From patchwork Wed Jul 31 00:01:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Barry Song <21cnbao@gmail.com> X-Patchwork-Id: 13747977 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EAE5C3DA49 for ; Wed, 31 Jul 2024 00:03:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DC2966B0096; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D489D6B0098; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE9FA6B0099; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 9928F6B0096 for ; Tue, 30 Jul 2024 20:03:13 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 61B51A0167 for ; Wed, 31 Jul 2024 00:03:13 +0000 (UTC) X-FDA: 82398097866.01.712D772 Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by imf10.hostedemail.com (Postfix) with ESMTP id 60FB6C0002 for ; Wed, 31 Jul 2024 00:03:11 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=B3sH65OE; spf=pass (imf10.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.182 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722384163; a=rsa-sha256; cv=none; b=x3H7ZWMFxL8Qnx0UIkVsgToLlus1ihg4d+ys3y2CoHGr7N6dqk1YgfhamepdEvvbIPjcmq ycibza3PkIEVFIVThj705Q5Q6lHfMLzM07akoOestnPEFaI4/kasTpaPB1kcoo/pRebQlZ F3apENv3aXAQQxE46oQEy9YNFMZjPlQ= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=B3sH65OE; spf=pass (imf10.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.210.182 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722384163; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=szHsw+puKDB/YFQfKyWB6EZ/UIu8BDwgxN6U76SGESg=; b=cfyGnrXWd6utJ0SqqcMoQLpS8WJC39mUkarHjkg1qHflH9abQ4KtHrmbxMZRWQh3x2AnYs lYQT3pe5VP4L+vpQE9LDkwgMAWgiKucy1uS9g8o8Nb1pbCFFmpEcp6yaVSpmz23eYghQVb KWgXsJ9MKyJ7fiWy4xvWr4kIqJ/016Y= Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-70d19c525b5so3483165b3a.2 for ; Tue, 30 Jul 2024 17:03:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722384190; x=1722988990; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=szHsw+puKDB/YFQfKyWB6EZ/UIu8BDwgxN6U76SGESg=; b=B3sH65OE7Aqzq2l/HT4GrJu7bu0P6diL4RESnZxu6Ssz0Rkrn61LWMrzvimICgySEy cgM7rKeKy6VNVGq+4dKeqn2PJdwLkD0f0FaDi/qf/sfNzOR61Ef7cAakxi7qB12S65FT U0mK/ixHYgoqHFJoDiukMAKUjP2yTP+C0WOzWhoWMrDd3Ol3WkkEdxdLrbqIFI2xjCWA vkPZlroX+rZAenwDSEe4305BT/CiipmgcuBI2VCC4E+j6KPLX1owVCTIAczcfqyPBLiK EffT+ACmkGB2Lz8QZGl6odUT98235UdrUxwyzWowMI8p+IJ442mWneF6sa//gIUcQrk5 QLAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722384190; x=1722988990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=szHsw+puKDB/YFQfKyWB6EZ/UIu8BDwgxN6U76SGESg=; b=jaVXykamgA3awCkrXYtZ06VNcdanIVE8EzYJrRpr+6B3WEOE3WTHOzamqdwWS3ulSH OsGaKCPhFabDjgVxixWZhQItgWVF74jhMpdWtV2oRt+BwD1QFTvHYrtjyZhrjohXNpAc numff/66AFFElK8Yk922JKRNFL/n/u9wbvlsM03ns9lsMKa/dVZSp0YmC2TNVPF3r/mU wl+0Efeztah/Kcxm12euD4o5PetWCWgl7Amk8lSWiF0XgXVs2+AzUZtoCOZkQCtF4NBA ++Y1KGPIbG3W3OcOmU4TabyoZOeKsfw7wkV4efQBTDKFm1KVm/LLMdHPz1+K8Gulrxd0 e/Cw== X-Forwarded-Encrypted: i=1; AJvYcCU5ntXIelHTcW+Nyze7CrSuLQau5QCawh9Te0oPTMxsbvoKuKHlu4s6pi/6ZtgJ/oGe+gCnF0yBXApFD3a9TW3ph38= X-Gm-Message-State: AOJu0YxltrRzWeP2o1J8OnUFKp9l03ZilzuI5P9KxHjT4HFVMXUwREN+ aSKaWM/hCPNQOhDWY9Qou9HB0O+waZ9SI4ggh2gKgMe42nJMLkTOzFM6Ag== X-Google-Smtp-Source: AGHT+IEIBLKfBhFUnGg8PPWUhEwW7y7oUjaJuAC/v6G0XLI8qVOADllc/1BOv3bbYq9JOw3O+D6uHg== X-Received: by 2002:a05:6a20:2588:b0:1c2:94ad:1c5d with SMTP id adf61e73a8af0-1c4a117dd82mr12540967637.2.1722384190096; Tue, 30 Jul 2024 17:03:10 -0700 (PDT) Received: from localhost.localdomain ([2407:7000:8942:5500:aaa1:59ff:fe57:eb97]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70ead6e1a2asm8871689b3a.23.2024.07.30.17.03.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jul 2024 17:03:09 -0700 (PDT) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, Kees Cook Subject: [PATCH v2 4/4] mm: prohibit NULL deference exposed for unsupported non-blockable __GFP_NOFAIL Date: Wed, 31 Jul 2024 12:01:55 +1200 Message-Id: <20240731000155.109583-5-21cnbao@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240731000155.109583-1-21cnbao@gmail.com> References: <20240731000155.109583-1-21cnbao@gmail.com> MIME-Version: 1.0 X-Stat-Signature: r1bgzp8o978gfdjg8es4j1ew7uo3to8f X-Rspamd-Queue-Id: 60FB6C0002 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1722384191-151578 X-HE-Meta: U2FsdGVkX1/svtSbV+XgqqP9ZmSBn4nhvZOf7zkpRwrqDUvC59S/N2fmMli4SXttCzugXlo70+g64SgqldwoPiocNNwueWdQYGk7wiB8E/IMgQRqXRM1sS92UgPm4PSWShVbpInagZ7LM+eU4ZZQVVyk4kUCeK0HXLRCGO1tf5RwAhSHJXJH3zKDmHPWvZ1ynTxIUuQvS5vtZKANh5+bMZaysQvlU540RTQ4KoyGw+2uMQX59MVFkefLIXdKeZ89yKKkJa+gx3FzUu1nltzZE+5aYTakDLNZ3dR9E03bwTYiT51r5/k3SHcUbl9wTRyH26S/m1YsZMXrPcaArbJZ3CrSWuL1JVOBSPk/k0XTY4jN0KuZdEsSYGB6aeVTRBjJQdYIKOGqRKdt2Q0owSsLU9PNMJ3XFl0CVSoQkRRJeQz3EL87iecwOuCP58L5sDWQbaTIGGqZFh9FXvRT3Yjshnj44XHnthZ1vOKupfNRTzX2khqHwuxWNWWTWgExBbNyGgxHXRF5JJQikW95Bxu75jKLhDi24NMrXscZoQZbNONnFvfsAjoTku7WCic4j13zQFhtAfBCfQjKGoHBHMLVVhbo/lqQnD9K3Wo1POAh8GlZny6MGZh9TJeC0DPVWo/lfE9p/x0KZ8ZzogQelNxEum2UusyMzbySs6LNJVva7CHk9nawmjjDzG5Ad0jn9tzR8XoIkpsEZkaXSgO2yc3wdKHeC20gGsXHbVCVa/JxBsnQhABF25PWVDTjbBWStLO82TSCTfuu8pdm05j9Nsan+qixzGObviVw38XeIfodNpj5KPyd1dnFCveMexJUlKYJ5alzZU963gMmTtwWVVupm45Z/Nk55BLjlnI8OJ1XOU1VZ5YPTq9g/IV/eD8Xh/AAni4hjDFXJLRiz/Xr09n4/T/WcOOffrEPt3s7y+4ps0Qh4uDOUc7ukXhtehDS4/sH3JEZ3i4eRcqQ1V+K+Z2 kLJC1qQe GJyTaAgNicyLVjrAszI9BzqauxBwIjC4ch2E7sv52htindyNUNOd/4wZQhWdal+zl/GSNAo3CAV/IaXeCVOzLhzlZN0XXm61zpewUW1FtjTTgclQKqu4kJqoTUc+BBbAAxhmgCQfGjBEwrPJradMar20vc6nZguY+u6lf+N0ASr0iXy8ORQluRc5p+PgdS1v22qt2TUNrARy7xCqRC5gejMTkkBDJhpFqrk4e6CL65kI114OM/4SqZicTwptLgDCaW1s7VHc8L8PqjBjke8gEuT3rfKv/n7RF880z4RJq2VNRPEC0qIyNkg42f9ORwwFQU1uR/0SM8St0P7sM7Qt72ynT5axNKG64VOKY4v8RQp9rcBzJHeqjbQ2uCNZ+2eBrIYfryeXxro2sOLdf4faQBFT3MFNf/WM8E0cHOMPvDWvvuKkiomAz+tOiLmRj7PlhvDbbwYx15zNeF1/W4J/oRhH6OPqeZLdtT5t4z2Lo0FeTngcJN3ubiLIhTC0I6/bPuvh1nrJpW0BGctvC1S7fhLIwx+rHUFc4vUQMfyOmt507g4dTHcNvdZAEbSHxPJ5U5wvU+vRbkwoz4otZLv0AE/Wf+BkxGlLUfPCIM3jUFWXo8fFJu0GLt83o5zEkLo5pb6ORZcMxdZsriqJC2PEzxG7+QZLaIgAW5IGIMZEOwBuXnzyoSPcptk2UhaRnpt176BtRp8cSIsOyZ+uyd5cHQj2zrR10pZsoP430gOYdQATuKZO1l1sIl7lUemOUJzZNmS89YuXPX2e8Y2vHfnAeQHROlYI3j1uRxfxW7FE4f8/N7u/VX2u/vqkOZKLSSPDN5huK8zj+3Fy1wYf1rVISy4AXsgEMOvegsRApEBve+SSL6zBPV4Qn84VzvhpDtn+x1UtGn7FmvUNc9pEsOBdddtLz7HWcieQkDxx3 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Barry Song When users allocate memory with the __GFP_NOFAIL flag, they might incorrectly use it alongside GFP_ATOMIC, GFP_NOWAIT, etc. This kind of non-blockable __GFP_NOFAIL is not supported and is pointless. If we attempt and still fail to allocate memory for these users, we have two choices: 1. We could busy-loop and hope that some other direct reclamation or kswapd rescues the current process. However, this is unreliable and could ultimately lead to hard or soft lockups, which might not be well supported by some architectures. 2. We could use BUG_ON to trigger a reliable system crash, avoiding exposing NULL dereference. This patch chooses the second option because the first is unreliable. Even if the process incorrectly using __GFP_NOFAIL is sometimes rescued, the long latency might be unacceptable, especially considering that misusing GFP_ATOMIC and __GFP_NOFAIL is likely to occur in atomic contexts with strict timing requirements. Cc: Michal Hocko Cc: Uladzislau Rezki (Sony) Cc: Christoph Hellwig Cc: Lorenzo Stoakes Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Vlastimil Babka Cc: Roman Gushchin Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Linus Torvalds Cc: Kees Cook Signed-off-by: Barry Song --- mm/page_alloc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index cc179c3e68df..ed1bd8f595bd 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4439,11 +4439,11 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, */ if (gfp_mask & __GFP_NOFAIL) { /* - * All existing users of the __GFP_NOFAIL are blockable, so warn - * of any new users that actually require GFP_NOWAIT + * All existing users of the __GFP_NOFAIL are blockable + * otherwise we introduce a busy loop with inside the page + * allocator from non-sleepable contexts */ - if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask)) - goto fail; + BUG_ON(!can_direct_reclaim); /* * PF_MEMALLOC request from this context is rather bizarre @@ -4474,7 +4474,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, cond_resched(); goto retry; } -fail: + warn_alloc(gfp_mask, ac->nodemask, "page allocation failure: order:%u", order); got_pg: