From patchwork Fri Jul 22 10:45:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 12926343 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E82ABC43334 for ; Fri, 22 Jul 2022 10:45:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0FC9F6B0072; Fri, 22 Jul 2022 06:45:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0AC8E6B0073; Fri, 22 Jul 2022 06:45:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB5436B0074; Fri, 22 Jul 2022 06:45:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D93126B0072 for ; Fri, 22 Jul 2022 06:45:46 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B7368A0BBE for ; Fri, 22 Jul 2022 10:45:46 +0000 (UTC) X-FDA: 79714405092.04.69557D5 Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by imf04.hostedemail.com (Postfix) with ESMTP id 65D624007C for ; Fri, 22 Jul 2022 10:45:45 +0000 (UTC) Received: from fsav413.sakura.ne.jp (fsav413.sakura.ne.jp [133.242.250.112]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 26MAjdd0065014; Fri, 22 Jul 2022 19:45:39 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav413.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav413.sakura.ne.jp); Fri, 22 Jul 2022 19:45:39 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav413.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 26MAjcMi065010 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Fri, 22 Jul 2022 19:45:38 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: <86afb39f-8c65-bec2-6cfc-c5e3cd600c0b@I-love.SAKURA.ne.jp> Date: Fri, 22 Jul 2022 19:45:39 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: [PATCH v3] mm: memcontrol: fix potential oom_lock recursion deadlock Content-Language: en-US To: Andrew Morton Cc: Johannes Weiner , Michal Hocko , linux-mm References: <000000000000471c2905e3c2c2c2@google.com> <20220714141813.yi5p4o2tiyvkao6b@quack3> <534fa596-0c29-0f1e-b292-53ad9c3dbbe3@I-love.SAKURA.ne.jp> <20220715013908.ayyimue5yhfwonho@google.com> <03304bf8-d153-698f-0376-9e9a0ec1048e@I-love.SAKURA.ne.jp> <834b896d-68fb-caeb-4316-2e0a2190e3eb@I-love.SAKURA.ne.jp> From: Tetsuo Handa In-Reply-To: ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=none; dmarc=none; spf=none (imf04.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1658486746; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FTqLZyZ8kT6IgqfqUYFLDBIGLvqzdjAgQDc+AOjuYSs=; b=MFw6/7EpqSr6OSjDPr30BeMWyRjO2ygzgLcCEyOlgIAR2pt7/zaoXZ2f1EhkwSZdN15wqP T53SeRqiiV+V0mw2s9EFFca60J4c5aJSOT83I8rvhvniFjeE8nEbClMI9fKsyBiVDCesPz ogVi7WgCiiUvCT9I7Hrh83OPpJulmq8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1658486746; a=rsa-sha256; cv=none; b=pn1bUOgkNIXXuKwcLAlw73SHdAH+AJuZfhubyH/tS1t1hfpvs7UQdk+xeXkE5Yaljof5v9 s8Fhz/wQI0SilvV86YpScjjMIIEKgnzfmp91gk0CMONcXmjaKJhA5IX1HOCMm7+48X9fRh qxs7Wr1/T0FESfB20JO0hIDPs2rDuKs= X-Rspam-User: X-Stat-Signature: jquioq6efnbnn7uju9xbyzswe7oxbxi4 X-Rspamd-Queue-Id: 65D624007C Authentication-Results: imf04.hostedemail.com; dkim=none; dmarc=none; spf=none (imf04.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp X-Rspamd-Server: rspam04 X-HE-Tag: 1658486745-244229 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: syzbot is reporting GFP_KERNEL allocation with oom_lock held when reporting memcg OOM [1]. Such allocation request might deadlock the system, for __alloc_pages_may_oom() cannot invoke global OOM killer due to oom_lock being already held by the caller. Fix this problem by removing the allocation from memory_stat_format() completely, and pass static buffer when calling from memcg OOM path. Link: https://syzkaller.appspot.com/bug?extid=2d2aeadc6ce1e1f11d45 [1] Reported-by: syzbot Suggested-by: Michal Hocko Fixes: c8713d0b23123759 ("mm: memcontrol: dump memory.stat during cgroup OOM") Signed-off-by: Tetsuo Handa Acked-by: Michal Hocko --- Changes in v3: Update patch description. Changes in v2: Use static buffer for OOM reporting, suggested by Michal Hocko . mm/memcontrol.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 618c366a2f07..8092be2fbb7c 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -1460,14 +1460,12 @@ static inline unsigned long memcg_page_state_output(struct mem_cgroup *memcg, return memcg_page_state(memcg, item) * memcg_page_state_unit(item); } -static char *memory_stat_format(struct mem_cgroup *memcg) +static void memory_stat_format(struct mem_cgroup *memcg, char *buf, int bufsize) { struct seq_buf s; int i; - seq_buf_init(&s, kmalloc(PAGE_SIZE, GFP_KERNEL), PAGE_SIZE); - if (!s.buffer) - return NULL; + seq_buf_init(&s, buf, bufsize); /* * Provide statistics on the state of the memory subsystem as @@ -1533,8 +1531,6 @@ static char *memory_stat_format(struct mem_cgroup *memcg) /* The above should easily fit into one page */ WARN_ON_ONCE(seq_buf_has_overflowed(&s)); - - return s.buffer; } #define K(x) ((x) << (PAGE_SHIFT-10)) @@ -1570,7 +1566,10 @@ void mem_cgroup_print_oom_context(struct mem_cgroup *memcg, struct task_struct * */ void mem_cgroup_print_oom_meminfo(struct mem_cgroup *memcg) { - char *buf; + /* Use static buffer, for the caller is holding oom_lock. */ + static char buf[PAGE_SIZE]; + + lockdep_assert_held(&oom_lock); pr_info("memory: usage %llukB, limit %llukB, failcnt %lu\n", K((u64)page_counter_read(&memcg->memory)), @@ -1591,11 +1590,8 @@ void mem_cgroup_print_oom_meminfo(struct mem_cgroup *memcg) pr_info("Memory cgroup stats for "); pr_cont_cgroup_path(memcg->css.cgroup); pr_cont(":"); - buf = memory_stat_format(memcg); - if (!buf) - return; + memory_stat_format(memcg, buf, sizeof(buf)); pr_info("%s", buf); - kfree(buf); } /* @@ -6335,11 +6331,11 @@ static int memory_events_local_show(struct seq_file *m, void *v) static int memory_stat_show(struct seq_file *m, void *v) { struct mem_cgroup *memcg = mem_cgroup_from_seq(m); - char *buf; + char *buf = kmalloc(PAGE_SIZE, GFP_KERNEL); - buf = memory_stat_format(memcg); if (!buf) return -ENOMEM; + memory_stat_format(memcg, buf, PAGE_SIZE); seq_puts(m, buf); kfree(buf); return 0;