| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e657f5257cbf4955817b0bbf037de9f9@intel.com>
Date: Thu, 13 Jan 2022 13:00:46 +0000
From: "Ruhl, Michael J" <michael.j.ruhl@...el.com>
To: "Ruhl, Michael J" <michael.j.ruhl@...el.com>,
"guangming.cao@...iatek.com" <guangming.cao@...iatek.com>,
"sumit.semwal@...aro.org" <sumit.semwal@...aro.org>
CC: "jianjiao.zeng@...iatek.com" <jianjiao.zeng@...iatek.com>,
"lmark@...eaurora.org" <lmark@...eaurora.org>,
"wsd_upstream@...iatek.com" <wsd_upstream@...iatek.com>,
"christian.koenig@....com" <christian.koenig@....com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
"yf.wang@...iatek.com" <yf.wang@...iatek.com>,
"linaro-mm-sig@...ts.linaro.org" <linaro-mm-sig@...ts.linaro.org>,
"linux-mediatek@...ts.infradead.org"
<linux-mediatek@...ts.infradead.org>,
"libo.kang@...iatek.com" <libo.kang@...iatek.com>,
"benjamin.gaignard@...aro.org" <benjamin.gaignard@...aro.org>,
"bo.song@...iatek.com" <bo.song@...iatek.com>,
"matthias.bgg@...il.com" <matthias.bgg@...il.com>,
"labbott@...hat.com" <labbott@...hat.com>,
"mingyuan.ma@...iatek.com" <mingyuan.ma@...iatek.com>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-media@...r.kernel.org" <linux-media@...r.kernel.org>
Subject: RE: [PATCH v3] dma-buf: dma-heap: Add a size check for allocation
>-----Original Message-----
>From: dri-devel <dri-devel-bounces@...ts.freedesktop.org> On Behalf Of
>Ruhl, Michael J
>Sent: Thursday, January 13, 2022 7:58 AM
>To: guangming.cao@...iatek.com; sumit.semwal@...aro.org
>Cc: jianjiao.zeng@...iatek.com; lmark@...eaurora.org;
>wsd_upstream@...iatek.com; christian.koenig@....com; linux-
>kernel@...r.kernel.org; dri-devel@...ts.freedesktop.org;
>yf.wang@...iatek.com; linaro-mm-sig@...ts.linaro.org; linux-
>mediatek@...ts.infradead.org; libo.kang@...iatek.com;
>benjamin.gaignard@...aro.org; bo.song@...iatek.com;
>matthias.bgg@...il.com; labbott@...hat.com;
>mingyuan.ma@...iatek.com; linux-arm-kernel@...ts.infradead.org; linux-
>media@...r.kernel.org
>Subject: RE: [PATCH v3] dma-buf: dma-heap: Add a size check for allocation
>
>
>>-----Original Message-----
>>From: dri-devel <dri-devel-bounces@...ts.freedesktop.org> On Behalf Of
>>guangming.cao@...iatek.com
>>Sent: Thursday, January 13, 2022 7:34 AM
>>To: sumit.semwal@...aro.org
>>Cc: linux-arm-kernel@...ts.infradead.org; mingyuan.ma@...iatek.com;
>>Guangming <Guangming.Cao@...iatek.com>;
>>wsd_upstream@...iatek.com; linux-kernel@...r.kernel.org; dri-
>>devel@...ts.freedesktop.org; linaro-mm-sig@...ts.linaro.org;
>>yf.wang@...iatek.com; libo.kang@...iatek.com;
>>benjamin.gaignard@...aro.org; bo.song@...iatek.com;
>>matthias.bgg@...il.com; linux-mediatek@...ts.infradead.org;
>>lmark@...eaurora.org; labbott@...hat.com; christian.koenig@....com;
>>jianjiao.zeng@...iatek.com; linux-media@...r.kernel.org
>>Subject: [PATCH v3] dma-buf: dma-heap: Add a size check for allocation
>>
>>From: Guangming <Guangming.Cao@...iatek.com>
>>
>>Add a size check for allocation since the allocation size is
>>always less than the total DRAM size.
>>
>>Without this check, once the invalid size allocation runs on a process that
>>can't be killed by OOM flow(such as "gralloc" on Android devices), it will
>>cause a kernel exception, and to make matters worse, we can't find who are
>>using
>>so many memory with "dma_buf_debug_show" since the relevant dma-buf
>>hasn't exported.
>>
>>To make OOM issue easier, maybe need dma-buf framework to dump the
>>buffer size
>>under allocating in "dma_buf_debug_show".
>>
>>Signed-off-by: Guangming <Guangming.Cao@...iatek.com>
>>Signed-off-by: jianjiao zeng <jianjiao.zeng@...iatek.com>
>>---
>>v3: 1. update patch, use right shift to replace division.
>> 2. update patch, add reason in code and commit message.
>>v2: 1. update size limitation as total_dram page size.
>> 2. update commit message
>>---
>> drivers/dma-buf/dma-heap.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>>diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c
>>index 56bf5ad01ad5..1fd382712584 100644
>>--- a/drivers/dma-buf/dma-heap.c
>>+++ b/drivers/dma-buf/dma-heap.c
>>@@ -55,6 +55,16 @@ static int dma_heap_buffer_alloc(struct dma_heap
>>*heap, size_t len,
>> struct dma_buf *dmabuf;
>> int fd;
>>
>>+ /*
>>+ * Invalid size check. The "len" should be less than totalram.
>>+ *
>>+ * Without this check, once the invalid size allocation runs on a process
>>that
>>+ * can't be killed by OOM flow(such as "gralloc" on Android devices), it
>>will
>>+ * cause a kernel exception, and to make matters worse, we can't find
>>who are using
>>+ * so many memory with "dma_buf_debug_show" since the relevant
>>dma-buf hasn't exported.
>>+ */
>>+ if (len >> PAGE_SHIFT > totalram_pages())
>
>If your "heap" is from cma, is this still a valid check?
And thinking a bit further, if I create a heap from something else (say device memory),
you will need to be able to figure out the maximum allowable check for the specific
heap.
Maybe the heap needs a callback for max size?
m
>M
>
>>+ return -EINVAL;
>> /*
>> * Allocations from all heaps have to begin
>> * and end on page boundaries.
>>--
>>2.17.1
Powered by blists - more mailing lists