| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Apr 2012 15:00:30 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Minchan Kim <minchan@...nel.org>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
npiggin@...il.com, kamezawa.hiroyu@...fujitsu.com,
kosaki.motohiro@...il.com, rientjes@...gle.com,
Neil Brown <neilb@...e.de>,
Artem Bityutskiy <dedekind1@...il.com>,
David Woodhouse <dwmw2@...radead.org>,
"Theodore Ts'o" <tytso@....edu>,
Adrian Hunter <adrian.hunter@...el.com>,
Steven Whitehouse <swhiteho@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
James Morris <jmorris@...ei.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Sage Weil <sage@...dream.net>
Subject: Re: [RFC] vmalloc: add warning in __vmalloc
On Fri, 27 Apr 2012 17:42:24 +0900
Minchan Kim <minchan@...nel.org> wrote:
> Now there are several places to use __vmalloc with GFP_ATOMIC,
> GFP_NOIO, GFP_NOFS but unfortunately __vmalloc calls map_vm_area
> which calls alloc_pages with GFP_KERNEL to allocate page tables.
> It means it's possible to happen deadlock.
> I don't know why it doesn't have reported until now.
>
> Firstly, I tried passing gfp_t to lower functions to support __vmalloc
> with such flags but other mm guys don't want and decided that
> all of caller should be fixed.
>
> http://marc.info/?l=linux-kernel&m=133517143616544&w=2
>
> To begin with, let's listen other's opinion whether they can fix it
> by other approach without calling __vmalloc with such flags.
>
> So this patch adds warning to detect and to be fixed hopely.
> I Cced related maintainers.
> If I miss someone, please Cced them.
>
> side-note:
> I added WARN_ON instead of WARN_ONCE to detect all of callers
> and each WARN_ON for each flag to detect to use any flag easily.
> After we fix all of caller or reduce such caller, we can merge
> a warning with WARN_ONCE.
Just WARN_ONCE, please. If that exposes some sort of calamity then we
can reconsider.
>
> ...
>
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -1700,6 +1700,15 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
> gfp_t gfp_mask, pgprot_t prot,
> int node, void *caller)
> {
> + /*
> + * This function calls map_vm_area so that it allocates
> + * page table with GFP_KERNEL so caller should avoid using
> + * GFP_NOIO, GFP_NOFS and !__GFP_WAIT.
> + */
> + WARN_ON(!(gfp_mask & __GFP_WAIT));
> + WARN_ON(!(gfp_mask & __GFP_IO));
> + WARN_ON(!(gfp_mask & __GFP_FS));
> +
> return __vmalloc_node_range(size, align, VMALLOC_START, VMALLOC_END,
> gfp_mask, prot, node, caller);
> }
This seems strange. There are many entry points to this code and the
patch appears to go into a randomly-chosen middle point in the various
call chains and sticks a check in there. Why was __vmalloc_node()
chosen? Does this provide full coverage or all entry points?
Also, the patch won't warn in the most problematic cases such as
vmalloc() being called from a __GFP_NOFS context. Presumably there are
might_sleep() warnings somewhere on the allocation path which will
catch vmalloc() being called from atomic contexts.
I'm not sure what to do about that - we don't have machinery in place
to be able to detect when a GFP_KERNEL allocation is deadlockable.
Perhaps a lot of hacking on lockdep might get us this - we'd need to
teach lockdep about which locks prohibit FS entry, which locks prevent
IO entry, etc. And there are secret locks such as ext3/4
journal_start(), and bitlocks and lock_page(). eek.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists