From patchwork Fri Apr 14 05:08:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13210930 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3EDC0C77B78 for ; Fri, 14 Apr 2023 05:08:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 76DE6900002; Fri, 14 Apr 2023 01:08:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 71E5C6B0075; Fri, 14 Apr 2023 01:08:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5E5B1900002; Fri, 14 Apr 2023 01:08:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 4BF756B0072 for ; Fri, 14 Apr 2023 01:08:53 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 0910940117 for ; Fri, 14 Apr 2023 05:08:53 +0000 (UTC) X-FDA: 80678816946.14.B23372C Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf24.hostedemail.com (Postfix) with ESMTP id BF3F3180008 for ; Fri, 14 Apr 2023 05:08:50 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=DqwnBtWG; spf=none (imf24.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681448931; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=d1P4Lb2k3WvTKxpPWQ0Fgfk0BiJfkVHvlpVmM1zJ91o=; b=nws2ep/DdHd7uismQNDCv6zpOXkI1Lz/w9g+RFV5gu0bG9SIleyXOkMHAH96WhvkJVK8qO GoGgZXVo8RJEAX1D+n0zoUyQco81/3cx3Qtwg9rygobpiDmsYFx9+/ZAFtCZ8opmVQkCVP JS0rOViTCMeXF+ZdhnP6pMsKcR62I5I= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=DqwnBtWG; spf=none (imf24.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681448931; a=rsa-sha256; cv=none; b=4VBs1Dyfzniy7pvhKD1NGpmzOaoegb1uiWWYgOXyK7TkcRucHM7Gv3Eox9vsQHXlcNnfVw OX7ap60i6GHLro+w7btRkz4WBq/Q0jGFTb1jO3ixEgtz8GKCAyyrGenMF++u16Uvar315t RW4dXd6obj6CZGHGjMPCW6+VRyX+mG0= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=d1P4Lb2k3WvTKxpPWQ0Fgfk0BiJfkVHvlpVmM1zJ91o=; b=DqwnBtWGV0bKq17zOTApZ3Ty3T udPqRDkRW1Jw8aPmWRpjpvoUlYqek3ute8vM6VwL9HTtizN7T8xk5JEKTWEwszDrd6Ea0xRhixqIe lSOkfft0VtkvePiEiL6sb0gtU+Mq4EzfC2g3HaoX9ze0a5otbhjpdGeWXTMPTCtk39do+8hqGXvZ8 F4yu9B9GVNuQ0BqNTuxMdqZR6c2G/outr+fojM2z8JW+Nomy8VaHsZSkYBaujlaFpisBQPscw9sXm GKroLOlcDoKPwao7uq/9cPdYuPDIVREaqhWIOf/tE869yP7hbUcM10hHP9xfzJZNY8yupugCJc/UL HZ8rZI0g==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pnBfp-008KKH-1R; Fri, 14 Apr 2023 05:08:37 +0000 From: Luis Chamberlain To: david@redhat.com, patches@lists.linux.dev, linux-modules@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, pmladek@suse.com, petr.pavlu@suse.com, prarit@redhat.com, torvalds@linux-foundation.org, gregkh@linuxfoundation.org, rafael@kernel.org Cc: christophe.leroy@csgroup.eu, tglx@linutronix.de, peterz@infradead.org, song@kernel.org, rppt@kernel.org, dave@stgolabs.net, willy@infradead.org, vbabka@suse.cz, mhocko@suse.com, dave.hansen@linux.intel.com, colin.i.king@gmail.com, jim.cromie@gmail.com, catalin.marinas@arm.com, jbaron@akamai.com, rick.p.edgecombe@intel.com, mcgrof@kernel.org Subject: [PATCH v3 1/4] module: fix kmemleak annotations for non init ELF sections Date: Thu, 13 Apr 2023 22:08:33 -0700 Message-Id: <20230414050836.1984746-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230414050836.1984746-1-mcgrof@kernel.org> References: <20230414050836.1984746-1-mcgrof@kernel.org> MIME-Version: 1.0 X-Stat-Signature: kt387k1m1tfpf4xdbtq71r3xb96nbmne X-Rspam-User: X-Rspamd-Queue-Id: BF3F3180008 X-Rspamd-Server: rspam06 X-HE-Tag: 1681448930-329931 X-HE-Meta: U2FsdGVkX1+fotm30PcU+WqECNDY2AnAHSnpi3v/Umifd9CPCxl7Um90HhUwZ2kJaFxWxOVoEvH6mud5DCOUcO6t/RNv8JAPC7V8RJEI+jbsa9n85VA1H1l28/Yw4+ue3cpWzR9UTGZNl0d9FpYG4b5RZfjl1jRtU7CmA6WuPtJt+IFEsBfsdzP/EKTR6xHDUHh6s5lv5IWzrRWN8dwe01BUQmYY/vSdvFTnFbmrysCcBdfH5mqALbI4TOQ53pT6n4maiRpgaXy7Vzq6+xGnn6WdyMEOfRRKis7hY787I45jdsGONgEF3fJCzkYIkJCKr5ui5fBqm9j74AbgJrek29wFoejbGL/IuyClGuZW44MrJqH1uE3WFe8aPh/fYvlrf9RiA6v49nTLjmfw1dV2GpaSV4JOazH71tEKAjokUrKVJ3funlXcUQqC725CvGMulVIpo2VuRiMkKNtVLSaDOW8kN26/cZC3ygxoWzaZ8e/tKScBISozU8mDdfwsiPLj0kGExrsk4JYNyW3UHvcW0qpv1sojB5w1aoLWm0J/peUrJSf1AOaJUQtI3MD4XzXVFfI6xLGxqJSj3ljF1x5fQsP2covq8F1rvn3GEGP7WqpCpGSB1b5oQ1aYLevwrsG4Rr5BuA5L1fVXiUXNfeh6wrf6rLHIwX4yijIzY7KFgvGRPFkmtWTt+oa8fzldLFTCZrbLQawq2ooITfMVHLN4+cxx2lhvi4nrmk3z4IZkTvA3HiUhVRgfTPJUB5ArqhS8xrxGQvbHtE0tE3S2wwiVgxXn2djr6R/ZOyti84FhdR0Rp702B7VemI4LXJidcu8cY9m8IXz2WVDenEH/gDly2ar/aCvdCUSuGeQdks+C5Db8avmzpy2uCmcL6j4XyS+Xb0qTUmDgFv/+QX3W8BW75E8S2we9JtEzvesdDEjc7WtbvIVmhIjKGecVwrq2y7hFW+VSknA7gLascFOCh22 bvG+MA7+ JL218Kv6XmkuOWtZGwUTIbnrpugYqQ3suOiJbLur8a8mL3Vn7iC9MkmVSLDsNBvB8ZMpf7WEouJOvc3WkhGw3hcEsBIPvc7r8ytNKlJZ+IzlW9CXenesZq/RoNxdgnsQPoEJPtRg7JXAQ0jT+itk6QFWmrsIKIxs9zBrxqh0IuPrvsrHGq6vgAOl2IaeWiTuRyjJdWLsvzrxm89baHrcVQMWB1ouejITDcBEKR4j5FkwjQ8gInk/HCvmXco/R5SMB8YZC2VxG+v+9f6wSnaUfn2PRwJ83ouKOrktjn3IxF1p//J3tRTjR8J0wlppiB/b2h6hZhNjBRUCAj7E14Xd2CGEw7ywwEqmUDXqe8rWSSF2lgZJSs8hOkx4LrbglMgFNSROvBLMUk9Kig+ukS95jn0VTtOJ2SFSoPI3ayNusgxohxxJBptB9dxfISiEMV/mADIG7UpqAJuC5jBGHsGaQWDLhLQFErURLbTq8qirx5P83QsJPf+QulRAWjeWx9cjA+orvHHZRMMH+UYkj/CwQ3pqL1R6CQsd9tpKSdc/GDhW9Fcf1kdIKJxQ4A0e8W8UM/i4p X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Commit ac3b43283923 ("module: replace module_layout with module_memory") reworked the way to handle memory allocations to make it clearer. But it lost in translation how we handled kmemleak_ignore() or kmemleak_not_leak() for different ELF sections. Fix this and clarify the comments a bit more. Contrary to the old way of using kmemleak_ignore() for init.* ELF sections we stick now only to kmemleak_not_leak() as per suggestion by Catalin Marinas so to avoid any false positives and simplify the code. Fixes: ac3b43283923 ("module: replace module_layout with module_memory") Reported-by: Jim Cromie Acked-by: Song Liu Suggested-by: Catalin Marinas Signed-off-by: Luis Chamberlain Reviewed-by: Catalin Marinas --- kernel/module/main.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 5cc21083af04..32554d8a5791 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2231,13 +2231,18 @@ static int move_module(struct module *mod, struct load_info *info) } mod->mem[type].size = PAGE_ALIGN(mod->mem[type].size); ptr = module_memory_alloc(mod->mem[type].size, type); - /* - * The pointer to this block is stored in the module structure - * which is inside the block. Just mark it as not being a - * leak. + * The pointer to these blocks of memory are stored on the module + * structure and we keep that around so long as the module is + * around. We only free that memory when we unload the module. + * Just mark them as not being a leak then. The .init* ELF + * sections *do* get freed after boot so we *could* treat them + * slightly differently with kmemleak_ignore() and only grey + * them out as they work as typical memory allocations which + * *do* eventually get freed, but let's just keep things simple + * and avoid *any* false positives. */ - kmemleak_ignore(ptr); + kmemleak_not_leak(ptr); if (!ptr) { t = type; goto out_enomem; From patchwork Fri Apr 14 05:08:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13210932 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F612C77B73 for ; Fri, 14 Apr 2023 05:08:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 378CF900005; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3118F900004; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1798C900004; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 06B41900003 for ; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B696CA0115 for ; Fri, 14 Apr 2023 05:08:53 +0000 (UTC) X-FDA: 80678816946.11.6FF7FD2 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf23.hostedemail.com (Postfix) with ESMTP id 9D98C140002 for ; Fri, 14 Apr 2023 05:08:50 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=EyOGTA5x; spf=none (imf23.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681448931; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TU8tmoj4+nC9iaV5IMo+u+NGjzkEv9TSC0uMqT3ZueI=; b=LBPIljtEMbA3pSXburBuL3j3NfuvENTpAKUUiZaFElMcXQaodAnbFhNB3ny6FzKpK3rwJv exIkb7g9VtWEYzoWM7JhQhAUmU+wcqC1x+poIO8/klfvu3aFHIujH0e/Rc2jFmb0NpUzaL dGmsWxyUXl6NviLPmzMFcbaaNN+tXpk= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=EyOGTA5x; spf=none (imf23.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681448931; a=rsa-sha256; cv=none; b=hEe+VtnNYDtfVOykdg6PA96aIhS9nfWriMMc+HwSYyIJ5lwVuQrNDa8j0mE5xvowz/kEYP RMTGUn2uITbL5BmXV199x3pd6LvNrmrSQGirVuHqyjECHhjbcqjc4EsrarrCwnm6P9qMz1 kZHasLR75CH1X529DPUA2KXVW1eAneA= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=TU8tmoj4+nC9iaV5IMo+u+NGjzkEv9TSC0uMqT3ZueI=; b=EyOGTA5xTDzDcGr8GSBjkFLAN8 nGjkRQkjVZyZ1K+MuXZXYknzkVx1pGnFe94XPuHo4pX/P+jISL8mSC74ra5XSjl1AhLiUBcKp5fHv HTH3BHIqG/QCcwQsDxY47l8GSa8CI27vezXz4S8W5/UNxP1wlFF10VEDXPBlEczhj4nWzdiZLjwjX 7y3fYrCRccB7AfukcLW8wj8KzNE4sFjwAO8RmmNXBw3hKI83KBPOegRJadxHY8gH3WWgOCCElc0zS AVLGLYqIZAsNBXE0Lnh18BuIo2GpcXFQIA723+MLHAFr/MYvdVp4KTBPRmb7fTKZtEPos+zmyZheG vngAaacw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pnBfp-008KKL-23; Fri, 14 Apr 2023 05:08:37 +0000 From: Luis Chamberlain To: david@redhat.com, patches@lists.linux.dev, linux-modules@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, pmladek@suse.com, petr.pavlu@suse.com, prarit@redhat.com, torvalds@linux-foundation.org, gregkh@linuxfoundation.org, rafael@kernel.org Cc: christophe.leroy@csgroup.eu, tglx@linutronix.de, peterz@infradead.org, song@kernel.org, rppt@kernel.org, dave@stgolabs.net, willy@infradead.org, vbabka@suse.cz, mhocko@suse.com, dave.hansen@linux.intel.com, colin.i.king@gmail.com, jim.cromie@gmail.com, catalin.marinas@arm.com, jbaron@akamai.com, rick.p.edgecombe@intel.com, mcgrof@kernel.org Subject: [PATCH v3 2/4] module: extract patient module check into helper Date: Thu, 13 Apr 2023 22:08:34 -0700 Message-Id: <20230414050836.1984746-3-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230414050836.1984746-1-mcgrof@kernel.org> References: <20230414050836.1984746-1-mcgrof@kernel.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: 9D98C140002 X-Stat-Signature: mf81i6zo5t7qa3ggixtaser1487sebxp X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1681448930-991637 X-HE-Meta: U2FsdGVkX19L7/vqmqUQD1Dud7sv2OsnR+L8qEEG/j1n+AkBuc9UVD+H3vYHURskXAt3tA5k920hef+zyaBXCYGg09YGm4q8AfyjXlGtC0/EJULOtA2Fsb2r0CK9cuf8irplZq/Tv33ZluX4gQIee+ZRHLrPsLJ0p6y6k1Tnv3A1oCT6Ka1xOg2sUScTC0hZrmddq72gQpmwL4IdDrCUfkREGecxlbTJxQtIvdo4Z29UetS4x1mPDEDptZdoevPQ24B3zaj6vgAitXSrBh4IP6wPRFNp9rhH4VcRo0Py1OzOH2e26v0HUT6PPI7SOzhHWU3RiCsPds9MoCgktIc+ufrrvRwDHP1SPqh6Yg/W5JydZktYZXmuHQfl4VDTCyp1FCOkzhNwuPfupnVqjudP/L81EKpkucS22UHcUnYoW5ilwjDfNxONKRs9YSvaSYVH6Bybs3Cbd53aRMFT6tBaAXXOLgnpn0q0KftNjmczXATXDYLKrPQrsWMgrQLfF1j5CO5NX9hlVzQKnQkcWGk/9dBuOKuMb1e8mvcJRIaYrI7mgap7UYN5FotrNOpe6/9DP1q7GAn0KgFgKuCSzmLcSYt+CWffYjAVW3SuElvtS1zwiUGZkUuVAVbKuZWebkNuVkQIpJGzlslLIo+FX88EdpQCc7O4rstGu0LDLPMyHrvjvSrvXgX8mu61AdYi5Mo166+GLnZvLbIiT/oZqqw2gFcxU1Yh9og+PqxXxJJ8emYWKExDpaeE42SKy3k/3eU2dIGf+qkFx9Cl4R9ra48gBvATtpF3FiUX22Qa3Mgjs0Y69uTX1i7+uOxdnPRaZSTpU+l//dLZguz1Zb+DhlOzFcSaLiPkFbcn5zESe1GOfuSNTC7nWnV2YR3JqPzwwTfvEeFn68A1xaeM3t8X9Tl/WAXCa3D+dwwh9B+L2NYKdOF94LP4PeMw3l+g7oQaEW8xeQaUNaF+UdAkOjSkvs0 R3o7P9mP 4NFdWqryir3k+Em2hFgRwbjIWRFiZsiIC9j8mO8Ama+NgENlk2p+CydJsTRvG5mIqd6d0jtFQ4Pz6ko/RcbhV423E4kRZHuN3KNNV6HLcNqrvrOJ0wMablsMuTR6Wt5iOb2ln2WaTDHxaZj/w9qOqoc0dyAuhmVpMiZw46ngTRwGI9vS/gzjrU9CA4jeHucQN0h2HSLMYxQ5USF25HSs72kQ0MPyb6aD5OqA+PcUE++xQDGkuyUL2wwJzT14OV3XROG4e1dDCKNCuyvlaphBOJEXsGo3RKRrC3uR/b7odllmwuNJGd4FAuQpC4DC1QQUpHB1twnQnTYqw5KmJRhuxrlWX3d0PbCFiDMul/LOhBfPxtfggaNKdxP2BsW+g01PPxoSjnqicF4WslMNlO1u8m/EONOKAu3bsEOZ5/aqv/8f8OsCifFgxfXC15XL8D0HBaLSGnGWCe3VNkeuKKeYGlOc7v1ckdSuK+/9KrKLQyT/tkywZiPdj2CdM1kRKDyNPYnRq X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The patient module check inside add_unformed_module() is large enough as we need it. It is a bit hard to read too, so just move it to a helper and do the inverse checks first to help shift the code and make it easier to read. The new helper then is module_patient_check_exists(). To make this work we need to mvoe the finished_loading() up, we do that without making any functional changes to that routine. Reviewed-by: David Hildenbrand Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 112 +++++++++++++++++++++++-------------------- 1 file changed, 60 insertions(+), 52 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 32554d8a5791..75b23257128d 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2447,27 +2447,6 @@ static int post_relocation(struct module *mod, const struct load_info *info) return module_finalize(info->hdr, info->sechdrs, mod); } -/* Is this module of this name done loading? No locks held. */ -static bool finished_loading(const char *name) -{ - struct module *mod; - bool ret; - - /* - * The module_mutex should not be a heavily contended lock; - * if we get the occasional sleep here, we'll go an extra iteration - * in the wait_event_interruptible(), which is harmless. - */ - sched_annotate_sleep(); - mutex_lock(&module_mutex); - mod = find_module_all(name, strlen(name), true); - ret = !mod || mod->state == MODULE_STATE_LIVE - || mod->state == MODULE_STATE_GOING; - mutex_unlock(&module_mutex); - - return ret; -} - /* Call module constructors. */ static void do_mod_ctors(struct module *mod) { @@ -2631,6 +2610,63 @@ static int may_init_module(void) return 0; } +/* Is this module of this name done loading? No locks held. */ +static bool finished_loading(const char *name) +{ + struct module *mod; + bool ret; + + /* + * The module_mutex should not be a heavily contended lock; + * if we get the occasional sleep here, we'll go an extra iteration + * in the wait_event_interruptible(), which is harmless. + */ + sched_annotate_sleep(); + mutex_lock(&module_mutex); + mod = find_module_all(name, strlen(name), true); + ret = !mod || mod->state == MODULE_STATE_LIVE + || mod->state == MODULE_STATE_GOING; + mutex_unlock(&module_mutex); + + return ret; +} + +/* Must be called with module_mutex held */ +static int module_patient_check_exists(const char *name) +{ + struct module *old; + int err = 0; + + old = find_module_all(name, strlen(name), true); + if (old == NULL) + return 0; + + if (old->state == MODULE_STATE_COMING || + old->state == MODULE_STATE_UNFORMED) { + /* Wait in case it fails to load. */ + mutex_unlock(&module_mutex); + err = wait_event_interruptible(module_wq, + finished_loading(name)); + mutex_lock(&module_mutex); + if (err) + return err; + + /* The module might have gone in the meantime. */ + old = find_module_all(name, strlen(name), true); + } + + /* + * We are here only when the same module was being loaded. Do + * not try to load it again right now. It prevents long delays + * caused by serialized module load failures. It might happen + * when more devices of the same type trigger load of + * a particular module. + */ + if (old && old->state == MODULE_STATE_LIVE) + return -EEXIST; + return -EBUSY; +} + /* * We try to place it in the list now to make sure it's unique before * we dedicate too many resources. In particular, temporary percpu @@ -2639,41 +2675,14 @@ static int may_init_module(void) static int add_unformed_module(struct module *mod) { int err; - struct module *old; mod->state = MODULE_STATE_UNFORMED; mutex_lock(&module_mutex); - old = find_module_all(mod->name, strlen(mod->name), true); - if (old != NULL) { - if (old->state == MODULE_STATE_COMING - || old->state == MODULE_STATE_UNFORMED) { - /* Wait in case it fails to load. */ - mutex_unlock(&module_mutex); - err = wait_event_interruptible(module_wq, - finished_loading(mod->name)); - if (err) - goto out_unlocked; - - /* The module might have gone in the meantime. */ - mutex_lock(&module_mutex); - old = find_module_all(mod->name, strlen(mod->name), - true); - } - - /* - * We are here only when the same module was being loaded. Do - * not try to load it again right now. It prevents long delays - * caused by serialized module load failures. It might happen - * when more devices of the same type trigger load of - * a particular module. - */ - if (old && old->state == MODULE_STATE_LIVE) - err = -EEXIST; - else - err = -EBUSY; + err = module_patient_check_exists(mod->name); + if (err) goto out; - } + mod_update_bounds(mod); list_add_rcu(&mod->list, &modules); mod_tree_insert(mod); @@ -2681,7 +2690,6 @@ static int add_unformed_module(struct module *mod) out: mutex_unlock(&module_mutex); -out_unlocked: return err; } From patchwork Fri Apr 14 05:08:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13210934 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70344C77B73 for ; Fri, 14 Apr 2023 05:09:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AF3FC900006; Fri, 14 Apr 2023 01:08:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A7D00900003; Fri, 14 Apr 2023 01:08:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 85895900006; Fri, 14 Apr 2023 01:08:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 69593900003 for ; Fri, 14 Apr 2023 01:08:56 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 3BD33AAC09 for ; Fri, 14 Apr 2023 05:08:56 +0000 (UTC) X-FDA: 80678817072.24.3390239 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf23.hostedemail.com (Postfix) with ESMTP id 4E51C140003 for ; Fri, 14 Apr 2023 05:08:54 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=jr62aZ4Z; spf=none (imf23.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681448934; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+eH6vPjQnVg0gd9Z+8M2Xml1tMtTa8mkMxVhyAh1QaU=; b=Qxxcf/OEgLw/F1/gvrNfScXvqHcCaxC3rlzi88n7LbqitLCBOhPlm6CKvOF6aQ59T0cL/Z aedsGrN7Go+yuH2fW4PeE7+/vt3DwcS7aaFqVMVRUjNrVyESBAPYnZAzBRBLjs6C90eFmv 6jxxYqNYR1ON2WXTgek0Y4C4sBDhB/A= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=jr62aZ4Z; spf=none (imf23.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681448934; a=rsa-sha256; cv=none; b=ptx5kFDyLnPQZbFPvVitS1BI+ivVyFIbOjtOGbSEfKrPdnGW+KoOMC4YvAxT+7UqMBG1Hy gdmujt62wy3F4N9XI39h7XklYIvLEgnCrw+gYBKEo6P90dVZSQIhSEStYjTB37gv4Ei37f Ljg4akUC7cv/SwlrF3ekH/tHrR/EqhE= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=+eH6vPjQnVg0gd9Z+8M2Xml1tMtTa8mkMxVhyAh1QaU=; b=jr62aZ4ZhbxTHeGx+az03Y7Z2H mE0FKRh3Wq5AgJ9nNMRgW/t6nicvUARDONfuKcc6hLKYIA2IYnRFSXiT72Ugdzd0payickWrMihpU /PYjePjCAWim2gR9dsaLVBAHpDCDk7Mf5rtPISsNwPHs7BGMJQoqOGVW4cxZe1UsM8EzQq6zeBDXT cg/KD/t3u3UnsfYCnW5Q3IQF0HFFJQvDI+jaxOCpoUPsPhyJ0A2e8sMiBBu5edLVNE+nzETvlqX0l xawVPM6jKWkm+Xd2qbFCHrQlp9vnOH050+y8Ngyr3fa14vwbXZYPIery2MRk+ENqgrQcVxyFWCr1K leJuRxPA==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pnBfp-008KKN-2w; Fri, 14 Apr 2023 05:08:37 +0000 From: Luis Chamberlain To: david@redhat.com, patches@lists.linux.dev, linux-modules@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, pmladek@suse.com, petr.pavlu@suse.com, prarit@redhat.com, torvalds@linux-foundation.org, gregkh@linuxfoundation.org, rafael@kernel.org Cc: christophe.leroy@csgroup.eu, tglx@linutronix.de, peterz@infradead.org, song@kernel.org, rppt@kernel.org, dave@stgolabs.net, willy@infradead.org, vbabka@suse.cz, mhocko@suse.com, dave.hansen@linux.intel.com, colin.i.king@gmail.com, jim.cromie@gmail.com, catalin.marinas@arm.com, jbaron@akamai.com, rick.p.edgecombe@intel.com, mcgrof@kernel.org Subject: [PATCH v3 3/4] module: add debug stats to help identify memory pressure Date: Thu, 13 Apr 2023 22:08:35 -0700 Message-Id: <20230414050836.1984746-4-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230414050836.1984746-1-mcgrof@kernel.org> References: <20230414050836.1984746-1-mcgrof@kernel.org> MIME-Version: 1.0 X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 4E51C140003 X-Stat-Signature: hgcz75hg98rmr5c4s4knww5jozh4xxz8 X-Rspam-User: X-HE-Tag: 1681448934-98984 X-HE-Meta: U2FsdGVkX1/1s4HQ3ryU5K5xoCm+/RZ/iukfSIaqeXEgLAQVFP7tucHkqiTf1z83Knn0eXS+4QMB3ND0lyYf/kykEw5Ivz+ax3HPcoZ5/NgZeGTSlBSaP77IZoxTQ+brJ9CW4WXwsCt5SxH0NVGxp1yZSSL+gkL1zidPqp9uX/j5op5QLTxcXuXp33YffB78jPkqcgulB5wNJ26eoA32qOvSl3EDq1OyXjJRnfVApmiZWMzqXzhm65tBr4X6XdKiPdded0rjB5slENILq+TyirtY/yL6J9/kd7troIhUnLPwbsRhyvhoXRV4OReEbjtv/8Scb+dPyoFfGAuPZEfJtDi1DjElKbAdgccwlWVACJc96zr6Y/sSaQVi5waWLECc0I6Y0qvKqrv1NbozaMJKy0eQWiZcRN/izJmGqbcGgd0L71RsQlr80aSA6xMHdQaB9wUouSfkq+cWjSnJ6Hf0O4sincirwJeswgM6ZEaLLiJXjqENqbnnDSZ1gJFAVeOTD/ZctmEd/czRaxDdNw7shrpn6MkJ2RTb6u3/rohyM4tzTgO1xfaVvv+JFgsXL6goxMjKUhy3OVMaquywQL3H0JKMy/2GyeqLd9gSKHMadwKXtuCHkrfs2mSrp/0Y4OF8r4PcQIgngq6hYfZbMT2Ow3EXwS6wfHz25/GnqvirSO9eYn4XQQIVcxZvJPiih37BhINFlpxg118H6wRGCiptNKjhwCs6SsSLqMH158tV8yesXdDE8H+j1QQLta3cr298yMiQh4jyyKHdH96m/OrxT6bPtKZB62IQ6dpX6+vbNmQNoZoS8PGMcDMOZw+f9rlNpl1oODCpf5zP6ronK+v7szncN1seIz3zoeVLhWoC9ZKkdhaCJOqmoj0NQbmQlNR5TZ7VEKexZvZvFmWL8h0rXOwbWEH4ItsEtg2jsDo3JpTFkqoudVtyccou36ELlYpRVH2wzHp5tsLr3tfVv2p DMViYdGe tLP07ntajwjsvgrpMcsWHymfyMrNFYZ4gB9cTOdJeuuWUjDTbo+mz+RYOjPLk9z1bmNZ0IGT6OePm3jA5C9dI1EtdfcOA9Xi5bumHyg586n2wowx7KSFhuCCb9pVYIzppr1OQ+JwHgDexkM5FvDDj1O69QLQqA5smETdXrt+pyy8sA+fNaIFYY7pkGIxGO/Zui3QpH6cRt/VSvsweJszwHyMJ4SPDNDlqSoX0ynjum1TVnA1QQstLEsGfuTq/gIMxcAwZpu3ARw4y0iR49+GNpfGwm1mFwEQpFugHSu03kujPm6vRwPylUDV3qj2jFYg4R4Shp6LpQ0ezKyjxmiayJriK0SiA0/g0L+reGDtUaqTozfNwJPvymTXwlB7BKBtMl1MRYW3ubjdRIwSB9P/iFBVlxYQqVyp8Xeqk/poe8vM+xp3SRI/SsZDpGXAIiyIZUTGO10CBOwQFUG8oV/dou1ekiqPVYRS0FLuTJIE0FzhnhfTuK/Zqe8naDYl0gXik5Apm X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Loading modules with finit_module() can end up using vmalloc(), vmap() and vmalloc() again, for a total of up to 3 separate allocations in the worst case for a single module. We always kernel_read*() the module, that's a vmalloc(). Then vmap() is used for the module decompression, and if so the last read buffer is freed as we use the now decompressed module buffer to stuff data into our copy module. The last allocation is specific to each architectures but pretty much that's generally a series of vmalloc() calls or a variation of vmalloc to handle ELF sections with special permissions. Evaluation with new stress-ng module support [1] with just 100 ops is proving that you can end up using GiBs of data easily even with all care we have in the kernel and userspace today in trying to not load modules which are already loaded. 100 ops seems to resemble the sort of pressure a system with about 400 CPUs can create on module loading. Although issues relating to duplicate module requests due to each CPU inucurring a new module reuest is silly and some of these are being fixed, we currently lack proper tooling to help diagnose easily what happened, when it happened and who likely is to blame -- userspace or kernel module autoloading. Provide an initial set of stats which use debugfs to let us easily scrape post-boot information about failed loads. This sort of information can be used on production worklaods to try to optimize *avoiding* redundant memory pressure using finit_module(). There's a few examples that can be provided: A 255 vCPU system without the next patch in this series applied: Startup finished in 19.143s (kernel) + 7.078s (userspace) = 26.221s graphical.target reached after 6.988s in userspace And 13.58 GiB of virtual memory space lost due to failed module loading: root@big ~ # cat /sys/kernel/debug/modules/stats Mods ever loaded 67 Mods failed on kread 0 Mods failed on decompress 0 Mods failed on becoming 0 Mods failed on load 1411 Total module size 11464704 Total mod text size 4194304 Failed kread bytes 0 Failed decompress bytes 0 Failed becoming bytes 0 Failed kmod bytes 14588526272 Virtual mem wasted bytes 14588526272 Average mod size 171115 Average mod text size 62602 Average fail load bytes 10339140 Duplicate failed modules: module-name How-many-times Reason kvm_intel 249 Load kvm 249 Load irqbypass 8 Load crct10dif_pclmul 128 Load ghash_clmulni_intel 27 Load sha512_ssse3 50 Load sha512_generic 200 Load aesni_intel 249 Load crypto_simd 41 Load cryptd 131 Load evdev 2 Load serio_raw 1 Load virtio_pci 3 Load nvme 3 Load nvme_core 3 Load virtio_pci_legacy_dev 3 Load virtio_pci_modern_dev 3 Load t10_pi 3 Load virtio 3 Load crc32_pclmul 6 Load crc64_rocksoft 3 Load crc32c_intel 40 Load virtio_ring 3 Load crc64 3 Load The following screen shot, of a simple 8vcpu 8 GiB KVM guest with the next patch in this series applied, shows 226.53 MiB are wasted in virtual memory allocations which due to duplicate module requests during boot. It also shows an average module memory size of 167.10 KiB and an an average module .text + .init.text size of 61.13 KiB. The end shows all modules which were detected as duplicate requests and whether or not they failed early after just the first kernel_read*() call or late after we've already allocated the private space for the module in layout_and_allocate(). A system with module decompression would reveal more wasted virtual memory space. We should put effort now into identifying the source of these duplicate module requests and trimming these down as much possible. Larger systems will obviously show much more wasted virtual memory allocations. root@kmod ~ # cat /sys/kernel/debug/modules/stats Mods ever loaded 67 Mods failed on kread 0 Mods failed on decompress 0 Mods failed on becoming 83 Mods failed on load 16 Total module size 11464704 Total mod text size 4194304 Failed kread bytes 0 Failed decompress bytes 0 Failed becoming bytes 228959096 Failed kmod bytes 8578080 Virtual mem wasted bytes 237537176 Average mod size 171115 Average mod text size 62602 Avg fail becoming bytes 2758544 Average fail load bytes 536130 Duplicate failed modules: module-name How-many-times Reason kvm_intel 7 Becoming kvm 7 Becoming irqbypass 6 Becoming & Load crct10dif_pclmul 7 Becoming & Load ghash_clmulni_intel 7 Becoming & Load sha512_ssse3 6 Becoming & Load sha512_generic 7 Becoming & Load aesni_intel 7 Becoming crypto_simd 7 Becoming & Load cryptd 3 Becoming & Load evdev 1 Becoming serio_raw 1 Becoming nvme 3 Becoming nvme_core 3 Becoming t10_pi 3 Becoming virtio_pci 3 Becoming crc32_pclmul 6 Becoming & Load crc64_rocksoft 3 Becoming crc32c_intel 3 Becoming virtio_pci_modern_dev 2 Becoming virtio_pci_legacy_dev 1 Becoming crc64 2 Becoming virtio 2 Becoming virtio_ring 2 Becoming [0] https://github.com/ColinIanKing/stress-ng.git [1] echo 0 > /proc/sys/vm/oom_dump_tasks ./stress-ng --module 100 --module-name xfs Signed-off-by: Luis Chamberlain --- Documentation/core-api/kernel-api.rst | 22 +- kernel/module/Kconfig | 37 +++ kernel/module/Makefile | 1 + kernel/module/decompress.c | 4 + kernel/module/internal.h | 74 +++++ kernel/module/main.c | 65 +++- kernel/module/stats.c | 432 ++++++++++++++++++++++++++ kernel/module/tracking.c | 7 +- 8 files changed, 630 insertions(+), 12 deletions(-) create mode 100644 kernel/module/stats.c diff --git a/Documentation/core-api/kernel-api.rst b/Documentation/core-api/kernel-api.rst index e27728596008..9b3f3e5f5a95 100644 --- a/Documentation/core-api/kernel-api.rst +++ b/Documentation/core-api/kernel-api.rst @@ -220,12 +220,30 @@ relay interface Module Support ============== -Module Loading --------------- +Kernel module auto-loading +-------------------------- .. kernel-doc:: kernel/module/kmod.c :export: +Module debugging +---------------- + +.. kernel-doc:: kernel/module/stats.c + :doc: module debugging statistics overview + +dup_failed_modules - tracks duplicate failed modules +**************************************************** + +.. kernel-doc:: kernel/module/stats.c + :doc: dup_failed_modules - tracks duplicate failed modules + +module statistics debugfs counters +********************************** + +.. kernel-doc:: kernel/module/stats.c + :doc: module statistics debugfs counters + Inter Module support -------------------- diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig index 424b3bc58f3f..ca277b945a67 100644 --- a/kernel/module/Kconfig +++ b/kernel/module/Kconfig @@ -22,6 +22,43 @@ menuconfig MODULES if MODULES +config MODULE_DEBUG + bool "Module debugging" + depends on DEBUG_FS + help + Allows you to enable / disable features which can help you debug + modules. You don't need these options in produciton systems. You can + and probably should enable this prior to making your kernel + produciton ready though. + +if MODULE_DEBUG + +config MODULE_STATS + bool "Module statistics" + depends on DEBUG_FS + help + This option allows you to maintain a record of module statistics. + For example each all modules size, average size, text size, and + failed modules and the size for each of those. For failed + modules we keep track of module which failed due to either the + existing module taking too long to load or that module already + was loaded. + + You should enable this if you are debugging production loads + and want to see if userspace or the kernel is doing stupid things + with loading modules when it shouldn't or if you want to help + optimize userspace / kernel space module autoloading schemes. + You might want to do this because failed modules tend to use + use up significan amount of memory, and so you'd be doing everyone + a favor in avoiding these failure proactively. + + This functionality is also useful for those experimenting with + module .text ELF section optimization. + + If unsure, say N. + +endif # MODULE_DEBUG + config MODULE_FORCE_LOAD bool "Forced module loading" default n diff --git a/kernel/module/Makefile b/kernel/module/Makefile index 5b1d26b53b8d..52340bce497e 100644 --- a/kernel/module/Makefile +++ b/kernel/module/Makefile @@ -21,3 +21,4 @@ obj-$(CONFIG_SYSFS) += sysfs.o obj-$(CONFIG_KGDB_KDB) += kdb.o obj-$(CONFIG_MODVERSIONS) += version.o obj-$(CONFIG_MODULE_UNLOAD_TAINT_TRACKING) += tracking.o +obj-$(CONFIG_MODULE_STATS) += stats.o diff --git a/kernel/module/decompress.c b/kernel/module/decompress.c index 7ddc87bee274..e97232b125eb 100644 --- a/kernel/module/decompress.c +++ b/kernel/module/decompress.c @@ -297,6 +297,10 @@ int module_decompress(struct load_info *info, const void *buf, size_t size) ssize_t data_size; int error; +#if defined(CONFIG_MODULE_STATS) + info->compressed_len = size; +#endif + /* * Start with number of pages twice as big as needed for * compressed data. diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 6ae29bb8836f..9d97a59a9127 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -59,6 +59,9 @@ struct load_info { unsigned long mod_kallsyms_init_off; #endif #ifdef CONFIG_MODULE_DECOMPRESS +#ifdef CONFIG_MODULE_STATS + unsigned long compressed_len; +#endif struct page **pages; unsigned int max_pages; unsigned int used_pages; @@ -143,6 +146,77 @@ static inline bool set_livepatch_module(struct module *mod) #endif } +/** + * enum fail_dup_mod_reason - state at which a duplicate module was detected + * + * @FAIL_DUP_MOD_BECOMING: the module is read properly, passes all checks but + * we've determined that another module with the same name is already loaded + * or being processed on our &modules list. This happens on early_mod_check() + * right before layout_and_allocate(). The kernel would have already + * vmalloc()'d space for the entire module through finit_module(). If + * decompression was used two vmap() spaces were used. These failures can + * happen when userspace has not seen the module present on the kernel and + * tries to load the module multiple times at same time. + * @FAIL_DUP_MOD_LOAD: the module has been read properly, passes all validation + * checks and the kernel determines that the module was unique and because + * of this allocated yet another private kernel copy of the module space in + * layout_and_allocate() but after this determined in add_unformed_module() + * that another module with the same name is already loaded or being processed. + * These failures should be mitigated as much as possible and are indicative + * of really fast races in loading modules. Without module decompression + * they waste twice as much vmap space. With module decompression three + * times the module's size vmap space is wasted. + */ +enum fail_dup_mod_reason { + FAIL_DUP_MOD_BECOMING = 0, + FAIL_DUP_MOD_LOAD, +}; + +#ifdef CONFIG_MODULE_STATS + +#define mod_stat_add_long(count, var) atomic_long_add(count, var) +#define mod_stat_inc(name) atomic_inc(name) + +extern atomic_long_t total_mod_size; +extern atomic_long_t total_text_size; +extern atomic_long_t invalid_kread_bytes; +extern atomic_long_t invalid_decompress_bytes; + +extern atomic_t modcount; +extern atomic_t failed_kreads; +extern atomic_t failed_decompress; +struct mod_fail_load { + struct list_head list; + char name[MODULE_NAME_LEN]; + atomic_long_t count; + unsigned long dup_fail_mask; +}; + +int try_add_failed_module(const char *name, size_t len, enum fail_dup_mod_reason reason); +void mod_stat_bump_invalid(struct load_info *info, int flags); +void mod_stat_bump_becoming(struct load_info *info, int flags); + +#else + +#define mod_stat_add_long(name, var) +#define mod_stat_inc(name) + +static inline int try_add_failed_module(const char *name, size_t len, + enum fail_dup_mod_reason reason) +{ + return 0; +} + +static inline void mod_stat_bump_invalid(struct load_info *info, int flags) +{ +} + +static inline void mod_stat_bump_becoming(struct load_info *info, int flags) +{ +} + +#endif /* CONFIG_MODULE_STATS */ + #ifdef CONFIG_MODULE_UNLOAD_TAINT_TRACKING struct mod_unload_taint { struct list_head list; diff --git a/kernel/module/main.c b/kernel/module/main.c index 75b23257128d..5642d77657a0 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include "internal.h" @@ -87,6 +88,8 @@ struct symsearch { enum mod_license license; }; +struct dentry *mod_debugfs_root; + /* * Bounds of module memory, for speeding up __module_address. * Protected by module_mutex. @@ -2500,6 +2503,18 @@ static noinline int do_init_module(struct module *mod) { int ret = 0; struct mod_initfree *freeinit; +#if defined(CONFIG_MODULE_STATS) + unsigned int text_size = 0, total_size = 0; + + for_each_mod_mem_type(type) { + const struct module_memory *mod_mem = &mod->mem[type]; + if (mod_mem->size) { + total_size += mod_mem->size; + if (type == MOD_TEXT || type == MOD_INIT_TEXT) + text_size += mod->mem[type].size; + } + } +#endif freeinit = kmalloc(sizeof(*freeinit), GFP_KERNEL); if (!freeinit) { @@ -2561,6 +2576,7 @@ static noinline int do_init_module(struct module *mod) mod->mem[type].base = NULL; mod->mem[type].size = 0; } + #ifdef CONFIG_DEBUG_INFO_BTF_MODULES /* .BTF is not SHF_ALLOC and will get removed, so sanitize pointer */ mod->btf_data = NULL; @@ -2584,6 +2600,11 @@ static noinline int do_init_module(struct module *mod) mutex_unlock(&module_mutex); wake_up_all(&module_wq); + mod_stat_add_long(text_size, &total_text_size); + mod_stat_add_long(total_size, &total_mod_size); + + mod_stat_inc(&modcount); + return 0; fail_free_freeinit: @@ -2599,6 +2620,7 @@ static noinline int do_init_module(struct module *mod) ftrace_release_mod(mod); free_module(mod); wake_up_all(&module_wq); + return ret; } @@ -2632,7 +2654,8 @@ static bool finished_loading(const char *name) } /* Must be called with module_mutex held */ -static int module_patient_check_exists(const char *name) +static int module_patient_check_exists(const char *name, + enum fail_dup_mod_reason reason) { struct module *old; int err = 0; @@ -2655,6 +2678,9 @@ static int module_patient_check_exists(const char *name) old = find_module_all(name, strlen(name), true); } + if (try_add_failed_module(name, strlen(name), reason)) + pr_warn("Could not add fail-tracking for module: %s\n", name); + /* * We are here only when the same module was being loaded. Do * not try to load it again right now. It prevents long delays @@ -2679,7 +2705,7 @@ static int add_unformed_module(struct module *mod) mod->state = MODULE_STATE_UNFORMED; mutex_lock(&module_mutex); - err = module_patient_check_exists(mod->name); + err = module_patient_check_exists(mod->name, FAIL_DUP_MOD_LOAD); if (err) goto out; @@ -2800,6 +2826,7 @@ static int load_module(struct load_info *info, const char __user *uargs, int flags) { struct module *mod; + bool module_allocated = false; long err = 0; char *after_dashes; @@ -2839,6 +2866,8 @@ static int load_module(struct load_info *info, const char __user *uargs, goto free_copy; } + module_allocated = true; + audit_log_kern_module(mod->name); /* Reserve our place in the list. */ @@ -2983,6 +3012,7 @@ static int load_module(struct load_info *info, const char __user *uargs, synchronize_rcu(); mutex_unlock(&module_mutex); free_module: + mod_stat_bump_invalid(info, flags); /* Free lock-classes; relies on the preceding sync_rcu() */ for_class_mod_mem_type(type, core_data) { lockdep_free_key_range(mod->mem[type].base, @@ -2991,6 +3021,13 @@ static int load_module(struct load_info *info, const char __user *uargs, module_deallocate(mod, info); free_copy: + /* + * The info->len is always set. We distinguish between + * failures once the proper module was allocated and + * before that. + */ + if (!module_allocated) + mod_stat_bump_becoming(info, flags); free_copy(info, flags); return err; } @@ -3009,8 +3046,11 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, umod, len, uargs); err = copy_module_from_user(umod, len, &info); - if (err) + if (err) { + mod_stat_inc(&failed_kreads); + mod_stat_add_long(len, &invalid_kread_bytes); return err; + } return load_module(&info, uargs, 0); } @@ -3035,14 +3075,20 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) len = kernel_read_file_from_fd(fd, 0, &buf, INT_MAX, NULL, READING_MODULE); - if (len < 0) + if (len < 0) { + mod_stat_inc(&failed_kreads); + mod_stat_add_long(len, &invalid_kread_bytes); return len; + } if (flags & MODULE_INIT_COMPRESSED_FILE) { err = module_decompress(&info, buf, len); vfree(buf); /* compressed data is no longer needed */ - if (err) + if (err) { + mod_stat_inc(&failed_decompress); + mod_stat_add_long(len, &invalid_decompress_bytes); return err; + } } else { info.hdr = buf; info.len = len; @@ -3216,3 +3262,12 @@ void print_modules(void) last_unloaded_module.taints); pr_cont("\n"); } + +#ifdef CONFIG_MODULE_DEBUG +static int module_debugfs_init(void) +{ + mod_debugfs_root = debugfs_create_dir("modules", NULL); + return 0; +} +module_init(module_debugfs_init); +#endif diff --git a/kernel/module/stats.c b/kernel/module/stats.c new file mode 100644 index 000000000000..d4b5b2b9e6ad --- /dev/null +++ b/kernel/module/stats.c @@ -0,0 +1,432 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Debugging module statistics. + * + * Copyright (C) 2023 Luis Chamberlain + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "internal.h" + +/** + * DOC: module debugging statistics overview + * + * Enabling CONFIG_MODULE_STATS enables module debugging statistics which + * are useful to monitor and root cause memory pressure issues with module + * loading. These statistics are useful to allow us to improve production + * workloads. + * + * The current module debugging statistics supported help keep track of module + * loading failures to enable improvements either for kernel module + * auto-loading usage (request_module()) or interactions with userspace. + * Statistics are provided to track of all possible failures in the + * finit_module() path and memory wasted in this process space. Each of the + * failure counters are associated to a type of module loading failure which + * is known to incur a certain amount of memory allocation loss. In the worst + * case loading a module will fail after a 3 step memory allocation process: + * + * a) memory allocated with kernel_read_file_from_fd() + * b) module decompression processes the file read from + * kernel_read_file_from_fd(), and vmap() is used to map + * the decompressed module to a new local buffer which represents + * a copy of the decompressed module passed from userspace. The buffer + * from kernel_read_file_from_fd() is freed right away. + * c) layout_and_allocate() allocates space for the final resting + * place where we would keep the module if it were to be processed + * successfully. + * + * If a failure occurs after these three different allocations only one + * counters will be incremetned with the summation of the lost bytes incurred + * during this failure. Likewise, if a module loading failed only after step b) + * a separate counter is used and incremented for the bytes lost during both + * of those allocations. + * + * Virtual memory space can be limited, for example on x86 virtual memory size + * defaults to 128 MiB. We should strive to limit and avoid wasting virtual + * memory allocations when possible. These module dubugging statistics help + * to evaluate how much memory is being wasted on bootup due to module loading + * failures. + * + * All counters are designed to be incremental. Atomic counters are used so to + * remain simple and avoid delays and deadlocks. + */ + +extern struct dentry *mod_debugfs_root; + +/** + * DOC: dup_failed_modules - tracks duplicate failed modules + * + * Linked list of modules which failed to be loaded because an already existing + * module with the same name was already being processed or already loaded. + * The finit_module() system call incurs heavy virtual memory allocations. In + * the worst case an finit_module() system call can end up allocating virtual + * memory 3 times: + * + * 1) kernel_read_file_from_fd() call uses vmalloc() + * 2) optional module decompression uses vmap() + * 3) layout_and allocate() can use vzalloc() or an arch specific variation of + * vmalloc to deal with ELF sections requiring special permissions + * + * In practice on a typical boot today most finit_module() calls fail due to + * the module with the same name already being loaded or about to be processed. + * All virtual memory allocated to these failed modules will be lost with + * no functional use. + * + * To help with this the dup_failed_modules allows us to track modules which + * failed to load due to the fact that a module already was loaded or being + * processed already. There are only two points at which we can fail such + * calls, we list them below along with the number of virtual memory allocation + * calls: + * + * a) FAIL_DUP_MOD_BECOMING: at the end of early_mod_check() before + * layout_and_allocate(). This does not yet happen. + * - with module decompression: 2 virtual memory allocation calls + * - without module decompression: 1 virtual memory allocation calls + * b) FAIL_DUP_MOD_LOAD: after layout_and_allocate() on add_unformed_module() + * - with module decompression 3 virtual memory allocation calls + * - without module decompression 2 virtual memory allocation calls + * + * We should strive to get this list to be as small as possible. If this list + * is not empty it is a reflection of possible work or optimizations possible + * either in-kernel or in userspace. + */ +static LIST_HEAD(dup_failed_modules); + +/** + * DOC: module statistics debugfs counters + * + * The total amount of wasted virtual memory allocation space during module + * loading can be computed by adding the total from the summation: + * + * * @invalid_kread_bytes + + * @invalid_decompress_bytes + + * @invalid_becoming_bytes + + * @invalid_mod_bytes + * + * The following debugfs counters are available to inspect module loading + * failures: + * + * * total_mod_size: total bytes ever used by all modules we've dealt with on + * this system + * * total_text_size: total bytes of the .text and .init.text ELF section + * sizes we've dealt with on this system + * * invalid_kread_bytes: bytes wasted in failures which happen due to + * memory allocations with the initial kernel_read_file_from_fd(). + * kernel_read_file_from_fd() uses vmalloc() and so these are wasted + * vmalloc() memory allocations. These should typically not happen unless + * your system is under memory pressure. + * * invalid_decompress_bytes: number of bytes wasted due to + * memory allocations in the module decompression path that use vmap(). + * These typically should not happen unless your system is under memory + * presssure. + * * invalid_becoming_bytes: total number of bytes wasted due to + * allocations used to read the kernel module userspace wants us to read + * before we promote it to be processed to be added to our @modules linked + * list. These failures could in theory happen in if we had a check in between + * between a successful kernel_read_file_from_fd() call and right before + * we allocate the our private memory for the module which would be kept if + * the module is successfully loaded. The most common reason for this failure + * is when userspace is racing to load a module which it does not yet see + * loaded. The first module to succeed in add_unformed_module() will add a + * module to our &modules list and subsequent loads of modules with the + * same name will error out at the end of early_mod_check(). A check + * for module_patient_check_exists() at the end of early_mod_check() could be + * added to prevent duplicate allocations on layout_and_allocate() for + * modules already being processed. These duplicate failed modules are + * non-fatal, however they typically are indicative of userspace not seeing + * a module in userspace loaded yet and unecessarily trying to load a + * module before the kernel even has a chance to begin to process prior + * requests. Although duplicate failures can be non-fatal, we should try to + * reduce vmalloc() pressure proactively, so ideally after boot this will + * be close to as 0 as possible. If module decompression was used we also + * add to this counter the cost of the initial kernel_read_file_from_fd() + * of the compressed module. If module decompression was not used the + * value represents the total wasted allocations in kernel_read_file_from_fd() + * calls for these type of failures. These failures can occur because: + * + * * module_sig_check() - module signature checks + * * elf_validity_cache_copy() - some ELF validation issue + * * early_mod_check(): + * + * * blacklisting + * * failed to rewrite section headers + * * version magic + * * live patch requirements didn't check out + * * the module was detected as being already present + * + * * invalid_mod_bytes: these are the total number of bytes lost due to + * failures after we did all the sanity checks of the module which userspace + * passed to us and after our first check that the module is unique. A + * module can still fail to load if we detect the module is loaded after we + * allocate space for it with layout_and_allocate(), we do this check right + * before processing the module as live and run its initialiation routines. + * Note that you have a failure of this type it also means the respective + * kernel_read_file_from_fd() memory space was also wasted, and so we + * increment this counter with twice the size of the module. Additionally + * if you used module decompression the size of the compressed module is + * also added to this counter. + * + * * modcount: how many modules we've loaded in our kernel life time + * * failed_kreads: how many modules failed due to failed kernel_read_file_from_fd() + * * failed_decompress: how many failed module decompression attempts we've had. + * These really should not happen unless your compression / decompression + * might be broken. + * * failed_becoming: how many modules failed after we kernel_read_file_from_fd() + * it and before we allocate memory for it with layout_and_allocate(). This + * counter is never incremented if you manage to validate the module and + * call layout_and_allocate() for it. + * * failed_load_modules: how many modules failed once we've allocated our + * private space for our module using layout_and_allocate(). These failures + * should hopefully mostly be dealt with already. Races in theory could + * still exist here, but it would just mean the kernel had started processing + * two threads concurrently up to early_mod_check() and then one just one + * thread won. These failures are good signs the kernel or userspace is + * doing something seriously stupid or that could be improved. We should + * strive to fix these, but it is perhaps not easy to fix them. + * A recent example are the modules requests incurred for frequency modules, + * a separate module request was being issued for each CPU on a system. + */ + +atomic_long_t total_mod_size; +atomic_long_t total_text_size; +atomic_long_t invalid_kread_bytes; +atomic_long_t invalid_decompress_bytes; +static atomic_long_t invalid_becoming_bytes; +static atomic_long_t invalid_mod_bytes; +atomic_t modcount; +atomic_t failed_kreads; +atomic_t failed_decompress; +static atomic_t failed_becoming; +static atomic_t failed_load_modules; + +static const char *mod_fail_to_str(struct mod_fail_load *mod_fail) +{ + if (test_bit(FAIL_DUP_MOD_BECOMING, &mod_fail->dup_fail_mask) && + test_bit(FAIL_DUP_MOD_LOAD, &mod_fail->dup_fail_mask)) + return "Becoming & Load"; + if (test_bit(FAIL_DUP_MOD_BECOMING, &mod_fail->dup_fail_mask)) + return "Becoming"; + if (test_bit(FAIL_DUP_MOD_LOAD, &mod_fail->dup_fail_mask)) + return "Load"; + return "Bug-on-stats"; +} + +void mod_stat_bump_invalid(struct load_info *info, int flags) +{ + atomic_long_add(info->len * 2, &invalid_mod_bytes); + atomic_inc(&failed_load_modules); +#if defined(CONFIG_MODULE_DECOMPRESS) + if (flags & MODULE_INIT_COMPRESSED_FILE) + atomic_long_add(info->compressed_len, &invalid_mod_byte); +#endif +} + +void mod_stat_bump_becoming(struct load_info *info, int flags) +{ + atomic_inc(&failed_becoming); + atomic_long_add(info->len, &invalid_becoming_bytes); +#if defined(CONFIG_MODULE_DECOMPRESS) + if (flags & MODULE_INIT_COMPRESSED_FILE) + atomic_long_add(info->compressed_len, &invalid_becoming_bytes); +#endif +} + +int try_add_failed_module(const char *name, size_t len, enum fail_dup_mod_reason reason) +{ + struct mod_fail_load *mod_fail; + + list_for_each_entry_rcu(mod_fail, &dup_failed_modules, list, + lockdep_is_held(&module_mutex)) { + if (strlen(mod_fail->name) == len && !memcmp(mod_fail->name, name, len)) { + atomic_long_inc(&mod_fail->count); + __set_bit(reason, &mod_fail->dup_fail_mask); + goto out; + } + } + + mod_fail = kzalloc(sizeof(*mod_fail), GFP_KERNEL); + if (!mod_fail) + return -ENOMEM; + memcpy(mod_fail->name, name, len); + __set_bit(reason, &mod_fail->dup_fail_mask); + atomic_long_inc(&mod_fail->count); + list_add_rcu(&mod_fail->list, &dup_failed_modules); +out: + return 0; +} + +/* + * At 64 bytes per module and assuming a 1024 bytes preamble we can fit the + * 112 module prints within 8k. + * + * 1024 + (64*112) = 8k + */ +#define MAX_PREAMBLE 1024 +#define MAX_FAILED_MOD_PRINT 112 +#define MAX_BYTES_PER_MOD 64 +static ssize_t read_file_mod_stats(struct file *file, char __user *user_buf, + size_t count, loff_t *ppos) +{ + struct mod_fail_load *mod_fail; + unsigned int len, size, count_failed = 0; + char *buf; + u32 live_mod_count, fkreads, fdecompress, fbecoming, floads; + u64 total_size, text_size, ikread_bytes, ibecoming_bytes, idecompress_bytes, imod_bytes, + total_virtual_lost; + + live_mod_count = atomic_read(&modcount); + fkreads = atomic_read(&failed_kreads); + fdecompress = atomic_read(&failed_decompress); + fbecoming = atomic_read(&failed_becoming); + floads = atomic_read(&failed_load_modules); + + total_size = atomic64_read(&total_mod_size); + text_size = atomic64_read(&total_text_size); + ikread_bytes = atomic64_read(&invalid_kread_bytes); + idecompress_bytes = atomic64_read(&invalid_decompress_bytes); + ibecoming_bytes = atomic64_read(&invalid_becoming_bytes); + imod_bytes = atomic64_read(&invalid_mod_bytes); + + total_virtual_lost = ikread_bytes + idecompress_bytes + ibecoming_bytes + imod_bytes; + + size = MAX_PREAMBLE + min((unsigned int)(floads + fbecoming) * MAX_BYTES_PER_MOD, + (unsigned int) MAX_FAILED_MOD_PRINT * MAX_BYTES_PER_MOD); + buf = kzalloc(size, GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + + /* The beginning of our debug preamble */ + len = scnprintf(buf + 0, size - len, "%25s\t%u\n", "Mods ever loaded", live_mod_count); + + len += scnprintf(buf + len, size - len, "%25s\t%u\n", "Mods failed on kread", fkreads); + + len += scnprintf(buf + len, size - len, "%25s\t%u\n", "Mods failed on decompress", + fdecompress); + len += scnprintf(buf + len, size - len, "%25s\t%u\n", "Mods failed on becoming", fbecoming); + + len += scnprintf(buf + len, size - len, "%25s\t%u\n", "Mods failed on load", floads); + + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Total module size", total_size); + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Total mod text size", text_size); + + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Failed kread bytes", ikread_bytes); + + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Failed decompress bytes", + idecompress_bytes); + + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Failed becoming bytes", ibecoming_bytes); + + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Failed kmod bytes", imod_bytes); + + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Virtual mem wasted bytes", total_virtual_lost); + + if (live_mod_count && total_size) { + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Average mod size", + DIV_ROUND_UP(total_size, live_mod_count)); + } + + if (live_mod_count && text_size) { + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Average mod text size", + DIV_ROUND_UP(text_size, live_mod_count)); + } + + /* + * We use WARN_ON_ONCE() for the counters to ensure we always have parity + * for keeping tabs on a type of failure with one type of byte counter. + * The counters for imod_bytes does not increase for fkreads failures + * for example, and so on. + */ + + WARN_ON_ONCE(ikread_bytes && !fkreads); + if (fkreads && ikread_bytes) { + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Avg fail kread bytes", + DIV_ROUND_UP(ikread_bytes, fkreads)); + } + + WARN_ON_ONCE(ibecoming_bytes && !fbecoming); + if (fbecoming && ibecoming_bytes) { + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Avg fail becoming bytes", + DIV_ROUND_UP(ibecoming_bytes, fbecoming)); + } + + WARN_ON_ONCE(idecompress_bytes && !fdecompress); + if (fdecompress && idecompress_bytes) { + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Avg fail decomp bytes", + DIV_ROUND_UP(idecompress_bytes, fdecompress)); + } + + WARN_ON_ONCE(imod_bytes && !floads); + if (floads && imod_bytes) { + len += scnprintf(buf + len, size - len, "%25s\t%llu\n", "Average fail load bytes", + DIV_ROUND_UP(imod_bytes, floads)); + } + + /* End of our debug preamble header. */ + + /* Catch when we've gone beyond our expected preamble */ + WARN_ON_ONCE(len >= MAX_PREAMBLE); + + if (list_empty(&dup_failed_modules)) + goto out; + + len += scnprintf(buf + len, size - len, "Duplicate failed modules:\n"); + len += scnprintf(buf + len, size - len, "%25s\t%15s\t%25s\n", + "module-name", "How-many-times", "Reason"); + mutex_lock(&module_mutex); + + + list_for_each_entry_rcu(mod_fail, &dup_failed_modules, list) { + if (WARN_ON_ONCE(++count_failed >= MAX_FAILED_MOD_PRINT)) + goto out_unlock; + len += scnprintf(buf + len, size - len, "%25s\t%15llu\t%25s\n", mod_fail->name, + atomic64_read(&mod_fail->count), mod_fail_to_str(mod_fail)); + } +out_unlock: + mutex_unlock(&module_mutex); +out: + kfree(buf); + return simple_read_from_buffer(user_buf, count, ppos, buf, len); +} +#undef MAX_PREAMBLE +#undef MAX_FAILED_MOD_PRINT +#undef MAX_BYTES_PER_MOD + +static const struct file_operations fops_mod_stats = { + .read = read_file_mod_stats, + .open = simple_open, + .owner = THIS_MODULE, + .llseek = default_llseek, +}; + +#define mod_debug_add_ulong(name) debugfs_create_ulong(#name, 0400, mod_debugfs_root, (unsigned long *) &name.counter) +#define mod_debug_add_atomic(name) debugfs_create_atomic_t(#name, 0400, mod_debugfs_root, &name) +static int __init module_stats_init(void) +{ + mod_debug_add_ulong(total_mod_size); + mod_debug_add_ulong(total_text_size); + mod_debug_add_ulong(invalid_kread_bytes); + mod_debug_add_ulong(invalid_decompress_bytes); + mod_debug_add_ulong(invalid_becoming_bytes); + mod_debug_add_ulong(invalid_mod_bytes); + + mod_debug_add_atomic(modcount); + mod_debug_add_atomic(failed_kreads); + mod_debug_add_atomic(failed_decompress); + mod_debug_add_atomic(failed_becoming); + mod_debug_add_atomic(failed_load_modules); + + debugfs_create_file("stats", 0400, mod_debugfs_root, mod_debugfs_root, &fops_mod_stats); + + return 0; +} +#undef mod_debug_add_ulong +#undef mod_debug_add_atomic +module_init(module_stats_init); diff --git a/kernel/module/tracking.c b/kernel/module/tracking.c index 26d812e07615..16742d1c630c 100644 --- a/kernel/module/tracking.c +++ b/kernel/module/tracking.c @@ -15,6 +15,7 @@ #include "internal.h" static LIST_HEAD(unloaded_tainted_modules); +extern struct dentry *mod_debugfs_root; int try_add_tainted_module(struct module *mod) { @@ -120,12 +121,8 @@ static const struct file_operations unloaded_tainted_modules_fops = { static int __init unloaded_tainted_modules_init(void) { - struct dentry *dir; - - dir = debugfs_create_dir("modules", NULL); - debugfs_create_file("unloaded_tainted", 0444, dir, NULL, + debugfs_create_file("unloaded_tainted", 0444, mod_debugfs_root, NULL, &unloaded_tainted_modules_fops); - return 0; } module_init(unloaded_tainted_modules_init); From patchwork Fri Apr 14 05:08:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13210933 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04728C77B6E for ; Fri, 14 Apr 2023 05:08:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 832C3900004; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7940D900003; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 46044900006; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2C138900003 for ; Fri, 14 Apr 2023 01:08:54 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id E2845120108 for ; Fri, 14 Apr 2023 05:08:53 +0000 (UTC) X-FDA: 80678816946.06.71BA377 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf22.hostedemail.com (Postfix) with ESMTP id 2F3F7C000D for ; Fri, 14 Apr 2023 05:08:51 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=C37AIqag; spf=none (imf22.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681448932; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qLEgxMN6ICWDkmhEIOtkKRgN1aQApj5a/RWNN7sAccc=; b=5yJiNkGS49qhCXvS8K2V+AKGKm0/2SsXr5NDWsUkQf6rJXbZYto77GrWp8NvYi0TpevFGP Bs1nPIw/QXiCb+GpVKvUvczRm406P4VVQ+Jac+Kzj5fclkXulmbmv5GiLuGSAF/cuCgU8v k1gd60WBMUDYi1PgreUupOQWEiQpRJ0= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=C37AIqag; spf=none (imf22.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681448932; a=rsa-sha256; cv=none; b=F3reseOxXsPRVfgm12d6Y07y5V+wtG9XvA6LNi5XPorBOCmvA26zvwdtJldPRE02mITkPN HoRFEdaIErNBaZWFkV0DFhi4K/ChhSXwt+gbQKxWQH28Ea2dK8EYSPVNN/RmfWMvIfbG7x jGfPDcljnZaFJVRrRqq8zZvibUTMyiM= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=qLEgxMN6ICWDkmhEIOtkKRgN1aQApj5a/RWNN7sAccc=; b=C37AIqag26MylchCjtcpx9snbv wBteBntA0l6QU0vxB9jmY3eJDBs267i5o/HDCU3lG4GuLxJ3bigGdysrGmLoqkCjl0b7UVqZjnbpZ FIraSErwhnGaJki8zoWzye4i3HXoNXYm69S/Ho+gKPASSEv3rHrqNz5u+mbTJ13E+Ui++HDpk/XG1 feNePXCFzO3F7VZyou5mNjSYLbVunw0zfh0KrkhUTmZrvniDJwkeLzDdXlBDJV2kvN7IU/hzRBTqK ItpygBp1+cWa3fujjqmv6GevTtfoONvbrkmdrjps47/uesTahEEAzGIFqLlmVhOtxFiX2UAOpnlAq lG7Rgm8Q==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pnBfq-008KKP-02; Fri, 14 Apr 2023 05:08:38 +0000 From: Luis Chamberlain To: david@redhat.com, patches@lists.linux.dev, linux-modules@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, pmladek@suse.com, petr.pavlu@suse.com, prarit@redhat.com, torvalds@linux-foundation.org, gregkh@linuxfoundation.org, rafael@kernel.org Cc: christophe.leroy@csgroup.eu, tglx@linutronix.de, peterz@infradead.org, song@kernel.org, rppt@kernel.org, dave@stgolabs.net, willy@infradead.org, vbabka@suse.cz, mhocko@suse.com, dave.hansen@linux.intel.com, colin.i.king@gmail.com, jim.cromie@gmail.com, catalin.marinas@arm.com, jbaron@akamai.com, rick.p.edgecombe@intel.com, mcgrof@kernel.org Subject: [PATCH v3 4/4] module: avoid allocation if module is already present and ready Date: Thu, 13 Apr 2023 22:08:36 -0700 Message-Id: <20230414050836.1984746-5-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230414050836.1984746-1-mcgrof@kernel.org> References: <20230414050836.1984746-1-mcgrof@kernel.org> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: 687th98b8hbbun6tpfottsh41njoxsg5 X-Rspamd-Queue-Id: 2F3F7C000D X-HE-Tag: 1681448931-356102 X-HE-Meta: U2FsdGVkX1/kWWCrKvxR6gQvEbH20+ighExHHCKxVb3JhZX7zome7m16L8CAFszS4tnAaLjo1/JjrWn3keiL4AwXcvT47NMNIF5SxWgUjzHF3wwfKAdc+07CZu+qUHmQwW8YYsdv6Zwa4zCsyyqMj0joDl8aZRlCNpfs1V88mjX8bmnPA+SoblEVioC5MZoOF3xCuB3CCHiforNJrbk58bmBVeSe1BlW/YiTNogGZ4LhVqIPCobyWD+g0os0xStIrCIDWCycL9bnN2Wn1mUMI434iqvdLUl50sHBjltxL3HnmZET8QWIpMOhkr18xY/GALKnQYzl7pX8vA+aN6Tr7fbZ21f0/Pyxn6vwjIAO7OTDRuYgCHlhs+PnKOvJYM1jO7PJHh5wYRGFF0+NwDQWIJSDqgUsG1fUbQ5ngJTbuBJeihREWnNvCc/9BQX3XuAYYig311D5ZdFCJhIhMzEaHiEOLWzLGcB/SrhR3VN+k/zQouqd+87lbKm6weyBvx6vCdRdIiFhP+zQc+C1/eXwclCCBsRfq1M3hdBeMMUug/isIabiQRobX4GhrZCzgPL2bm/AYqjotvy5lznJ7U/vUa7wp+jUEBWfVUOuwC3rMDkl0qCBMglENZHuO4Z7rTtFMJXj/ru6/mw7Lj9cBnW8V1k75Qs2rRroWqv/4OwHzSoSFAajWt1uLhJKaNvE7c2Csv5jE4nnicoiUImgnJ9F5PCMftelZ9inXr6PSeXv/DnaniaiCNEI3zuViLO4JOkiaU/4YyppdnHeKuSAvMA/ddypn4krLvkD7BMxK2ZHVM1b5rUV1F2Fuo+mC3umdmObN9ADrleU9HU7aCHQ2k601igumtrQ4l4vptntY7wBiIfTQ1Qr4Xf0rlMGSYSzCDdOP21L8lNXIi/uENA8l9niK3ne9p+sm/64L9sKjf/pOzhTbU+phFhAjibGagW2TrtjHMdz4hqy+zCXWe9e1sC qo+LMqa4 LH13aSSjBtxYLuR94krJJ4NnfyW/4i/lTosX61ZbAM07NbzAkqd1kHWemP8aDHH1jHY2cIJwJVwsE0QCNyne4MPi1E8Uwl8OCLESHpPWZIluQzkEktIO3KgP3iCjUh1q0MakKM+hIZbjSw/IhAtMxhJmtNOClAafhLpnL1dmPmwuRGi7V0h0mtbsxa3u00MwRdCBxbR1vfReQO4rJBV+/JPzSniYIajt/qH/x3YLwTnnjBjKy2KvoqlcpFxkXuoLhJBmkEWAPSPruiO9LDUxPQp14kUlGe5dDLqSwSjtUr9ejvW8YYiEG3XvrQPP9azCco+YxHJfBI+p+cHOxEyP5sFwBFNnxejbyxZ4hCOYa6n1vZAOt75UxDfAI0Sd4NRWOoQ9/PVfp07GlXclU/Ub27oP28uc2cvxGC10DRZBzaC/U4Ayc2WsyQzdsAAyNIN04YseBXRYgtrVymFqq7P9gwns9uj5zDmr9B3epuKHufvJRha/Tjn/ZkoFAiaKmUqibvrZR X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The finit_module() system call can create unnecessary virtual memory pressure for duplicate modules. This is because load_module() can in the worse case allocate more than twice the size of a module in virtual memory. This saves at least a full size of the module in wasted vmalloc space memory by trying to avoid duplicates as soon as we can validate the module name in the read module structure. This can only be an issue if a system is getting hammered with userspace loading modules. There are two ways to load modules typically on systems, one is the kernel moduile auto-loading (*request_module*() calls in-kernel) and the other is things like udev. The auto-loading is in-kernel, but that pings back to userspace to just call modprobe. We already have a way to restrict the amount of concurrent kernel auto-loads in a given time, however that still allows multiple requests for the same module to go through and force two threads in userspace racing to call modprobe for the same exact module. Even though libkmod which both modprobe and udev does check if a module is already loaded prior calling finit_module() races are still possible and this is clearly evident today when you have multiple CPUs. To avoid memory pressure for such stupid cases put a stop gap for them. The *earliest* we can detect duplicates from the modules side of things is once we have blessed the module name, sadly after the first vmalloc allocation. We can check for the module being present *before* a secondary vmalloc() allocation. There is a linear relationship between wasted virtual memory bytes and the number of CPU counts. The reason is that udev ends up racing to call tons of the same modules for each of the CPUs. We can see the different linear relationships between wasted virtual memory and CPU count during after boot in the following graph: +----------------------------------------------------------------------------+ 14GB |-+ + + + + *+ +-| | **** | | *** | | ** | 12GB |-+ ** +-| | ** | | ** | | ** | | ** | 10GB |-+ ** +-| | ** | | ** | | ** | 8GB |-+ ** +-| waste | ** ### | | ** #### | | ** ####### | 6GB |-+ **** #### +-| | * #### | | * #### | | ***** #### | 4GB |-+ ** #### +-| | ** #### | | ** #### | | ** #### | 2GB |-+ ** ##### +-| | * #### | | * #### Before ******* | | **## + + + + After ####### | +----------------------------------------------------------------------------+ 0 50 100 150 200 250 300 CPUs count On the y-axis we can see gigabytes of wasted virtual memory during boot due to duplicate module requests which just end up failing. Trying to infer the slope this ends up being about ~463 MiB per CPU lost prior to this patch. After this patch we only loose about ~230 MiB per CPU, for a total savings of about ~233 MiB per CPU. This is all *just on bootup*! On a 8vcpu 8 GiB RAM system using kdevops and testing against selftests kmod.sh -t 0008 I see a saving in the *highest* side of memory consumption of up to ~ 84 MiB with the Linux kernel selftests kmod test 0008. With the new stress-ng module test I see a 145 MiB difference in max memory consumption with 100 ops. The stress-ng module ops tests can be pretty pathalogical -- it is not realistic, however it was used to finally successfully reproduce issues which are only reported to happen on system with over 400 CPUs [0] by just usign 100 ops on a 8vcpu 8 GiB RAM system. Running out of virtual memory space is no surprise given the above graph, since at least on x86_64 we're capped at 128 MiB, eventually we'd hit a series of errors and once can use the above graph to guestimate when. This of course will vary depending on the features you have enabled. So for instance, enabling KASAN seems to make this much worse. The results with kmod and stress-ng can be observed and visualized below. The time it takes to run the test is also not affected. The kmod tests 0008: The gnuplot is set to a range from 400000 KiB (390 Mib) - 580000 (566 Mib) given the tests peak around that range. cat kmod.plot set term dumb set output fileout set yrange [400000:580000] plot filein with linespoints title "Memory usage (KiB)" Before: root@kmod ~ # /data/linux-next/tools/testing/selftests/kmod/kmod.sh -t 0008 root@kmod ~ # free -k -s 1 -c 40 | grep Mem | awk '{print $3}' > log-0008-before.txt ^C root@kmod ~ # sort -n -r log-0008-before.txt | head -1 528732 So ~516.33 MiB After: root@kmod ~ # /data/linux-next/tools/testing/selftests/kmod/kmod.sh -t 0008 root@kmod ~ # free -k -s 1 -c 40 | grep Mem | awk '{print $3}' > log-0008-after.txt ^C root@kmod ~ # sort -n -r log-0008-after.txt | head -1 442516 So ~432.14 MiB That's about 84 ~MiB in savings in the worst case. The graphs: root@kmod ~ # gnuplot -e "filein='log-0008-before.txt'; fileout='graph-0008-before.txt'" kmod.plot root@kmod ~ # gnuplot -e "filein='log-0008-after.txt'; fileout='graph-0008-after.txt'" kmod.plot root@kmod ~ # cat graph-0008-before.txt 580000 +-----------------------------------------------------------------+ | + + + + + + + | 560000 |-+ Memory usage (KiB) ***A***-| | | 540000 |-+ +-| | | | *A *AA*AA*A*AA *A*AA A*A*A *AA*A*AA*A A | 520000 |-+A*A*AA *AA*A *A*AA*A*AA *A*A A *A+-| |*A | 500000 |-+ +-| | | 480000 |-+ +-| | | 460000 |-+ +-| | | | | 440000 |-+ +-| | | 420000 |-+ +-| | + + + + + + + | 400000 +-----------------------------------------------------------------+ 0 5 10 15 20 25 30 35 40 root@kmod ~ # cat graph-0008-after.txt 580000 +-----------------------------------------------------------------+ | + + + + + + + | 560000 |-+ Memory usage (KiB) ***A***-| | | 540000 |-+ +-| | | | | 520000 |-+ +-| | | 500000 |-+ +-| | | 480000 |-+ +-| | | 460000 |-+ +-| | | | *A *A*A | 440000 |-+A*A*AA*A A A*A*AA A*A*AA*A*AA*A*AA*A*AA*AA*A*AA*A*AA-| |*A *A*AA*A | 420000 |-+ +-| | + + + + + + + | 400000 +-----------------------------------------------------------------+ 0 5 10 15 20 25 30 35 40 The stress-ng module tests: This is used to run the test to try to reproduce the vmap issues reported by David: echo 0 > /proc/sys/vm/oom_dump_tasks ./stress-ng --module 100 --module-name xfs Prior to this commit: root@kmod ~ # free -k -s 1 -c 40 | grep Mem | awk '{print $3}' > baseline-stress-ng.txt root@kmod ~ # sort -n -r baseline-stress-ng.txt | head -1 5046456 After this commit: root@kmod ~ # free -k -s 1 -c 40 | grep Mem | awk '{print $3}' > after-stress-ng.txt root@kmod ~ # sort -n -r after-stress-ng.txt | head -1 4896972 5046456 - 4896972 149484 149484/1024 145.98046875000000000000 So this commit using stress-ng reveals saving about 145 MiB in memory using 100 ops from stress-ng which reproduced the vmap issue reported. cat kmod.plot set term dumb set output fileout set yrange [4700000:5070000] plot filein with linespoints title "Memory usage (KiB)" root@kmod ~ # gnuplot -e "filein='baseline-stress-ng.txt'; fileout='graph-stress-ng-before.txt'" kmod-simple-stress-ng.plot root@kmod ~ # gnuplot -e "filein='after-stress-ng.txt'; fileout='graph-stress-ng-after.txt'" kmod-simple-stress-ng.plot root@kmod ~ # cat graph-stress-ng-before.txt +---------------------------------------------------------------+ 5.05e+06 |-+ + A + + + + + + +-| | * Memory usage (KiB) ***A*** | | * A | 5e+06 |-+ ** ** +-| | ** * * A | 4.95e+06 |-+ * * A * A* +-| | * * A A * * * * A | | * * * * * * *A * * * A * | 4.9e+06 |-+ * * * A*A * A*AA*A A *A **A **A*A *+-| | A A*A A * A * * A A * A * ** | | * ** ** * * * * * * * | 4.85e+06 |-+ A A A ** * * ** *-| | * * * * ** * | | * A * * * * | 4.8e+06 |-+ * * * A A-| | * * * | 4.75e+06 |-+ * * * +-| | * ** | | * + + + + + + ** + | 4.7e+06 +---------------------------------------------------------------+ 0 5 10 15 20 25 30 35 40 root@kmod ~ # cat graph-stress-ng-after.txt +---------------------------------------------------------------+ 5.05e+06 |-+ + + + + + + + +-| | Memory usage (KiB) ***A*** | | | 5e+06 |-+ +-| | | 4.95e+06 |-+ +-| | | | | 4.9e+06 |-+ *AA +-| | A*AA*A*A A A*AA*AA*A*AA*A A A A*A *AA*A*A A A*AA*AA | | * * ** * * * ** * *** * | 4.85e+06 |-+* *** * * * * *** A * * +-| | * A * * ** * * A * * | | * * * * ** * * | 4.8e+06 |-+* * * A * * * +-| | * * * A * * | 4.75e+06 |-* * * * * +-| | * * * * * | | * + * *+ + + + + * *+ | 4.7e+06 +---------------------------------------------------------------+ 0 5 10 15 20 25 30 35 40 [0] https://lkml.kernel.org/r/20221013180518.217405-1-david@redhat.com Reported-by: David Hildenbrand Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 6 +++++- kernel/module/stats.c | 14 +++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 5642d77657a0..1ed373145278 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2815,7 +2815,11 @@ static int early_mod_check(struct load_info *info, int flags) if (err) return err; - return 0; + mutex_lock(&module_mutex); + err = module_patient_check_exists(info->mod->name, FAIL_DUP_MOD_BECOMING); + mutex_unlock(&module_mutex); + + return err; } /* diff --git a/kernel/module/stats.c b/kernel/module/stats.c index d4b5b2b9e6ad..d9b9bccf4256 100644 --- a/kernel/module/stats.c +++ b/kernel/module/stats.c @@ -87,7 +87,7 @@ extern struct dentry *mod_debugfs_root; * calls: * * a) FAIL_DUP_MOD_BECOMING: at the end of early_mod_check() before - * layout_and_allocate(). This does not yet happen. + * layout_and_allocate(). * - with module decompression: 2 virtual memory allocation calls * - without module decompression: 1 virtual memory allocation calls * b) FAIL_DUP_MOD_LOAD: after layout_and_allocate() on add_unformed_module() @@ -130,15 +130,15 @@ static LIST_HEAD(dup_failed_modules); * * invalid_becoming_bytes: total number of bytes wasted due to * allocations used to read the kernel module userspace wants us to read * before we promote it to be processed to be added to our @modules linked - * list. These failures could in theory happen in if we had a check in between - * between a successful kernel_read_file_from_fd() call and right before - * we allocate the our private memory for the module which would be kept if - * the module is successfully loaded. The most common reason for this failure + * list. These failures could can happen in between a successful + * kernel_read_file_from_fd() call and right before we allocate the our + * private memory for the module which would be kept if the module is + * successfully loaded. The most common reason for this failure * is when userspace is racing to load a module which it does not yet see * loaded. The first module to succeed in add_unformed_module() will add a * module to our &modules list and subsequent loads of modules with the - * same name will error out at the end of early_mod_check(). A check - * for module_patient_check_exists() at the end of early_mod_check() could be + * same name will error out at the end of early_mod_check(). The check + * for module_patient_check_exists() at the end of early_mod_check() was * added to prevent duplicate allocations on layout_and_allocate() for * modules already being processed. These duplicate failed modules are * non-fatal, however they typically are indicative of userspace not seeing