| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jan 2022 12:57:51 +0000
From: "Ruhl, Michael J" <michael.j.ruhl@...el.com>
To: "guangming.cao@...iatek.com" <guangming.cao@...iatek.com>,
"sumit.semwal@...aro.org" <sumit.semwal@...aro.org>
CC: "linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"mingyuan.ma@...iatek.com" <mingyuan.ma@...iatek.com>,
"wsd_upstream@...iatek.com" <wsd_upstream@...iatek.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
"linaro-mm-sig@...ts.linaro.org" <linaro-mm-sig@...ts.linaro.org>,
"yf.wang@...iatek.com" <yf.wang@...iatek.com>,
"libo.kang@...iatek.com" <libo.kang@...iatek.com>,
"benjamin.gaignard@...aro.org" <benjamin.gaignard@...aro.org>,
"bo.song@...iatek.com" <bo.song@...iatek.com>,
"matthias.bgg@...il.com" <matthias.bgg@...il.com>,
"linux-mediatek@...ts.infradead.org"
<linux-mediatek@...ts.infradead.org>,
"lmark@...eaurora.org" <lmark@...eaurora.org>,
"labbott@...hat.com" <labbott@...hat.com>,
"christian.koenig@....com" <christian.koenig@....com>,
"jianjiao.zeng@...iatek.com" <jianjiao.zeng@...iatek.com>,
"linux-media@...r.kernel.org" <linux-media@...r.kernel.org>
Subject: RE: [PATCH v3] dma-buf: dma-heap: Add a size check for allocation
>-----Original Message-----
>From: dri-devel <dri-devel-bounces@...ts.freedesktop.org> On Behalf Of
>guangming.cao@...iatek.com
>Sent: Thursday, January 13, 2022 7:34 AM
>To: sumit.semwal@...aro.org
>Cc: linux-arm-kernel@...ts.infradead.org; mingyuan.ma@...iatek.com;
>Guangming <Guangming.Cao@...iatek.com>;
>wsd_upstream@...iatek.com; linux-kernel@...r.kernel.org; dri-
>devel@...ts.freedesktop.org; linaro-mm-sig@...ts.linaro.org;
>yf.wang@...iatek.com; libo.kang@...iatek.com;
>benjamin.gaignard@...aro.org; bo.song@...iatek.com;
>matthias.bgg@...il.com; linux-mediatek@...ts.infradead.org;
>lmark@...eaurora.org; labbott@...hat.com; christian.koenig@....com;
>jianjiao.zeng@...iatek.com; linux-media@...r.kernel.org
>Subject: [PATCH v3] dma-buf: dma-heap: Add a size check for allocation
>
>From: Guangming <Guangming.Cao@...iatek.com>
>
>Add a size check for allocation since the allocation size is
>always less than the total DRAM size.
>
>Without this check, once the invalid size allocation runs on a process that
>can't be killed by OOM flow(such as "gralloc" on Android devices), it will
>cause a kernel exception, and to make matters worse, we can't find who are
>using
>so many memory with "dma_buf_debug_show" since the relevant dma-buf
>hasn't exported.
>
>To make OOM issue easier, maybe need dma-buf framework to dump the
>buffer size
>under allocating in "dma_buf_debug_show".
>
>Signed-off-by: Guangming <Guangming.Cao@...iatek.com>
>Signed-off-by: jianjiao zeng <jianjiao.zeng@...iatek.com>
>---
>v3: 1. update patch, use right shift to replace division.
> 2. update patch, add reason in code and commit message.
>v2: 1. update size limitation as total_dram page size.
> 2. update commit message
>---
> drivers/dma-buf/dma-heap.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
>diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c
>index 56bf5ad01ad5..1fd382712584 100644
>--- a/drivers/dma-buf/dma-heap.c
>+++ b/drivers/dma-buf/dma-heap.c
>@@ -55,6 +55,16 @@ static int dma_heap_buffer_alloc(struct dma_heap
>*heap, size_t len,
> struct dma_buf *dmabuf;
> int fd;
>
>+ /*
>+ * Invalid size check. The "len" should be less than totalram.
>+ *
>+ * Without this check, once the invalid size allocation runs on a process
>that
>+ * can't be killed by OOM flow(such as "gralloc" on Android devices), it
>will
>+ * cause a kernel exception, and to make matters worse, we can't find
>who are using
>+ * so many memory with "dma_buf_debug_show" since the relevant
>dma-buf hasn't exported.
>+ */
>+ if (len >> PAGE_SHIFT > totalram_pages())
If your "heap" is from cma, is this still a valid check?
M
>+ return -EINVAL;
> /*
> * Allocations from all heaps have to begin
> * and end on page boundaries.
>--
>2.17.1
Powered by blists - more mailing lists