| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YqAWpMdi4o1IQslu@casper.infradead.org>
Date: Wed, 8 Jun 2022 04:25:24 +0100
From: Matthew Wilcox <willy@...radead.org>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Dan Carpenter <dan.carpenter@...cle.com>,
Greg KH <gregkh@...uxfoundation.org>,
Alan Stern <stern@...land.harvard.edu>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
syzbot <syzbot+dd3c97de244683533381@...kaller.appspotmail.com>,
hdanton@...a.com, lenb@...nel.org, linux-acpi@...r.kernel.org,
linux-kernel@...r.kernel.org, rafael.j.wysocki@...el.com,
rafael@...nel.org, rjw@...ysocki.net,
syzkaller-bugs@...glegroups.com, linux-usb@...r.kernel.org,
Linux-MM <linux-mm@...ck.org>
Subject: Re: [syzbot] general protection fault in __device_attach
On Tue, Jun 07, 2022 at 09:15:09AM +0200, Dmitry Vyukov wrote:
> On Mon, 6 Jun 2022 at 14:39, Dan Carpenter <dan.carpenter@...cle.com> wrote:
> >
> > On Sat, Jun 04, 2022 at 10:32:46AM +0200, 'Dmitry Vyukov' via syzkaller-bugs wrote:
> > > On Fri, 3 Jun 2022 at 18:12, Greg KH <gregkh@...uxfoundation.org> wrote:
> > > >
> > > > But again, is this a "real and able to be triggered from userspace"
> > > > problem, or just fault-injection-induced?
> > >
> > > Then this is something to fix in the fault injection subsystem.
> > > Testing systems shouldn't be reporting false positives.
> > > What allocations cannot fail in real life? Is it <=page_size?
> > >
> >
> > Apparently in 2014, anything less than *EIGHT?!!* pages succeeded!
> >
> > https://lwn.net/Articles/627419/
> >
> > I have been on the look out since that article and never seen anyone
> > mention it changing. I think we should ignore that and say that
> > anything over PAGE_SIZE can fail. Possibly we could go smaller than
> > PAGE_SIZE...
>
> +linux-mm for GFP expertise re what allocations cannot possibly fail
> and should be excluded from fault injection.
>
> Interesting, thanks for the link.
>
> PAGE_SIZE looks like a good start. Once we have the predicate in
> place, we can refine it later when/if we have more inputs.
>
> But I wonder about GFP flags. They definitely have some impact on allocations.
> If GFP_ACCOUNT is set, all allocations can fail, right?
> If GFP_DMA/DMA32 is set, allocations can fail, right? What about other zones?
> If GFP_NORETRY is set, allocations can fail?
> What about GFP_NOMEMALLOC and GFP_ATOMIC?
> What about GFP_IO/GFP_FS/GFP_DIRECT_RECLAIM/GFP_KSWAPD_RECLAIM? At
> least some of these need to be set for allocations to not fail? Which
> ones?
> Any other flags are required to be set/unset for allocations to not fail?
I'm not the expert on page allocation, but ...
I don't think GFP_ACCOUNT makes allocations fail. It might make reclaim
happen from within that cgroup, and it might cause an OOM kill for
something in that cgroup. But I don't think it makes a (low order)
allocation more likely to fail.
There's usually less memory avilable in DMA/DMA32 zones, but we have
so few allocations from those zones, I question the utility of focusing
testing on those allocations.
GFP_ATOMIC allows access to emergency pools, so I would say _less_ likely
to fail. KSWAPD_RECLAIM has no effect on whether _this_ allocation
succeeds or fails; it kicks kswapd to do reclaim, rather than doing
reclaim directly. DIRECT_RECLAIM definitely makes allocations more likely
to succeed. GFP_FS allows (direct) reclaim to happen from filesystems.
GFP_IO allows IO to start (ie writeback can start) in order to clean
dirty memory.
Anyway, I hope somebody who knows the page allocator better than I do
can say smarter things than this. Even better if they can put it into
Documentation/ somewhere ;-)
https://www.kernel.org/doc/html/latest/core-api/memory-allocation.html
exists but isn't quite enough to answer this question.
Powered by blists - more mailing lists