic_on_warn, so I've updated the commit in the slab tree
accordingly.
> If y'all agree, please squash this in (praying gmail doesn't mangle
> this diff, in any case it's a trivial change):
>
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index 1abe6a577d52..d183655e4b1b 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -111,6 +111,7 @@ static int kmem_cache_sanity_check(const char
> *name, unsigned int size)
> if (kmem_cache_is_duplicate_name(name)) {
> /* Duplicate names will confuse slabtop, et al */
> pr_warn("%s: name %s already exists as a cache\n",
> __func__, name);
> + dump_stack_lvl(KERN_WARNING);
> }
>
> WARN_ON(strchr(name, ' ')); /* It confuses parsers */
On Wed, 7 Aug 2024, Pedro Falcato wrote: > Duplicate slab cache names can create havoc for userspace tooling that > expects slab cache names to be unique. This is a reasonable expectation. Yes that is reasonable. This is done during slab creation and so is not a performance sensitive operation. The sanity check could be done even without CONFIG_DEBUG_VM Acked-by: Christoph Lameter <cl@linux.com>
On 8/7/24 19:32, Christoph Lameter (Ampere) wrote: > On Wed, 7 Aug 2024, Pedro Falcato wrote: > >> Duplicate slab cache names can create havoc for userspace tooling that >> expects slab cache names to be unique. This is a reasonable expectation. > > Yes that is reasonable. This is done during slab creation and so is not a > performance sensitive operation. The sanity check could be done even > without CONFIG_DEBUG_VM We can perhaps move it outside CONFIG_DEBUG_VM in few cycles. > Acked-by: Christoph Lameter <cl@linux.com> Added to slab/for-next, thanks!
On 8/7/24 11:07, Pedro Falcato wrote:
> Duplicate slab cache names can create havoc for userspace tooling that
> expects slab cache names to be unique. This is a reasonable expectation.
>
> Sadly, too many duplicate name problems are out there in the wild, so
> simply pr_warn instead of pr_err() + failing the sanity check.
>
> Link: https://lore.kernel.org/linux-fsdevel/2d1d053da1cafb3e7940c4f25952da4f0af34e38.1722293276.git.osandov@fb.com/
> Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
> ---
> v2:
> - Replace the pr_err() + failure with a simple pr_warn
>
> Contrary to Vlastimil's suggestion, we don't seem to require a refcount
> == 0 check, because shutdown_cache already synchronously deletes the cache from the list (even reusing
> the same list_head for TYPESAFE_BY_RCU).
It's not deleted when leaked objects are detected and the destroy is
aborted. But in this series that should no longer happen so then it will be
fine:
https://lore.kernel.org/all/20240807-b4-slab-kfree_rcu-destroy-v2-0-ea79102f428c@suse.cz/
>
> mm/slab_common.c | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index 40b582a014b..1abe6a577d5 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -88,6 +88,19 @@ unsigned int kmem_cache_size(struct kmem_cache *s)
> EXPORT_SYMBOL(kmem_cache_size);
>
> #ifdef CONFIG_DEBUG_VM
> +
> +static bool kmem_cache_is_duplicate_name(const char *name)
> +{
> + struct kmem_cache *s;
> +
> + list_for_each_entry(s, &slab_caches, list) {
> + if (!strcmp(s->name, name))
> + return true;
> + }
> +
> + return false;
> +}
> +
> static int kmem_cache_sanity_check(const char *name, unsigned int size)
> {
> if (!name || in_interrupt() || size > KMALLOC_MAX_SIZE) {
> @@ -95,6 +108,11 @@ static int kmem_cache_sanity_check(const char *name, unsigned int size)
> return -EINVAL;
> }
>
> + if (kmem_cache_is_duplicate_name(name)) {
> + /* Duplicate names will confuse slabtop, et al */
> + pr_warn("%s: name %s already exists as a cache\n", __func__, name);
> + }
> +
> WARN_ON(strchr(name, ' ')); /* It confuses parsers */
> return 0;
> }
© 2016 - 2026 Red Hat, Inc.