[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LRH.2.02.1804232003100.2299@file01.intranet.prod.int.rdu2.redhat.com>
Date: Mon, 23 Apr 2018 20:06:16 -0400 (EDT)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Michal Hocko <mhocko@...nel.org>
cc: Matthew Wilcox <willy@...radead.org>,
David Miller <davem@...emloft.net>,
Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org,
eric.dumazet@...il.com, edumazet@...gle.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
mst@...hat.com, jasowang@...hat.com,
virtualization@...ts.linux-foundation.org, dm-devel@...hat.com,
Vlastimil Babka <vbabka@...e.cz>
Subject: [PATCH v3] kvmalloc: always use vmalloc if CONFIG_DEBUG_SG
The kvmalloc function tries to use kmalloc and falls back to vmalloc if
kmalloc fails.
Unfortunatelly, some kernel code has bugs - it uses kvmalloc and then
uses DMA-API on the returned memory or frees it with kfree. Such bugs were
found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific
code.
These bugs are hard to reproduce because kvmalloc falls back to vmalloc
only if memory is fragmented.
In order to detect these bugs reliably I submit this patch that changes
kvmalloc to fall back to vmalloc with 1/2 probability if CONFIG_DEBUG_SG
is turned on. CONFIG_DEBUG_SG is used, because it makes the DMA API layer
verify the addresses passed to it, and so the user will get a reliable
stacktrace.
Some bugs (such as buffer overflows) are better detected
with kmalloc code, so we must test the kmalloc path too.
Signed-off-by: Mikulas Patocka <mpatocka@...hat.com>
---
mm/util.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Index: linux-2.6/mm/util.c
===================================================================
--- linux-2.6.orig/mm/util.c 2018-04-23 00:12:05.000000000 +0200
+++ linux-2.6/mm/util.c 2018-04-23 17:57:02.000000000 +0200
@@ -14,6 +14,7 @@
#include <linux/hugetlb.h>
#include <linux/vmalloc.h>
#include <linux/userfaultfd_k.h>
+#include <linux/random.h>
#include <asm/sections.h>
#include <linux/uaccess.h>
@@ -404,6 +405,12 @@ void *kvmalloc_node(size_t size, gfp_t f
*/
WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL);
+#ifdef CONFIG_DEBUG_SG
+ /* Catch bugs when the caller uses DMA API on the result of kvmalloc. */
+ if (!(prandom_u32_max(2) & 1))
+ goto do_vmalloc;
+#endif
+
/*
* We want to attempt a large physically contiguous block first because
* it is less likely to fragment multiple larger blocks and therefore
@@ -427,6 +434,9 @@ void *kvmalloc_node(size_t size, gfp_t f
if (ret || size <= PAGE_SIZE)
return ret;
+#ifdef CONFIG_DEBUG_SG
+do_vmalloc:
+#endif
return __vmalloc_node_flags_caller(size, node, flags,
__builtin_return_address(0));
}
Powered by blists - more mailing lists