lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e2202d5c43ce4730b2e46262717c711a@AcuMS.aculab.com>
Date:   Tue, 7 Sep 2021 10:18:47 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Linus Torvalds' <torvalds@...ux-foundation.org>,
        Eric Dumazet <eric.dumazet@...il.com>
CC:     LKML <linux-kernel@...r.kernel.org>,
        Eric Dumazet <edumazet@...gle.com>
Subject: RE: dozens of sysbot reports

From: Linus Torvalds
> Sent: 03 September 2021 23:21
> 
> On Fri, Sep 3, 2021 at 1:44 PM Eric Dumazet <eric.dumazet@...il.com> wrote:
> >
> > I have a pile of (still under triage) sysbot reports coming after one of your patch
> >
> > Typical stack trace:
> >
> > ------------[ cut here ]------------
> > WARNING: CPU: 1 PID: 24889 at mm/util.c:597 kvmalloc_node+0x111/0x120 mm/util.c:597
> > Call Trace:
> >  hash_ipport_create+0x3dd/0x1220 net/netfilter/ipset/ip_set_hash_gen.h:1524
> >  ip_set_create+0x782/0x15a0 net/netfilter/ipset/ip_set_core.c:1100
> >  nfnetlink_rcv_msg+0xbc9/0x13f0 net/netfilter/nfnetlink.c:296
> 
> So the real question is mainly just whether those huge allocations
> actually make sense or not.
> 
> If they truly are sensible, we can remove the warning. But it would be
> good to perhaps look at them more.
> 
> Because no:
> 
> > Do we want to fix all problematic callers, with ad-hoc patches like
> 
> Not insane patches like this, no.
> 
> >  ip_set_alloc(size_t size)
> >  {
> > +       if (size > INT_MAX)
> > +               return NULL;
> >         return kvzalloc(size, GFP_KERNEL_ACCOUNT);
> >  }
> 
> But does that kind of size really make sense? I'm looking at the
> particular caller, is it *really* senseible to have a 4GB+ hash table
> size?

I wonder if there should be a GFP_LARGE_ALLOC flag that must
be set in order to allow allocates over a few MB?
(Probably with warn + allocate for now.)

That will generate even more warnings for oversize allocates
but stop accidental huge allocates in places that really
don't expect them.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ