lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20231023154216.376522-1-a929244872@163.com>
Date:   Mon, 23 Oct 2023 23:42:16 +0800
From:   wang wei <a929244872@....com>
To:     linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc:     wang wei <a929244872@....com>
Subject: [PATCH] mm/page_alloc: fix the potential memory waste in page_frag_alloc_align

First step, allocating a memory fragment with size 1KB bytes uses
page_frag_alloc_align.  It will allocate PAGE_FRAG_CACHE_MAX_SIZE
bytes by __page_frag_cache_refill, store the pointer at nc->va and
then return the last 1KB memory fragment which address is nc->va
+ PAGE_FRAG_CACHE_MAX_SIZE - 1KB. The remaining PAGE_FRAG_CACHE_MAX_SIZE
- 1KB bytes of memory can Meet future memory requests.

Second step, if the caller requests a memory fragment with size
more then PAGE_FRAG_CACHE_MAX_SIZE bytes,  page_frag_alloc_align,
it will also allocate PAGE_FRAG_CACHE_MAX_SIZE bytes by
__page_frag_cache_refill,  store the pointer at nc->va, and
return NULL.  this behavior makes the rest of
PAGE_FRAG_CACHE_MAX_SIZE - 1KB bytes memory at First step are
wasted(allocate from buddy system but not used).

So we should check the size of memory requests. If it beyound
PAGE_FRAG_CACHE_MAX_SIZE, we should return NULL directly.

Signed-off-by: wang wei <a929244872@....com>
---
 mm/page_alloc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 8cf86d0c6aa8..3182c648e86e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -4757,6 +4757,9 @@ void *page_frag_alloc_align(struct page_frag_cache *nc,
 	struct page *page;
 	int offset;
 
+	if(unlikely(fragsz > PAGE_FRAG_CACHE_MAX_SIZE))
+		return NULL;
+
 	if (unlikely(!nc->va)) {
 refill:
 		page = __page_frag_cache_refill(nc, gfp_mask);
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ