lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.10.1802081334120.133173@chino.kir.corp.google.com>
Date:   Thu, 8 Feb 2018 13:35:08 -0800 (PST)
From:   David Rientjes <rientjes@...gle.com>
To:     Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>
cc:     linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: [patch] kvm: suppress KVM_SET_GSI_ROUTING allocation failure

The KVM_SET_GSI_ROUTING ioctl does a vmalloc() of
sizeof(struct kvm_irq_routing_entry) multiplied by a user-supplied value.
This can be up to 4096 entries on architectures such as arm64 and s390
(and the upper bound may be increased on s390 eventually).

This can produce a vmalloc allocation failure warning:

vmalloc: allocation failure: 0 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
Call Trace:
 __dump_stack lib/dump_stack.c:15 [inline]
 dump_stack+0xf6/0x184 lib/dump_stack.c:51
 warn_alloc+0x208/0x230 mm/page_alloc.c:2930
 __vmalloc_node_range_memcg+0x510/0x670 mm/vmalloc.c:1711
 __vmalloc_node_memcg mm/vmalloc.c:1751 [inline]
 __vmalloc_node_memcg_flags mm/vmalloc.c:1788 [inline]
 vmalloc+0x69/0x70 mm/vmalloc.c:1803
 kvm_vm_ioctl+0x910/0x15e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4153
 vfs_ioctl fs/ioctl.c:44 [inline]
 do_vfs_ioctl+0x842/0xee0 fs/ioctl.c:611
 SYSC_ioctl fs/ioctl.c:626 [inline]
 SyS_ioctl+0x94/0xc0 fs/ioctl.c:617
 entry_SYSCALL_64_fastpath+0x12/0x17

If the vmalloc address space is fully depleted, the ioctl can gracefully
fail.  Add __GFP_NOWARN to the allocation to suppress the warning.

Signed-off-by: David Rientjes <rientjes@...gle.com>
---
 virt/kvm/kvm_main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 001085b611ad..d0352dd45b95 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3063,7 +3063,8 @@ static long kvm_vm_ioctl(struct file *filp,
 			goto out;
 		if (routing.nr) {
 			r = -ENOMEM;
-			entries = vmalloc(routing.nr * sizeof(*entries));
+			entries = __vmalloc(routing.nr * sizeof(*entries),
+					GFP_KERNEL | __GFP_NOWARN, PAGE_KERNEL);
 			if (!entries)
 				goto out;
 			r = -EFAULT;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ