From patchwork Wed Jul 31 00:01:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Barry Song <21cnbao@gmail.com> X-Patchwork-Id: 13747974 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B7EAC3DA7F for ; Wed, 31 Jul 2024 00:02:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0A1386B0089; Tue, 30 Jul 2024 20:02:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0038C6B008A; Tue, 30 Jul 2024 20:02:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D718B6B008C; Tue, 30 Jul 2024 20:02:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id AE5C66B0089 for ; Tue, 30 Jul 2024 20:02:54 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 56C181C0654 for ; Wed, 31 Jul 2024 00:02:54 +0000 (UTC) X-FDA: 82398097068.05.D5C25FF Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by imf21.hostedemail.com (Postfix) with ESMTP id 77B591C0015 for ; Wed, 31 Jul 2024 00:02:51 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WQUW53nj; spf=pass (imf21.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.182 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722384116; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=R9U0Fc8KKm2y+wN/fyBwzUhu47z8lWa3dO4TTNX5JgU=; b=zARiDDRH8+qqtzRkgtY0Zzpq+pjpw8+lWYLhbnaelH1tG0eai12HunzV+9wJf9+NFDTbJ0 5rWjoiHtwC9eOcQqQW5Y7LCIHoUVl1A+/LrXLh0l0AbrmcqEh1No/QNvv6W3/8k79ccptY 1Ebwabmdtdh0wveOPB2V2jNm0q71uoM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722384116; a=rsa-sha256; cv=none; b=W4AfzRDkXc9iyMSuoZirWduwIDeEODZyYwoVmBxE7YciX96g7EZJ05sjLTpcJPlzrGoUQA JUGaz4TkrUu3zV2+OKOvBWc2MYAhKx6r0Q595apd+/FBm3TdPQe9npC/GEc5nLCx+5IsEN 1ulRry34S6yIHi1LbEL4Ks0dnj3N578= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WQUW53nj; spf=pass (imf21.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.182 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-70d2d7e692eso4135745b3a.0 for ; Tue, 30 Jul 2024 17:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722384170; x=1722988970; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R9U0Fc8KKm2y+wN/fyBwzUhu47z8lWa3dO4TTNX5JgU=; b=WQUW53nj2MQaUIr+tPU2lbBfFTQGcqnR+QRu9oQiqDY4vVpzJ0cAy2FzmANeRVscJj WlxDfQGGmZSgZOCfgcJB4f+MoBc9zPtTeJXyXvNCz52PRE37tzdz4HC4af6rugjGNLoo l2ilo65hYSw1IqZsex3vlnPWx9bFRyp/Zq6DtHR9nGrSZSQaSXciqqXuvoEfaLxqwWdU qFHnumuRCjwySUaMb55w+DEXIPBBotdkT7xxItwPax81rL3EFUUtd8rqG+CjliBGY8sv VQhAknboZ/e93wUgx6gQTTrdB7f9IWN0nZCqajOQX4gejGgOT95yPhHMHMEboXvjRVJq 7NJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722384170; x=1722988970; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R9U0Fc8KKm2y+wN/fyBwzUhu47z8lWa3dO4TTNX5JgU=; b=bxQm4PVXWdEmXc3una9jLMAC5YEw+0NntNQyxvMds6c1QEZd5Ahdmky2fYC2arWUJY VwI/D0qLnM/pO+kgyOzvHwTQcqHXgwp0+dCjW07+Z9/ImlgosYf9TwES0wRwCoK+30bd 6u5TuNwXxwN6OGysvdgoD0k2zL+/YYISqC89u3jJ6KajEJcbXh1Y7OuMP4JxoTCrxS7R tMvNt522Ld+FEEMQuSdJim506yV9RcvVj2U8FGY9u9urPsh/u/yFp8qzVr4OHDe3BG39 YaxU/CsVbYJvIwlXg2rcsX1pMq64SDOxnqtBbBcA7T6x9t12XvPndX/iPdQ0Pu8xjOMn M3mQ== X-Forwarded-Encrypted: i=1; AJvYcCU9pGJllkqc/wIX5eX3CzEkZb3rDtxln9h/HgVfbOWQr0RM9VqYgM5ElMgOjssGRd3KOOylrcRIXFjF1PMPbzF+TCo= X-Gm-Message-State: AOJu0YwIQPfbaQoCoqGNHj0ALrNqY/RZPba93VDjetKStpooz8jBrHqd OX59niv1YI1mv7by1kLA3KqL/2GSvFQ2P55MJ+sWueuSSQyaMV/7 X-Google-Smtp-Source: AGHT+IGI7znVrv6bYKQx7zu+8g6RSUkckxO77j0m9ryhAOr73jAUCoQuk4sG//4hffslQyeyVIjtfg== X-Received: by 2002:a05:6a21:32aa:b0:1c4:9f31:ac8f with SMTP id adf61e73a8af0-1c4a14d92e1mr11148238637.37.1722384169966; Tue, 30 Jul 2024 17:02:49 -0700 (PDT) Received: from localhost.localdomain ([2407:7000:8942:5500:aaa1:59ff:fe57:eb97]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70ead6e1a2asm8871689b3a.23.2024.07.30.17.02.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jul 2024 17:02:49 -0700 (PDT) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , Maxime Coquelin Subject: [PATCH RFT v2 1/4] vpda: try to fix the potential crash due to misusing __GFP_NOFAIL Date: Wed, 31 Jul 2024 12:01:52 +1200 Message-Id: <20240731000155.109583-2-21cnbao@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731000155.109583-1-21cnbao@gmail.com> References: <20240731000155.109583-1-21cnbao@gmail.com> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 77B591C0015 X-Stat-Signature: pw471ftne7iwo34r9r4ghq6azrxw1gs6 X-HE-Tag: 1722384171-926928 X-HE-Meta: U2FsdGVkX189Ui9Asroq/GFTuNnBtr6C52DisYKKff25el5EcuFLbAe+hhyul4FNdMPRe2NRRWVe3HsYiq/AfBbGAjX4QyYG716yW8e2nz4kJo2t7DNzOQu2XeZH24gb88l+u0xMvz4CwlgAV+UqgD1jye0EWUnIpXjjOnLfvNVigZfsfWsevfLL5wLNKftop6utkToenyP+NxrhY6GsZ37ynKzo2VoXS57nBHZQOw7t+9EX/5THYQE+MBc9W4x9vwSigdsH/69MZ9Ag32R0kVo0OAQXg0eoR3iGYJTMNAH+tGWF51moqVkJlGjaXThsfeVrzXYkWYw8kv75toH/sARhmhO4J3cDCJVUaqoSUawDf12jtSwFmvYGnt3jkNEKuuvWrQUwmhC/lTnRqOtvqMWtY76cFCrXTLI4b/OmLFZiVEe4cxrpzjRUfOMVGeJJ49Hg8AHdVrzvXAiGnl5OwaAhF5J98+TTzRwbtbyBlxRQE08zFuW8rkWBFvPV3s4cja+zeviJuyTgLR0BMDbbbJFIMsLJprOQr/uOwg07AJ203x60HMT4nhgeBjyDVfq2PrVInvj0VeuES1CnMTSULyCck43NS3lqAaU+ownNQdv1rsN21jqd5QgcK2qIkkcOMDY/xkYURVEnWxRJ4/w6oNuI4QgedZEb4lUFRTE7IUnKFWKvOJewFYro0EjqcuAuFnR66yY0XROzVccUvVGvdi1Nr9BXknhZEdH5CsdrGbBr0XB/2MJsvuaMrQq8tvbaO6YCcjLPA+2SiQI6DhAGcRlUY9HIXNuPclOzOa6aPmopCxEyBiDnyLrL5pQcu3otIZ3+tO/cx/dpu6Sw1laoG1R9jB8v1u60lfDegWytalXcBIaJXJ0qwVl6kBwVI4NhVmIt6IIGjXiTnQAiRQcUpR3gRKOlwUeUnsOERXj3o/MOH0rRd0aUgeITktj/yQhYouXXDcKoMmq+ChyUFM0 0Aa/NmJy hSUcyr/1cG85ucYyOm5Fldky7XVnSRD8+qLeoFYcx/kz5OEtouSgVSF1byeWl2ztfi5D9UZKZR+5c6R2XNScKxxbFM2CntFfw66k7T5P+otgHOp39yhCrHZRxEWdusrVSTjfVgkU8a+nLsLH79Ff9/mU9AtO4tEsFCABBMT7kcOwQfUWD+Xq0B5SEQxpc6evuLME+ERlpuHXQTdsM3yFNyotg5014nsn9jeZhI7VyM7DJSztl2am3K9BaidAbg9eQvW2eq/K4KRVO5H0k6F2juoAAfq+CPVRviYmwcLAWhDTlCB/xVGpINHwRZhJk0u+Od3+vSveON4IpuY0wRKkgVth0aw3rjUDhjucc64tpq4tDGnPEgO6j0sE4Nhs7yOPnxDXoBCKUvoUmRksD7M8Rg9jl5qXy2Le4pATyRJdMpfx7M81nn13p1s0Tza1hK5XUNQbol8Cxcz/XkO1IK/yqSTgJR9pzQXf3RHJmTBHKmhzQNrLrlwMxajTmmLf9/khehD0KGuNyRsRDdmeuGvnAuRnE+rOBf1rGhugUSOdhup1/xRP5e4ib58sHZ0H6lk8XYQO8feiL81Qqtzjl3J1BPYJJ379W2HXnT63GtGA+Q4WDwGVdtYeG6d42mPqWLPBPKPHNnursbMVbyvEIBFkB3FBhdN07fGOSuIqd X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Barry Song mm doesn't support non-blockable __GFP_NOFAIL allocation. Because __GFP_NOFAIL without direct reclamation may just result in a busy loop within non-sleepable contexts. static inline struct page * __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, struct alloc_context *ac) { ... /* * Make sure that __GFP_NOFAIL request doesn't leak out and make sure * we always retry */ if (gfp_mask & __GFP_NOFAIL) { /* * All existing users of the __GFP_NOFAIL are blockable, so warn * of any new users that actually require GFP_NOWAIT */ if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask)) goto fail; ... } ... fail: warn_alloc(gfp_mask, ac->nodemask, "page allocation failure: order:%u", order); got_pg: return page; } Let's move the memory allocation out of the atomic context and use the normal sleepable context to get pages. [RFT]: This has only been compile-tested; I'd prefer if the VDPA maintainers handles it. Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: Xuan Zhuo Cc: "Eugenio PĂ©rez" Cc: Maxime Coquelin Signed-off-by: Barry Song --- drivers/vdpa/vdpa_user/iova_domain.c | 31 +++++++++++++++++++++++----- drivers/vdpa/vdpa_user/iova_domain.h | 5 ++++- drivers/vdpa/vdpa_user/vduse_dev.c | 4 +++- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/drivers/vdpa/vdpa_user/iova_domain.c b/drivers/vdpa/vdpa_user/iova_domain.c index 791d38d6284c..9318f059a8b5 100644 --- a/drivers/vdpa/vdpa_user/iova_domain.c +++ b/drivers/vdpa/vdpa_user/iova_domain.c @@ -283,7 +283,23 @@ int vduse_domain_add_user_bounce_pages(struct vduse_iova_domain *domain, return ret; } -void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain *domain) +struct page **vduse_domain_alloc_pages_to_remove_bounce(struct vduse_iova_domain *domain) +{ + struct page **pages; + unsigned long count, i; + + if (!domain->user_bounce_pages) + return NULL; + + count = domain->bounce_size >> PAGE_SHIFT; + pages = kmalloc_array(count, sizeof(*pages), GFP_KERNEL | __GFP_NOFAIL); + for (i = 0; i < count; i++) + pages[i] = alloc_page(GFP_KERNEL | __GFP_NOFAIL); + + return pages; +} + +void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain *domain, struct page **pages) { struct vduse_bounce_map *map; unsigned long i, count; @@ -294,15 +310,16 @@ void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain *domain) count = domain->bounce_size >> PAGE_SHIFT; for (i = 0; i < count; i++) { - struct page *page = NULL; + struct page *page = pages[i]; map = &domain->bounce_maps[i]; - if (WARN_ON(!map->bounce_page)) + if (WARN_ON(!map->bounce_page)) { + put_page(page); continue; + } /* Copy user page to kernel page if it's in use */ if (map->orig_phys != INVALID_PHYS_ADDR) { - page = alloc_page(GFP_ATOMIC | __GFP_NOFAIL); memcpy_from_page(page_address(page), map->bounce_page, 0, PAGE_SIZE); } @@ -310,6 +327,7 @@ void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain *domain) map->bounce_page = page; } domain->user_bounce_pages = false; + kfree(pages); out: write_unlock(&domain->bounce_lock); } @@ -543,10 +561,13 @@ static int vduse_domain_mmap(struct file *file, struct vm_area_struct *vma) static int vduse_domain_release(struct inode *inode, struct file *file) { struct vduse_iova_domain *domain = file->private_data; + struct page **pages; + + pages = vduse_domain_alloc_pages_to_remove_bounce(domain); spin_lock(&domain->iotlb_lock); vduse_iotlb_del_range(domain, 0, ULLONG_MAX); - vduse_domain_remove_user_bounce_pages(domain); + vduse_domain_remove_user_bounce_pages(domain, pages); vduse_domain_free_kernel_bounce_pages(domain); spin_unlock(&domain->iotlb_lock); put_iova_domain(&domain->stream_iovad); diff --git a/drivers/vdpa/vdpa_user/iova_domain.h b/drivers/vdpa/vdpa_user/iova_domain.h index f92f22a7267d..17efa5555b3f 100644 --- a/drivers/vdpa/vdpa_user/iova_domain.h +++ b/drivers/vdpa/vdpa_user/iova_domain.h @@ -74,7 +74,10 @@ void vduse_domain_reset_bounce_map(struct vduse_iova_domain *domain); int vduse_domain_add_user_bounce_pages(struct vduse_iova_domain *domain, struct page **pages, int count); -void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain *domain); +void vduse_domain_remove_user_bounce_pages(struct vduse_iova_domain *domain, + struct page **pages); + +struct page **vduse_domain_alloc_pages_to_remove_bounce(struct vduse_iova_domain *domain); void vduse_domain_destroy(struct vduse_iova_domain *domain); diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vduse_dev.c index 7ae99691efdf..5d8d5810df57 100644 --- a/drivers/vdpa/vdpa_user/vduse_dev.c +++ b/drivers/vdpa/vdpa_user/vduse_dev.c @@ -1030,6 +1030,7 @@ static int vduse_dev_queue_irq_work(struct vduse_dev *dev, static int vduse_dev_dereg_umem(struct vduse_dev *dev, u64 iova, u64 size) { + struct page **pages; int ret; mutex_lock(&dev->mem_lock); @@ -1044,7 +1045,8 @@ static int vduse_dev_dereg_umem(struct vduse_dev *dev, if (dev->umem->iova != iova || size != dev->domain->bounce_size) goto unlock; - vduse_domain_remove_user_bounce_pages(dev->domain); + pages = vduse_domain_alloc_pages_to_remove_bounce(dev->domain); + vduse_domain_remove_user_bounce_pages(dev->domain, pages); unpin_user_pages_dirty_lock(dev->umem->pages, dev->umem->npages, true); atomic64_sub(dev->umem->npages, &dev->umem->mm->pinned_vm); From patchwork Wed Jul 31 00:01:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Barry Song <21cnbao@gmail.com> X-Patchwork-Id: 13747975 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5F02C3DA49 for ; Wed, 31 Jul 2024 00:03:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 77EC76B008C; Tue, 30 Jul 2024 20:03:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 72E836B0092; Tue, 30 Jul 2024 20:03:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5A8B46B0093; Tue, 30 Jul 2024 20:03:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 372F46B008C for ; Tue, 30 Jul 2024 20:03:00 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id B5A71C0169 for ; Wed, 31 Jul 2024 00:02:59 +0000 (UTC) X-FDA: 82398097278.08.A9A23B7 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by imf20.hostedemail.com (Postfix) with ESMTP id E24811C0030 for ; Wed, 31 Jul 2024 00:02:57 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=DfV87XUa; spf=pass (imf20.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.178 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722384150; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4k7mUJ7l3kmAdsgh/A3CeQFcwrtcFTqm21Ngwsj726s=; b=bCMYtzKR+x59FWUUl+D7EkFSikd0iHnrqXk5YgtNFJgV85sc8XjQ2G/LETzl5YhtqrDkOT Xb6H06DcIatboTNvoMNj5afjjqlSp7/m/urUV13r+gH00G3fjRleSEWnRLWKSNNniYu+vH tIzb94/8kItXLWI85F8vo1QVecQPVE0= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=DfV87XUa; spf=pass (imf20.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.178 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722384150; a=rsa-sha256; cv=none; b=f3uMxOom4u+1PuZE3W4hqnJ0dXEa2W0Kq1bAXsvXFV7cvBxDQuYYiooiUUlNZoNcO4EbGR 4n0ZT0fUCUyZUGsv14Wu0FW+at0XKngRY8SBPWgCwJo0WnNTqJellqxOynMBNV2zJGjSyB 68SyOO2Wv4WaOLp554ur3q1DK2uWXjQ= Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-70d150e8153so290147b3a.0 for ; Tue, 30 Jul 2024 17:02:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722384177; x=1722988977; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4k7mUJ7l3kmAdsgh/A3CeQFcwrtcFTqm21Ngwsj726s=; b=DfV87XUaWZB6Luyi6rkQhONpgqV5+vk8UJgukDZbFwXMznbQYgho1pzab8sjCbadqQ nfIMVWi6DgkXr2WKzVKwN4LC8SkXO7T9mnX023yRJ9LFqMpUQWz+TQ873T28KuHJus+B ST8ztEx/GbwUbYNj5pt5TntbN3pQ3aKfftFpn2Rw90l0Tk5r+x81ny7nZg7f+tVheOeQ BYojUs5fBNU+3nDTzAoknsEyjNOFxK6x/pK7Vv/FU6M+JEd2ixsG69ofJ57JsZbykRqD IMmPORCY3D/13b44sOpH1ipLWHqPV7Qeic+MrC2c5GI8nkd2nTZrjjLk01lFu5MtNEgw mBnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722384177; x=1722988977; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4k7mUJ7l3kmAdsgh/A3CeQFcwrtcFTqm21Ngwsj726s=; b=BgjuJG6N2bsJhI8IVaF39OiREsi2JJFYvSrmPnABS1ome2epP9MVJLbsH6RrnOvLG0 BKSZh7Qvk2ReD1LdXagYRty10mVVxTyWmw3vmi96CSJKkEhNvkhpcx8+GdDqo+y7WjA2 XMxPdS1eErksYnoSx1ecp8xWbaht9BEHaID7W/nq4t45ao/0WvK+FVrltLH/SH24JHxO uP6wHNazsboLbnDeEY67cSpu46KOL87BzuN8dcnSdimSzJjRO/ZDzJK5VatuPdsbJ0kf +aS8+ioYvHIaYo427Mrr4USi2naLMqm2etmg/xrE3Qo0o3v+qtul2V2mJRyHsvlC4XXC sWUg== X-Forwarded-Encrypted: i=1; AJvYcCWhzGEcZCzkN5UYCgQbk2murmDc0AcLoCe+uywwA6xk0y+eqO6xn3LskoPeawXyzxE0drlK9ZQdDg7gN189j+dG3jg= X-Gm-Message-State: AOJu0YwfxQFz04yO00db2LjU+rq/pWow2vor2Y9XNtvNtkZh7uN2ddXd UQas9wwiy36gEW9doHhrZY9hA8T57682yYDKNYK9VUZu50nfXRYY X-Google-Smtp-Source: AGHT+IGub7/cT356oygu2KYD+sWoBYGAcDkpV7grhrgXGzsfW0LOrUdda5GHWr7u45BFlKT/uocwXg== X-Received: by 2002:a05:6a00:949a:b0:706:aa39:d5c1 with SMTP id d2e1a72fcca58-70efe44f70bmr5615340b3a.8.1722384176485; Tue, 30 Jul 2024 17:02:56 -0700 (PDT) Received: from localhost.localdomain ([2407:7000:8942:5500:aaa1:59ff:fe57:eb97]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70ead6e1a2asm8871689b3a.23.2024.07.30.17.02.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jul 2024 17:02:56 -0700 (PDT) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev Subject: [PATCH v2 2/4] mm: Document __GFP_NOFAIL must be blockable Date: Wed, 31 Jul 2024 12:01:53 +1200 Message-Id: <20240731000155.109583-3-21cnbao@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731000155.109583-1-21cnbao@gmail.com> References: <20240731000155.109583-1-21cnbao@gmail.com> MIME-Version: 1.0 X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: E24811C0030 X-Stat-Signature: 9owui4zu6x4yfqb1zx9de93dqjkrfetd X-HE-Tag: 1722384177-772055 X-HE-Meta: U2FsdGVkX19Ale2ppgl+sC1Sjjd5u0Fym0TdSa8+wbrkmp6VUAr1JaNU9oxhLBSDiufzy6+IH8dK+j3Q2WPZoutGNRkfWtT3sC3olsWK3XWvc0IZIdn0VX53jW1nvEg0GD2p1e1lC5kha3Y+qTai+xT9elYK+OGH3Xtw6UaH7iMaRMlwMAcIFgp2iwCoBOruzGksAe1O14QJacb5P2ZeYqC/s/5Es93Wew07mXVNytlziF393e7TamHrBr4c//VmcoNDiEDpvVDnt3dSfG57kwRmtjzwcT8JlpruUB+II8xOhgd5fMYDza2g33LRNDmtfFM2w/boZPAeHeHzYbbM2fvL2Gu9oswT9G2BtQm/6iXxZhGj0Ye/PbJw3mvJbxXQKFlrZWozlcH1f8IFx3XbNPYAuWia8H4GgGDHR5umUP6u0yCYpOtVhvGe/OtRBQmLSuuTpVr1Ema6unaAnpCRLALEwLkki2nkSlyLXK0GkEv1ULHt5vYAM7+drDaE0uDu7PZk4RKLruIeSYimbJESktQZSpVF2Op5tdV+B0VIaiP8CDl/lwwBneatCbWuZrqvRRsW5Cisfs51FK0XZuN7dFUnVW/855wCnpz56Lzfl8K1oap3W35mbs/e0/xmsqzqbxp2IyhsSDRpvXKfmt4qNdIkPCzO8w7f+6CjZJ2NdtIQOTdPa/q+YUkGX8TtsJvVzHKyJHgZrn/AB36itNqY7vH27O0vq01ttTIEMpQXpp3X3YO8nYStc5qhebwd0YtC1z0O1/Qq++mDXtx3SDpr9EDJ9LPTlsObBf+iZIGpjpYP9S4qfaGhTuCREQqhcUetMKbI8H6b2iWEjo3CGoQQagxtdN1ejq/qjcpP00ssYEn7Gx9w8keyzD1F0PmtS9KcX5lsjKJjJmK5MVpvZBTtOlP4tNmycwIDeq82ftwccV081lWUB0AKxNnOXzAjITb9U/StKS8hUJqMDQeFqDy gwDvKdu4 9ybgag3k/kgtAtUZivHmZB9Cqm6ydcQJrM4/B2ocWvlVNNwdTxWYAP6yKyN0a0cmbQuVj57Sx/LN0Pgfx3jsK7LyHTb4MVSPAKUVZzVt72xWybPYiz2wiGoBaQj6eX32n3Wa0Pq5nxjgi/epZoBE6vbQO3xCZ0CmuSz9w5FE0fxmK+3MTwIYk62VHh3Tj/I/EOnqx2MUP6L5ribcwAuoPCVEw/4tvpA3amnAW0f3LLyPIl8J9483OTsAtLGhuyN1OSgbFtumg1+gVSHs2kRCt1fQZQwq2H5CuplDBk09EMrf0kzvEHHMK+f3HEJq3L4tN03R4WV3UcHDVt197LPt9eTAX4+D0g7RsBYTckc2H3Uk6XyzNAl+N6Mc/e/uGi0JdgmtXcURpbuTPz1XuWCFz4OX2tAU2OlaHt88g/FcMhDVymklAT7SPBLOA6DFkhwywoSwDq+W2Is56Vqej7jlIrlfOSiQCzGnNiIxpBUgZkXQz9YNrXE4136Q8Z7vQOYmLv0mEJ3iHE9+w0avLj9pxD0aorAhkgQ1urdu6AvGZ9Fts8MIlPVfah6TKXJAv82hoQbrGl3dprdlCfi05pSUnOhFQfCie0wbuBAImTW4RklpyWpQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Barry Song Non-blocking allocation with __GFP_NOFAIL is not supported and may still result in NULL pointers (if we don't return NULL, we result in busy-loop within non-sleepable contexts): static inline struct page * __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, struct alloc_context *ac) { ... /* * Make sure that __GFP_NOFAIL request doesn't leak out and make sure * we always retry */ if (gfp_mask & __GFP_NOFAIL) { /* * All existing users of the __GFP_NOFAIL are blockable, so warn * of any new users that actually require GFP_NOWAIT */ if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask)) goto fail; ... } ... fail: warn_alloc(gfp_mask, ac->nodemask, "page allocation failure: order:%u", order); got_pg: return page; } Highlight this in the documentation of __GFP_NOFAIL so that non-mm subsystems can reject any illegal usage of __GFP_NOFAIL with GFP_ATOMIC, GFP_NOWAIT, etc. Acked-by: Michal Hocko Signed-off-by: Barry Song Acked-by: Vlastimil Babka Reviewed-by: Christoph Hellwig --- include/linux/gfp_types.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/gfp_types.h b/include/linux/gfp_types.h index 313be4ad79fd..4a1fa7706b0c 100644 --- a/include/linux/gfp_types.h +++ b/include/linux/gfp_types.h @@ -215,7 +215,8 @@ enum { * the caller still has to check for failures) while costly requests try to be * not disruptive and back off even without invoking the OOM killer. * The following three modifiers might be used to override some of these - * implicit rules. + * implicit rules. Please note that all of them must be used along with + * %__GFP_DIRECT_RECLAIM flag. * * %__GFP_NORETRY: The VM implementation will try only very lightweight * memory direct reclaim to get some memory under memory pressure (thus @@ -246,6 +247,8 @@ enum { * cannot handle allocation failures. The allocation could block * indefinitely but will never return with failure. Testing for * failure is pointless. + * It _must_ be blockable and used together with __GFP_DIRECT_RECLAIM. + * It should _never_ be used in non-sleepable contexts. * New users should be evaluated carefully (and the flag should be * used only when there is no reasonable failure policy) but it is * definitely preferable to use the flag rather than opencode endless From patchwork Wed Jul 31 00:01:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Barry Song <21cnbao@gmail.com> X-Patchwork-Id: 13747976 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC40BC3DA7F for ; Wed, 31 Jul 2024 00:03:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 386E26B0093; Tue, 30 Jul 2024 20:03:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 336786B0095; Tue, 30 Jul 2024 20:03:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1B0CD6B0096; Tue, 30 Jul 2024 20:03:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id ED5A96B0093 for ; Tue, 30 Jul 2024 20:03:07 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 7D9644016A for ; Wed, 31 Jul 2024 00:03:07 +0000 (UTC) X-FDA: 82398097614.30.842E9DC Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by imf30.hostedemail.com (Postfix) with ESMTP id A937E80012 for ; Wed, 31 Jul 2024 00:03:04 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EFtnjNRk; spf=pass (imf30.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.170 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722384141; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=k6IAlVIqmCTe+Zj/VuVI82him0OCvVTLcevbDuX4T7M=; b=WcFgx3K1FrPcu5ezjzDJN8++cgRusnEesQOJegyqRq8qbZXNkcyVHOFJDlZiGlLuIC8Or3 SRnylu6FPHpjHQKoqn0R6DtIu0LCA9NSqqeZcTuTVwRG/zEaoPut/AMTZ/ZKmwvCqpmw3P O19xlIqK34ZxhP5z4BpQD5xKJrxA7xg= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=EFtnjNRk; spf=pass (imf30.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.170 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722384141; a=rsa-sha256; cv=none; b=aXskIt36NB7B/pCty8zbf3ANAa1VWq7LVQhVbEaJOL3flhG3CFsYclMo2MSHZj9hTmMFTj Vpz8GpN7v+EbKxCJL+iQNh36/6tI6BJSLazdIRcSwLIuQszCosrcZfFrq7NYAJLnU2cb+4 eL+31Dy5UgLQgPyiHARDuevoaU9h3PQ= Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-70d1a74a43bso3588429b3a.1 for ; Tue, 30 Jul 2024 17:03:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722384183; x=1722988983; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k6IAlVIqmCTe+Zj/VuVI82him0OCvVTLcevbDuX4T7M=; b=EFtnjNRk0GaMs+v7y25tuSSZ1GGyTiuaD/szZDo9HcpXbXjygFcYYdbuUROXxCKMv3 J6Qq4+t9r/oDqDIPa0ouYVQ/zTwzjszAV5qYfFRStqobOiOdQT1bCb8h5Z6zurYNrpn5 Y/lrBGRFIHGg30fgKBXE8+YpWEUytodlK3fwEFeqITAOWtqzcrBMOU+AYXsTdmIyup6K hFVQI7DrP7NR5ekg9XFiA3+/8wZrzqNVE4B+zY5E34pIt6X3gc3V05ylG9QAyTKuM8kv oJ8dmGg5PR5+9gs7ktsnBzY0JZU2RkMSffK9oDvtRHCsIkh8pv50q8hX+kPcqJBqSPi+ eBow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722384183; x=1722988983; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k6IAlVIqmCTe+Zj/VuVI82him0OCvVTLcevbDuX4T7M=; b=cpRcpihJw5DfskyNO7P4KsXxiWvOdcX0WLKyGtwx7Crd6x6rQfk9p5CgnozXVlqW1X DihicDRJpomruOLbC80+HH7hsV7kN4RoquHvZOAoYRirWfq66Do+X8X1LkkUqD7fTA+y GzYq7Iexsk/OKlxksHxe8Weg6ddWBiY7+4crdfaypGSo/SDTfPj0ADV7xnSmH3vtpLb7 VjG0GQlUmmIwNK2bEZWNVu61Gg0W2r9nnqcu5Fsg/G17o/e0kstFlo/1cgWVnAA//+gI xDlxhZw5F89sRCmO2kKEMC1W2wyBcRagJ1m2mUPEBjWL9T5GX+JsJtVKWOnZCG5oVV/A XYLw== X-Forwarded-Encrypted: i=1; AJvYcCVKLsQD+K5ld+pbJ9K8l3l+B524HnFOXUSkjUlH7yAJfJTgTpUXbGefWEV064Mygj0rfgaRBVbRSxf7/n1WNZZCQj4= X-Gm-Message-State: AOJu0YxkCzhl6FhlsU2QvxuK/SCE29PGBMah7dUkxDMsKPAWJmfQiaap xxnCh380Vma7/DVlZ/lMuvysNbZOVYEOHbzZYCgLxU/333ch5WZy X-Google-Smtp-Source: AGHT+IEvqORC52ugeEnsqSAyqtbRxOFkMYqpRahUk759EpBN+ls4SEtKkToegphbJ9Hdp34S/VFYXw== X-Received: by 2002:a05:6a00:9a6:b0:70a:f3de:3f2 with SMTP id d2e1a72fcca58-70ece9ec023mr12463396b3a.3.1722384183249; Tue, 30 Jul 2024 17:03:03 -0700 (PDT) Received: from localhost.localdomain ([2407:7000:8942:5500:aaa1:59ff:fe57:eb97]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70ead6e1a2asm8871689b3a.23.2024.07.30.17.02.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jul 2024 17:03:02 -0700 (PDT) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, Kees Cook Subject: [PATCH v2 3/4] mm: BUG_ON to avoid NULL deference while __GFP_NOFAIL fails Date: Wed, 31 Jul 2024 12:01:54 +1200 Message-Id: <20240731000155.109583-4-21cnbao@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731000155.109583-1-21cnbao@gmail.com> References: <20240731000155.109583-1-21cnbao@gmail.com> MIME-Version: 1.0 X-Stat-Signature: ggbqoa1wcwjb7h9jumk5y3me3fqtr5d7 X-Rspam-User: X-Rspamd-Queue-Id: A937E80012 X-Rspamd-Server: rspam02 X-HE-Tag: 1722384184-955836 X-HE-Meta: U2FsdGVkX19n7ETX5psm/cyLLJMbYELts2pwWEjET1cH9T3Pf5rkVOkEeaTi2szDLvABZZtte4M5b9Ma6D4ApzdkuYWiqpVXZ7cbLCOy2Ts4ysJviXguuqpBFADI5GpYlhZLTYgz/kLldHK1RqurQ/XsFMhCZA179EgfKM24YxqVSw1Bcv+0VZakGLz7ZLi+simmYGcqFVhqjJpTshdTHJpJL7a766Jaiw5wZ7h4n/cc0QcWRaD9eGeKbu6JUSHnuurMaMObH+kTcqOFbtof5U8oktSEQ0ByGZesY8MjAn0avEwu/gCaN3zpRbO5yMqG54lDSxPqqHgdPUNg5ioKvHYweumuF0mseWrkUdpEQntpnD3LcGg5DP5FWnIZAiSZEcfC6QYuxfimSviL81F8/DdBW6jRSeuEhB9KgYSykg7LfyERorpMEcSua3mu+cZkK5F4JP9Yh9UxulORBE7DTDJA1vqgsyw59GjwlqNt9Qu/xsJyt1w583bTBAxKRWgQW9nGFLzb5FoZGFrzYQ6ijHljzazJ56OAuCkxiOlQV9jt+HEvO2PkFAVPpoDbIAsuCUdV/UPd+Qcij6+k+RAhNkfbobtaVaBqld3M04tLRiBmlokiIFqmMKfpDPf//NKa3uKDAEz/pVoEZdraBfEo8/XjIK5vWMIGZSoh5uuyt21EFdRNe3dSVC+YrRnK+/JlVu0aPXdsHOWd8rgJ3I9lrttqzMvxIZgiNLtlXN2ff5iFLw4yY1b4r8uif83CC+n8MG7M2dw/tzNeoqZJ7LwQ7egdC5s3zNs5cqRPNWjtQTw4NjDINic1V2FqDnf+luO5nCYLOWv7Nr+3Nu5QweMqAgEA5VZBO1jtmKOn/xvDQmte8O/btQ4uqJLETEy1IFf+HDDuXeeMVcyAKh+oI1mpBDPgjhzO7CQu5jRIGJ5A0nvv1xuZ9tI3GybT5Eft7x4HfvKCcPwTpbRMhpWgNH3 BbzWFre+ stiVV+yt1tyZOY3qfGZ60aewEyFpycuMeWB8rFoy+Xl02wTp2wTEp9PUI9uv32Xdomip/yNvo3PK/H09vwR150K0G5qEpeFXV06z13hdyaIaVSb140j67mBE9IkhyOfKPC2MnkVJc4rlfv9ekvOWcumQckNCmS2Hs0IF/SIQai0x5hk+taEPqY0fajNELD3yAlZ9NF5u1roPTC66GAFHpydM+A/9Fct+SAK/c5J1IlnVEhbX5n1L0vEJj2j37fF8PSwT/j3fXv3fAtVPmkKSVSLuZqFMk7k2e6OjQLJtZDnRg0gziNy8uDunqlq+CoJJoFkoPakiBoO0WBQdCqzF2Jmsy2D8N1xPm0QmbP781q9ruuWWx8U/+vP7OFWDT9ewGpzHVG5ss3dqkrOSTVKl/8LbqSTV7rSePNoda7NEDaVNN8BVxTbaGoG1xjwz6PJQr0b4lRsnv2aI1WpPgEijax8Ihh0jh2v65zEW7VyKu3MSeI2VGgMwI6rTNeQSZeWPJfh5qVqoSg12PW2n+LZz0gn04C0BQhaf3LRUiots4OSCFvUDAiLyQP3mTkIANe3M5NFp5VURqOFoGLDOUZiga4LDLA2WEevwpwPiX3VjEmS0vVV1puUIALzYi9bEMgvHdK5qNCPy2uWk5iXlHkOKNF0yIGK9tCTjjArPFH0vz+qqWkHDassee+mA3jAUsr1QjpYe5YExTDEgF6YU01meDtcikOK7wA5iB/4IU99JdhuLWKkIgt+iIoG74RlajbbYRgdI2yTmWlu6JUYwsDIsbBfBRn8piBe4OBQNEhyU0Au2Ebm1WYVKRVxLQpLtHqh8S00UvL0WcQ9X2rXWs/LidINyXRSOXxPZ1Fbb4KZTvwcgwIrY96DOL5NNsLEP1ztVdqD+TKZum1ItHn+AG5fk1P4OXzWz20KzSEKYL X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Barry Song We have cases we still fail though callers might have __GFP_NOFAIL. Since they don't check the return, we are exposed to the security risks for NULL deference. Though BUG_ON() is not encouraged by Linus, this is an unrecoverable situation. Christoph Hellwig: The whole freaking point of __GFP_NOFAIL is that callers don't handle allocation failures. So in fact a straight BUG is the right thing here. Vlastimil Babka: It's just not a recoverable situation (WARN_ON is for recoverable situations). The caller cannot handle allocation failure and at the same time asked for an impossible allocation. BUG_ON() is a guaranteed oops with stracktrace etc. We don't need to hope for the later NULL pointer dereference (which might if really unlucky happen from a different context where it's no longer obvious what lead to the allocation failing). Michal Hocko: Linus tends to be against adding new BUG() calls unless the failure is absolutely unrecoverable (e.g. corrupted data structures etc.). I am not sure how he would look at simply incorrect memory allocator usage to blow up the kernel. Now the argument could be made that those failures could cause subtle memory corruptions or even be exploitable which might be a sufficient reason to stop them early. Cc: Michal Hocko Cc: Uladzislau Rezki (Sony) Cc: Christoph Hellwig Cc: Lorenzo Stoakes Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Vlastimil Babka Cc: Roman Gushchin Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Linus Torvalds Cc: Kees Cook Signed-off-by: Barry Song Acked-by: Michal Hocko Acked-by: Vlastimil Babka Reviewed-by: Christoph Hellwig --- include/linux/slab.h | 4 +++- mm/page_alloc.c | 4 +++- mm/util.c | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index c9cb42203183..4a4d1fdc2afe 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -827,8 +827,10 @@ kvmalloc_array_node_noprof(size_t n, size_t size, gfp_t flags, int node) { size_t bytes; - if (unlikely(check_mul_overflow(n, size, &bytes))) + if (unlikely(check_mul_overflow(n, size, &bytes))) { + BUG_ON(flags & __GFP_NOFAIL); return NULL; + } return kvmalloc_node_noprof(bytes, flags, node); } diff --git a/mm/page_alloc.c b/mm/page_alloc.c index c700d2598a26..cc179c3e68df 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4708,8 +4708,10 @@ struct page *__alloc_pages_noprof(gfp_t gfp, unsigned int order, * There are several places where we assume that the order value is sane * so bail out early if the request is out of bound. */ - if (WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)) + if (WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)) { + BUG_ON(gfp & __GFP_NOFAIL); return NULL; + } gfp &= gfp_allowed_mask; /* diff --git a/mm/util.c b/mm/util.c index 0ff5898cc6de..bad3258523b6 100644 --- a/mm/util.c +++ b/mm/util.c @@ -667,6 +667,7 @@ void *__kvmalloc_node_noprof(DECL_BUCKET_PARAMS(size, b), gfp_t flags, int node) /* Don't even allow crazy sizes */ if (unlikely(size > INT_MAX)) { + BUG_ON(flags & __GFP_NOFAIL); WARN_ON_ONCE(!(flags & __GFP_NOWARN)); return NULL; } From patchwork Wed Jul 31 00:01:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Barry Song <21cnbao@gmail.com> X-Patchwork-Id: 13747977 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EAE5C3DA49 for ; Wed, 31 Jul 2024 00:03:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DC2966B0096; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D489D6B0098; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE9FA6B0099; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 9928F6B0096 for ; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 61B51A0167 for ; Wed, 31 Jul 2024 00:03:13 +0000 (UTC) X-FDA: 82398097866.01.712D772 Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by imf10.hostedemail.com (Postfix) with ESMTP id 60FB6C0002 for ; Wed, 31 Jul 2024 00:03:11 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=B3sH65OE; spf=pass (imf10.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.182 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722384163; a=rsa-sha256; cv=none; b=x3H7ZWMFxL8Qnx0UIkVsgToLlus1ihg4d+ys3y2CoHGr7N6dqk1YgfhamepdEvvbIPjcmq ycibza3PkIEVFIVThj705Q5Q6lHfMLzM07akoOestnPEFaI4/kasTpaPB1kcoo/pRebQlZ F3apENv3aXAQQxE46oQEy9YNFMZjPlQ= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=B3sH65OE; spf=pass (imf10.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.182 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722384163; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=szHsw+puKDB/YFQfKyWB6EZ/UIu8BDwgxN6U76SGESg=; b=cfyGnrXWd6utJ0SqqcMoQLpS8WJC39mUkarHjkg1qHflH9abQ4KtHrmbxMZRWQh3x2AnYs lYQT3pe5VP4L+vpQE9LDkwgMAWgiKucy1uS9g8o8Nb1pbCFFmpEcp6yaVSpmz23eYghQVb KWgXsJ9MKyJ7fiWy4xvWr4kIqJ/016Y= Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-70d19c525b5so3483165b3a.2 for ; Tue, 30 Jul 2024 17:03:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722384190; x=1722988990; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=szHsw+puKDB/YFQfKyWB6EZ/UIu8BDwgxN6U76SGESg=; b=B3sH65OE7Aqzq2l/HT4GrJu7bu0P6diL4RESnZxu6Ssz0Rkrn61LWMrzvimICgySEy cgM7rKeKy6VNVGq+4dKeqn2PJdwLkD0f0FaDi/qf/sfNzOR61Ef7cAakxi7qB12S65FT U0mK/ixHYgoqHFJoDiukMAKUjP2yTP+C0WOzWhoWMrDd3Ol3WkkEdxdLrbqIFI2xjCWA vkPZlroX+rZAenwDSEe4305BT/CiipmgcuBI2VCC4E+j6KPLX1owVCTIAczcfqyPBLiK EffT+ACmkGB2Lz8QZGl6odUT98235UdrUxwyzWowMI8p+IJ442mWneF6sa//gIUcQrk5 QLAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722384190; x=1722988990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=szHsw+puKDB/YFQfKyWB6EZ/UIu8BDwgxN6U76SGESg=; b=jaVXykamgA3awCkrXYtZ06VNcdanIVE8EzYJrRpr+6B3WEOE3WTHOzamqdwWS3ulSH OsGaKCPhFabDjgVxixWZhQItgWVF74jhMpdWtV2oRt+BwD1QFTvHYrtjyZhrjohXNpAc numff/66AFFElK8Yk922JKRNFL/n/u9wbvlsM03ns9lsMKa/dVZSp0YmC2TNVPF3r/mU wl+0Efeztah/Kcxm12euD4o5PetWCWgl7Amk8lSWiF0XgXVs2+AzUZtoCOZkQCtF4NBA ++Y1KGPIbG3W3OcOmU4TabyoZOeKsfw7wkV4efQBTDKFm1KVm/LLMdHPz1+K8Gulrxd0 e/Cw== X-Forwarded-Encrypted: i=1; AJvYcCU5ntXIelHTcW+Nyze7CrSuLQau5QCawh9Te0oPTMxsbvoKuKHlu4s6pi/6ZtgJ/oGe+gCnF0yBXApFD3a9TW3ph38= X-Gm-Message-State: AOJu0YxltrRzWeP2o1J8OnUFKp9l03ZilzuI5P9KxHjT4HFVMXUwREN+ aSKaWM/hCPNQOhDWY9Qou9HB0O+waZ9SI4ggh2gKgMe42nJMLkTOzFM6Ag== X-Google-Smtp-Source: AGHT+IEIBLKfBhFUnGg8PPWUhEwW7y7oUjaJuAC/v6G0XLI8qVOADllc/1BOv3bbYq9JOw3O+D6uHg== X-Received: by 2002:a05:6a20:2588:b0:1c2:94ad:1c5d with SMTP id adf61e73a8af0-1c4a117dd82mr12540967637.2.1722384190096; Tue, 30 Jul 2024 17:03:10 -0700 (PDT) Received: from localhost.localdomain ([2407:7000:8942:5500:aaa1:59ff:fe57:eb97]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70ead6e1a2asm8871689b3a.23.2024.07.30.17.03.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jul 2024 17:03:09 -0700 (PDT) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, Kees Cook Subject: [PATCH v2 4/4] mm: prohibit NULL deference exposed for unsupported non-blockable __GFP_NOFAIL Date: Wed, 31 Jul 2024 12:01:55 +1200 Message-Id: <20240731000155.109583-5-21cnbao@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731000155.109583-1-21cnbao@gmail.com> References: <20240731000155.109583-1-21cnbao@gmail.com> MIME-Version: 1.0 X-Stat-Signature: r1bgzp8o978gfdjg8es4j1ew7uo3to8f X-Rspamd-Queue-Id: 60FB6C0002 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1722384191-151578 X-HE-Meta: U2FsdGVkX1/svtSbV+XgqqP9ZmSBn4nhvZOf7zkpRwrqDUvC59S/N2fmMli4SXttCzugXlo70+g64SgqldwoPiocNNwueWdQYGk7wiB8E/IMgQRqXRM1sS92UgPm4PSWShVbpInagZ7LM+eU4ZZQVVyk4kUCeK0HXLRCGO1tf5RwAhSHJXJH3zKDmHPWvZ1ynTxIUuQvS5vtZKANh5+bMZaysQvlU540RTQ4KoyGw+2uMQX59MVFkefLIXdKeZ89yKKkJa+gx3FzUu1nltzZE+5aYTakDLNZ3dR9E03bwTYiT51r5/k3SHcUbl9wTRyH26S/m1YsZMXrPcaArbJZ3CrSWuL1JVOBSPk/k0XTY4jN0KuZdEsSYGB6aeVTRBjJQdYIKOGqRKdt2Q0owSsLU9PNMJ3XFl0CVSoQkRRJeQz3EL87iecwOuCP58L5sDWQbaTIGGqZFh9FXvRT3Yjshnj44XHnthZ1vOKupfNRTzX2khqHwuxWNWWTWgExBbNyGgxHXRF5JJQikW95Bxu75jKLhDi24NMrXscZoQZbNONnFvfsAjoTku7WCic4j13zQFhtAfBCfQjKGoHBHMLVVhbo/lqQnD9K3Wo1POAh8GlZny6MGZh9TJeC0DPVWo/lfE9p/x0KZ8ZzogQelNxEum2UusyMzbySs6LNJVva7CHk9nawmjjDzG5Ad0jn9tzR8XoIkpsEZkaXSgO2yc3wdKHeC20gGsXHbVCVa/JxBsnQhABF25PWVDTjbBWStLO82TSCTfuu8pdm05j9Nsan+qixzGObviVw38XeIfodNpj5KPyd1dnFCveMexJUlKYJ5alzZU963gMmTtwWVVupm45Z/Nk55BLjlnI8OJ1XOU1VZ5YPTq9g/IV/eD8Xh/AAni4hjDFXJLRiz/Xr09n4/T/WcOOffrEPt3s7y+4ps0Qh4uDOUc7ukXhtehDS4/sH3JEZ3i4eRcqQ1V+K+Z2 kLJC1qQe GJyTaAgNicyLVjrAszI9BzqauxBwIjC4ch2E7sv52htindyNUNOd/4wZQhWdal+zl/GSNAo3CAV/IaXeCVOzLhzlZN0XXm61zpewUW1FtjTTgclQKqu4kJqoTUc+BBbAAxhmgCQfGjBEwrPJradMar20vc6nZguY+u6lf+N0ASr0iXy8ORQluRc5p+PgdS1v22qt2TUNrARy7xCqRC5gejMTkkBDJhpFqrk4e6CL65kI114OM/4SqZicTwptLgDCaW1s7VHc8L8PqjBjke8gEuT3rfKv/n7RF880z4RJq2VNRPEC0qIyNkg42f9ORwwFQU1uR/0SM8St0P7sM7Qt72ynT5axNKG64VOKY4v8RQp9rcBzJHeqjbQ2uCNZ+2eBrIYfryeXxro2sOLdf4faQBFT3MFNf/WM8E0cHOMPvDWvvuKkiomAz+tOiLmRj7PlhvDbbwYx15zNeF1/W4J/oRhH6OPqeZLdtT5t4z2Lo0FeTngcJN3ubiLIhTC0I6/bPuvh1nrJpW0BGctvC1S7fhLIwx+rHUFc4vUQMfyOmt507g4dTHcNvdZAEbSHxPJ5U5wvU+vRbkwoz4otZLv0AE/Wf+BkxGlLUfPCIM3jUFWXo8fFJu0GLt83o5zEkLo5pb6ORZcMxdZsriqJC2PEzxG7+QZLaIgAW5IGIMZEOwBuXnzyoSPcptk2UhaRnpt176BtRp8cSIsOyZ+uyd5cHQj2zrR10pZsoP430gOYdQATuKZO1l1sIl7lUemOUJzZNmS89YuXPX2e8Y2vHfnAeQHROlYI3j1uRxfxW7FE4f8/N7u/VX2u/vqkOZKLSSPDN5huK8zj+3Fy1wYf1rVISy4AXsgEMOvegsRApEBve+SSL6zBPV4Qn84VzvhpDtn+x1UtGn7FmvUNc9pEsOBdddtLz7HWcieQkDxx3 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Barry Song When users allocate memory with the __GFP_NOFAIL flag, they might incorrectly use it alongside GFP_ATOMIC, GFP_NOWAIT, etc. This kind of non-blockable __GFP_NOFAIL is not supported and is pointless. If we attempt and still fail to allocate memory for these users, we have two choices: 1. We could busy-loop and hope that some other direct reclamation or kswapd rescues the current process. However, this is unreliable and could ultimately lead to hard or soft lockups, which might not be well supported by some architectures. 2. We could use BUG_ON to trigger a reliable system crash, avoiding exposing NULL dereference. This patch chooses the second option because the first is unreliable. Even if the process incorrectly using __GFP_NOFAIL is sometimes rescued, the long latency might be unacceptable, especially considering that misusing GFP_ATOMIC and __GFP_NOFAIL is likely to occur in atomic contexts with strict timing requirements. Cc: Michal Hocko Cc: Uladzislau Rezki (Sony) Cc: Christoph Hellwig Cc: Lorenzo Stoakes Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Vlastimil Babka Cc: Roman Gushchin Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Linus Torvalds Cc: Kees Cook Signed-off-by: Barry Song --- mm/page_alloc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index cc179c3e68df..ed1bd8f595bd 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4439,11 +4439,11 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, */ if (gfp_mask & __GFP_NOFAIL) { /* - * All existing users of the __GFP_NOFAIL are blockable, so warn - * of any new users that actually require GFP_NOWAIT + * All existing users of the __GFP_NOFAIL are blockable + * otherwise we introduce a busy loop with inside the page + * allocator from non-sleepable contexts */ - if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask)) - goto fail; + BUG_ON(!can_direct_reclaim); /* * PF_MEMALLOC request from this context is rather bizarre @@ -4474,7 +4474,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, cond_resched(); goto retry; } -fail: + warn_alloc(gfp_mask, ac->nodemask, "page allocation failure: order:%u", order); got_pg: