| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Jun 2017 22:13:26 -0400 (EDT)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Michal Hocko <mhocko@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>
cc: Andrew Morton <akpm@...ux-foundation.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Vlastimil Babka <vbabka@...e.cz>,
Andreas Dilger <adilger@...ger.ca>,
John Hubbard <jhubbard@...dia.com>,
David Miller <davem@...emloft.net>,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
netdev@...r.kernel.org
Subject: Re: [PATCH] mm: convert three more cases to kvmalloc
On Thu, 29 Jun 2017, Michal Hocko wrote:
> On Wed 28-06-17 23:24:10, Mikulas Patocka wrote:
> [...]
> > From: Mikulas Patocka <mpatocka@...hat.com>
> >
> > The patch a7c3e901 ("mm: introduce kv[mz]alloc helpers") converted a lot
> > of kernel code to kvmalloc. This patch converts three more forgotten
> > cases.
>
> Thanks! I have two remarks below but other than that feel free to add
>
> > Signed-off-by: Mikulas Patocka <mpatocka@...hat.com>
>
> Acked-by: Michal Hocko <mhocko@...e.com>
> [...]
> > Index: linux-2.6/kernel/bpf/syscall.c
> > ===================================================================
> > --- linux-2.6.orig/kernel/bpf/syscall.c
> > +++ linux-2.6/kernel/bpf/syscall.c
> > @@ -58,16 +58,7 @@ void *bpf_map_area_alloc(size_t size)
> > * trigger under memory pressure as we really just want to
> > * fail instead.
> > */
> > - const gfp_t flags = __GFP_NOWARN | __GFP_NORETRY | __GFP_ZERO;
> > - void *area;
> > -
> > - if (size <= (PAGE_SIZE << PAGE_ALLOC_COSTLY_ORDER)) {
> > - area = kmalloc(size, GFP_USER | flags);
> > - if (area != NULL)
> > - return area;
> > - }
> > -
> > - return __vmalloc(size, GFP_KERNEL | flags, PAGE_KERNEL);
> > + return kvmalloc(size, GFP_USER | __GFP_NOWARN | __GFP_NORETRY | __GFP_ZERO);
>
> kvzalloc without additional flags would be more appropriate.
> __GFP_NORETRY is explicitly documented as non-supported
How is __GFP_NORETRY non-supported?
> and NOWARN wouldn't be applied everywhere in the vmalloc path.
__GFP_NORETRY and __GFP_NOWARN wouldn't be applied in the page-table
allocation and they would be applied in the page allocation - that seems
acceptable.
But the problem here is that if the system is under memory stress,
__GFP_NORETRY allocations would randomly fail (they would fail for example
if there's a plenty of free swap space and the system is busy swapping)
and that would make the BFP creation code randomly fail.
BPF maintainers, please explain, how are you dealing with the random
memory allocation failures? Is there some other code in the BPF stack that
retries the failed allocations?
> > }
> >
> > void bpf_map_area_free(void *area)
> > Index: linux-2.6/kernel/cgroup/cgroup-v1.c
> > ===================================================================
> > --- linux-2.6.orig/kernel/cgroup/cgroup-v1.c
> > +++ linux-2.6/kernel/cgroup/cgroup-v1.c
> > @@ -184,15 +184,10 @@ struct cgroup_pidlist {
> > /*
> > * The following two functions "fix" the issue where there are more pids
> > * than kmalloc will give memory for; in such cases, we use vmalloc/vfree.
> > - * TODO: replace with a kernel-wide solution to this problem
> > */
> > -#define PIDLIST_TOO_LARGE(c) ((c) * sizeof(pid_t) > (PAGE_SIZE * 2))
> > static void *pidlist_allocate(int count)
> > {
> > - if (PIDLIST_TOO_LARGE(count))
> > - return vmalloc(count * sizeof(pid_t));
> > - else
> > - return kmalloc(count * sizeof(pid_t), GFP_KERNEL);
> > + return kvmalloc(count * sizeof(pid_t), GFP_KERNEL);
> > }
>
> I would rather use kvmalloc_array to have an overflow protection as
> well.
Yes.
Mikulas
> >
> > static void pidlist_free(void *p)
>
> --
> Michal Hocko
> SUSE Labs
>
Powered by blists - more mailing lists