From patchwork Wed Jul 24 08:55:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Barry Song <21cnbao@gmail.com> X-Patchwork-Id: 13740692 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97CCCC3DA61 for ; Wed, 24 Jul 2024 08:56:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EE45D6B007B; Wed, 24 Jul 2024 04:56:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E93D76B0082; Wed, 24 Jul 2024 04:56:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D5C736B0088; Wed, 24 Jul 2024 04:56:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id B7E7B6B007B for ; Wed, 24 Jul 2024 04:56:06 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 4206A40748 for ; Wed, 24 Jul 2024 08:56:06 +0000 (UTC) X-FDA: 82374039132.07.E3C632B Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by imf21.hostedemail.com (Postfix) with ESMTP id 607911C002A for ; Wed, 24 Jul 2024 08:56:04 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=kP4eSj6A; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf21.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.214.179 as permitted sender) smtp.mailfrom=21cnbao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721811329; a=rsa-sha256; cv=none; b=JFMvVWVu0/0dhtrCVOttUHhsB9lx3PbP8OFPxKNOwBhOIUzBFtEuWIh+kmbA1v6hSJmtpE iYiheECB+moW0BalRWul7nZLpT/POymEB4Gaht695hTwNQIYT9U+8FSpkcLI49x8/V05AK M0ZVtArvCb80gZE3J3URUa7xzqfMI9Y= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=kP4eSj6A; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf21.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.214.179 as permitted sender) smtp.mailfrom=21cnbao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721811329; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=sr5l2PoDQntW7pen7diA9kDEWAvllnWAgEUGtFBQtxY=; b=rP8/pbixxn0U/NW4TSaK3sbPmhDbgHOZ4ukVBQ/GqGngWTyFVy1aB5LeyM5I4w0cJ5Br1V gMbaNig493zd6gGC7kCcpOwUYNJ4uxgwhRG/EMa8BwB9bUpg4/Jza7KEDDusKbvfwf/yDY gZxcjMgua3hW8EFgTnXFnhqeAQEE0e0= Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-1fd9e6189d5so7686875ad.3 for ; Wed, 24 Jul 2024 01:56:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721811363; x=1722416163; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=sr5l2PoDQntW7pen7diA9kDEWAvllnWAgEUGtFBQtxY=; b=kP4eSj6APxvIlJdt3J4sveskc2FfY1uH5oCf29haBryVzE+bVGb6tUO82INC/DQ6WZ YJqwlsVJLtv8W39edM1/ic/ROgdbVtqQeb3QW13c1KFJftQokc5ZJBDuNL9ETTn2ljp2 TRPGXzuUjaXBKHl3GKsdaQC3zgqc8W9Xn+CBHCiC6v5ov6jndsB7c6FSJ1J/s5AEvyKH JfLC1L7vQ6a0tY10gp4R8ni2bNEbJwcAMMmCBIgTzkmAkqZyUp5Cf1v92Sc5GSYvA6FD D+WbjvNhGHjHQfpn714kk//XIoEQwoc63HcnwyBXakNVvVwaUpIABsddlwjNKhBUk6jv hYwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721811363; x=1722416163; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sr5l2PoDQntW7pen7diA9kDEWAvllnWAgEUGtFBQtxY=; b=nt4IyJkpD+hq5Rr0mSeMOaY01BRnwizcXgpjoZPBulEQ4g3NZ4xubcJJdN1zU6Yfdm P2njLo5ImksTQgvLIq/PXHp2HgLAKN1/x0XhGLvlQCwi4xQSn/P/ACGyAes5Udsvxztf fBIJ2uyz19PcUjEoU8FKZ05p+rJUO5Hl6TaMWba5UMxacsiDDAWAyB+zBm4w0XuGVR7P fBapv6xcnOC+HNb7+t/kF6lb2YLWpYjXGNQLEHgKXXVlLfAtknmDu00rH4Br9KOn2FvS UjJYhJjoiU7PvVsBbgmR2+XM/LiuCj+vbL5JNHPGD9Ce65Kbsj160h+/MmaPvrxYdGxn JBKA== X-Forwarded-Encrypted: i=1; AJvYcCU8V5nmnQwZTTLvarWFxDUL01TCP/w3UBpNay53khuLuGCc/HnBvVJzrAQ3GVJ3ico/OXj31t3aNWYgh4KeO2iCobg= X-Gm-Message-State: AOJu0YzfwY0pp55CHX2B/TdfuaIpVxODk+3i/6TdtpGuKlQn/FS4I9tw JNm6znW/+Ryqc66OVH062JhHDavT8I67HEjPFsk8mI6nTxtBt0iq X-Google-Smtp-Source: AGHT+IHHqAJFPf2gJe+CIjeS/66rCq3xfxiwRk+XdtHHfCi8++/OivS10/aAkJw/sTSnK26xSxgB9Q== X-Received: by 2002:a17:902:d2cc:b0:1fc:57b7:995c with SMTP id d9443c01a7336-1fd7457385dmr94959655ad.7.1721811362773; Wed, 24 Jul 2024 01:56:02 -0700 (PDT) Received: from localhost.localdomain ([2407:7000:8942:5500:aaa1:59ff:fe57:eb97]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1fd6f31855fsm89021895ad.156.2024.07.24.01.55.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jul 2024 01:56:02 -0700 (PDT) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: 42.hyeyoo@gmail.com, cl@linux.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, hailong.liu@oppo.com, torvalds@linux-foundation.org Subject: [PATCH 0/5] mm: clarify nofail memory allocation Date: Wed, 24 Jul 2024 20:55:39 +1200 Message-Id: <20240724085544.299090-1-21cnbao@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Rspamd-Queue-Id: 607911C002A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: epari3dpj84axo77yfpq9bfgroki7dtj X-HE-Tag: 1721811364-27376 X-HE-Meta: U2FsdGVkX1+qWizn8vbPC6t3qTYXJ3Qn9hYjzNBiGe7afKBDyV+6LqCGd7likcX7XWGAlczcGISnPfd36ELaE9WyuUdI0GiA/2zJq3Hut7+TcgAGsUIRE+ViX5UUFkGU9cHIUfyaU4SAh9q+UTyiJi3mOcr/dpf7lWqNv9/5Nbu7+3XvYnwLA6HHyuJW3668slAmxsd47pN4/nCIRKJaTAdorV0nvIZT7jgVLb/xsSW1daSWEg4SY18bRqOlXWRtdiQwvYC0ON+xSfW3t2rCoMfViv9gLncYnG1FAQgwylyh+RiRlcjUjbG311ia93FTpG7RQQRnRm6kUz6KoIjpyka6+Y7EqS/JUlecFvRuNYl4tUnCPFLAfVcdJHxzbl+z7SUcpk/z37i5n3wDfCJVMixiOT6EBwsMvviLtTYLSctK6NcQlDfjaLyxeGhSFd8Gs0d9jkvrocWjxLbkBb0Y4+owe8e7LwMPissyFW+OQ4RyQ9r9BQytUZ4C+vEOc03ptWP6L5SnBMWFkQtwxj2MSBiurr8CouKV8GWSq9QzZnxmyiU+DpsUOLR9rDAm/kAj4A3ENZEltueQFcDpAUrpWCiZ2tjPuN3+MJ7o1eFn5z6GicKe2uGMhXgv9rA1A6V1eBHJO3cweJhfgVLl74rO2L97xul/LHGz5HEEkbpCUYP3owzfplv+bFta8Lo3csU2iS+WWz39gkDtoRETEp4IjDR4luYe2qu2g1G5rtqGD1uAumYXRK4CJtzSdoAIdVJoLHLdlQesTHGITS7OIYGKrXxmQY7dxjX1P7tIWxFfDW/Txiyaj1klNLK1NkAGzpW8rfGBP6kV9ySFgLUv06Tp7lr1jGxar5svkvnqQhik98hqF71o0EAFY3SYpUFWHrEc6AP6kLGxBWtAXn5uDzXCGHSu4hJ1T2/rtMe4gShnc5Wnz6bH27hSK5U6B1o/vMDOtvbV/9G7FBpHEVVbcuO LfTBNv/R co/rJNHSFu+qJ3e06V/aAyW+mqRj5f4CUy/cMRJwLD0DGlcynWbqOMM24TQt8Y0O7lzizSuEXZfcr1Brd2tLROcGNSnofUdbQQcRHNOQQLK+pGKv1pMNrmEPN6/4Uv9+asgMXECtFcyyiEng7RciHih405dAblUPzla+T+VmZPfOGizy4ckTh0KBAzgQcRWuMeh6e60bAwfGO4kTlJYbzdsfMAG4r39WUrg+0MjcjeGb/O/ynLTLMfKdeInzTugjJ2ZyeCPukDrzXDrNX0u2mhxxIiT0qmdEVPHWgKzkURJeetfZJ4pUaa5Va0mp5bhp6Z7KZijbVS6Rxd9+rYAc7tdAQUsTIaYZE5v2jK7v6KBNP8iPMOgj2MkKyZbzY1knufhnLLqMK1a2yazUbGQR6mZNYvQ7bHddzndivQGqk/q8y4EfJnXyAhgJI14ARDcRdy0EGIFo9YOyWkdpRxfgFDm6WttdoBcxFg1Uu0diJBi9as8Lq7LxgVm4cMwePeodDKprFcXTNOwCF5yUdr0KJdm6Hk2Pn1wDDNQgiyOCgJtp+Lq+UqbmuA8oOAA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Barry Song __GFP_NOFAIL carries the semantics of never failing, so its callers do not check the return value: %__GFP_NOFAIL: The VM implementation _must_ retry infinitely: the caller cannot handle allocation failures. The allocation could block indefinitely but will never return with failure. Testing for failure is pointless. However, __GFP_NOFAIL can sometimes fail if it exceeds size limits or is used with GFP_ATOMIC/GFP_NOWAIT in a non-sleepable context. This can expose security vulnerabilities due to potential NULL dereferences. Since __GFP_NOFAIL does not support non-blocking allocation, we introduce GFP_NOFAIL with inclusive blocking semantics and encourage using GFP_NOFAIL as a replacement for __GFP_NOFAIL in non-mm. If we must still fail a nofail allocation, we should trigger a BUG rather than exposing NULL dereferences to callers who do not check the return value. * The discussion started from this topic: [PATCH RFC] mm: warn potential return NULL for kmalloc_array and kvmalloc_array with __GFP_NOFAIL https://lore.kernel.org/linux-mm/20240717230025.77361-1-21cnbao@gmail.com/ Thank you to Michal, Christoph, Vlastimil, and Hailong for all the comments. Barry Song (5): vpda: try to fix the potential crash due to misusing __GFP_NOFAIL mm: Document __GFP_NOFAIL must be blockable mm: BUG_ON to avoid NULL deference while __GFP_NOFAIL fails mm: Introduce GFP_NOFAIL with the inclusion of __GFP_RECLAIM non-mm: discourage the usage of __GFP_NOFAIL and encourage GFP_NOFAIL arch/powerpc/sysdev/xive/common.c | 2 +- drivers/gpu/drm/drm_modeset_lock.c | 2 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 8 +++---- drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +- drivers/hv/vmbus_drv.c | 2 +- drivers/infiniband/hw/cxgb4/mem.c | 4 ++-- drivers/md/dm-region-hash.c | 2 +- .../chelsio/inline_crypto/chtls/chtls_cm.c | 6 ++--- .../chelsio/inline_crypto/chtls/chtls_hw.c | 2 +- drivers/target/iscsi/cxgbit/cxgbit_cm.c | 2 +- drivers/tty/tty_ldisc.c | 2 +- drivers/vdpa/vdpa_user/iova_domain.c | 24 +++++++++++++++---- fs/bcachefs/btree_iter.c | 2 +- fs/bcachefs/fs-io-buffered.c | 2 +- fs/bcachefs/io_write.c | 2 +- fs/btrfs/extent_io.c | 8 +++---- fs/buffer.c | 6 ++--- fs/erofs/fscache.c | 2 +- fs/erofs/zdata.c | 10 ++++---- fs/ext4/extents.c | 8 +++---- fs/ext4/extents_status.c | 4 ++-- fs/ext4/mballoc.c | 12 +++++----- fs/ext4/page-io.c | 2 +- fs/f2fs/checkpoint.c | 2 +- fs/f2fs/data.c | 4 ++-- fs/f2fs/f2fs.h | 2 +- fs/f2fs/node.c | 2 +- fs/fuse/dev.c | 2 +- fs/fuse/file.c | 4 ++-- fs/fuse/inode.c | 4 ++-- fs/fuse/virtio_fs.c | 4 ++-- fs/gfs2/meta_io.c | 2 +- fs/gfs2/rgrp.c | 6 ++--- fs/gfs2/trans.c | 2 +- fs/iomap/buffered-io.c | 2 +- fs/jbd2/journal.c | 4 ++-- fs/jbd2/revoke.c | 2 +- fs/jbd2/transaction.c | 6 ++--- fs/notify/fanotify/fanotify.c | 2 +- fs/reiserfs/journal.c | 2 +- fs/udf/directory.c | 2 +- fs/xfs/libxfs/xfs_alloc.c | 2 +- fs/xfs/libxfs/xfs_attr_leaf.c | 8 +++---- fs/xfs/libxfs/xfs_bmap.c | 2 +- fs/xfs/libxfs/xfs_btree.h | 2 +- fs/xfs/libxfs/xfs_btree_staging.c | 2 +- fs/xfs/libxfs/xfs_da_btree.c | 8 +++---- fs/xfs/libxfs/xfs_defer.c | 4 ++-- fs/xfs/libxfs/xfs_dir2.c | 10 ++++---- fs/xfs/libxfs/xfs_dir2_block.c | 2 +- fs/xfs/libxfs/xfs_dir2_sf.c | 8 +++---- fs/xfs/libxfs/xfs_exchmaps.c | 4 ++-- fs/xfs/libxfs/xfs_iext_tree.c | 4 ++-- fs/xfs/libxfs/xfs_inode_fork.c | 14 +++++------ fs/xfs/libxfs/xfs_refcount.c | 4 ++-- fs/xfs/libxfs/xfs_rmap.c | 2 +- fs/xfs/xfs_attr_item.c | 8 +++---- fs/xfs/xfs_attr_list.c | 2 +- fs/xfs/xfs_bmap_item.c | 6 ++--- fs/xfs/xfs_buf.c | 8 +++---- fs/xfs/xfs_buf_item.c | 4 ++-- fs/xfs/xfs_buf_item_recover.c | 2 +- fs/xfs/xfs_dquot.c | 2 +- fs/xfs/xfs_exchmaps_item.c | 4 ++-- fs/xfs/xfs_extent_busy.c | 2 +- fs/xfs/xfs_extfree_item.c | 10 ++++---- fs/xfs/xfs_icache.c | 2 +- fs/xfs/xfs_icreate_item.c | 2 +- fs/xfs/xfs_inode_item.c | 2 +- fs/xfs/xfs_inode_item_recover.c | 2 +- fs/xfs/xfs_iunlink_item.c | 2 +- fs/xfs/xfs_iwalk.c | 2 +- fs/xfs/xfs_log.c | 2 +- fs/xfs/xfs_log_cil.c | 2 +- fs/xfs/xfs_log_recover.c | 6 ++--- fs/xfs/xfs_mount.c | 2 +- fs/xfs/xfs_mru_cache.c | 4 ++-- fs/xfs/xfs_qm.c | 4 ++-- fs/xfs/xfs_refcount_item.c | 8 +++---- fs/xfs/xfs_rmap_item.c | 8 +++---- fs/xfs/xfs_rtalloc.c | 2 +- fs/xfs/xfs_super.c | 2 +- fs/xfs/xfs_trans.c | 4 ++-- fs/xfs/xfs_trans_dquot.c | 2 +- include/linux/buffer_head.h | 4 ++-- include/linux/gfp_types.h | 7 ++++++ include/linux/slab.h | 4 +++- kernel/resource.c | 2 +- lib/list-test.c | 8 +++---- lib/ref_tracker.c | 2 +- lib/rhashtable.c | 6 ++--- lib/test_hmm.c | 6 ++--- mm/page_alloc.c | 10 ++++---- mm/util.c | 1 + net/ceph/osd_client.c | 2 +- net/ceph/osdmap.c | 4 ++-- net/core/sock.c | 4 ++-- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/tcp_output.c | 2 +- security/smack/smackfs.c | 2 +- 100 files changed, 222 insertions(+), 196 deletions(-)