From patchwork Tue Mar 28 12:58:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jaewon Kim X-Patchwork-Id: 13191030 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E39D5C6FD18 for ; Tue, 28 Mar 2023 12:58:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 125236B0072; Tue, 28 Mar 2023 08:58:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0D52E6B0074; Tue, 28 Mar 2023 08:58:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB8776B0075; Tue, 28 Mar 2023 08:58:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id DE9DD6B0072 for ; Tue, 28 Mar 2023 08:58:15 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id BB7D640948 for ; Tue, 28 Mar 2023 12:58:15 +0000 (UTC) X-FDA: 80618310150.12.F6D4C9F Received: from mailout4.samsung.com (mailout4.samsung.com [203.254.224.34]) by imf22.hostedemail.com (Postfix) with ESMTP id B9747C0017 for ; Tue, 28 Mar 2023 12:58:12 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=samsung.com header.s=mail20170921 header.b="V4r/FLao"; spf=pass (imf22.hostedemail.com: domain of jaewon31.kim@samsung.com designates 203.254.224.34 as permitted sender) smtp.mailfrom=jaewon31.kim@samsung.com; dmarc=pass (policy=none) header.from=samsung.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680008293; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:references:dkim-signature; bh=HkVnsEsit8vSqDASCKERyun6JcpeV7Jnd+sztwLt5Nw=; b=xprRtEViLoMwt6s6h1Eia0PBB+AKkqVf4wLTmTW1zEQckV1f3PFJX5Jjp9j+g0gU8pTVEI Uxmi3esyPOJG0JXApdcYyqXcc/krMiW+hZqgxvy0lGF0YVWBqq9qYr0lpiF4d8CqoIGETf x45yWw9wDWqPp7TLfYeyB83Wg1nYP0s= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=samsung.com header.s=mail20170921 header.b="V4r/FLao"; spf=pass (imf22.hostedemail.com: domain of jaewon31.kim@samsung.com designates 203.254.224.34 as permitted sender) smtp.mailfrom=jaewon31.kim@samsung.com; dmarc=pass (policy=none) header.from=samsung.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680008293; a=rsa-sha256; cv=none; b=MKlgeTzZSwLPZsqchSyUmAvZ3lKZa8HWZ2KNlAKw8L+FeC8vI/2njXzYEkHAcm1gX2yYIs HIKsMCRRZDgOwwXDREBv/toQSCD+Vv4arQ2I3YprDIFqt3CPC8E3UTqEFHhpN1G8O07GPH g6mA1r0Fy5JtwstPuGPBGaUocLgxa9I= Received: from epcas1p3.samsung.com (unknown [182.195.41.47]) by mailout4.samsung.com (KnoxPortal) with ESMTP id 20230328125809epoutp04aa7ccf04cc43eea42ee0b69817126805~QlqNZN3FS1173411734epoutp04A for ; Tue, 28 Mar 2023 12:58:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout4.samsung.com 20230328125809epoutp04aa7ccf04cc43eea42ee0b69817126805~QlqNZN3FS1173411734epoutp04A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1680008289; bh=HkVnsEsit8vSqDASCKERyun6JcpeV7Jnd+sztwLt5Nw=; h=From:To:Cc:Subject:Date:References:From; b=V4r/FLao0bnp+m2iIRv+rIwUzBAYF2uy6xF4NrlzwuVD2k7rmnAWPd9YUBauAxRSo qk5m/BfcfKglNtI2H9Vr/UDnTyKxAtI2FNg8L1d5rbdTMReAaW0rwAKIMiS0zi032c vIGCqzCakCden6edIj1cp7TW0tV4TdFppDLtX6yQ= Received: from epsnrtp1.localdomain (unknown [182.195.42.162]) by epcas1p3.samsung.com (KnoxPortal) with ESMTP id 20230328125808epcas1p360bc6e1548ef73d84c39de77691a7eee~QlqMoABju2570825708epcas1p3X; Tue, 28 Mar 2023 12:58:08 +0000 (GMT) Received: from epsmges1p1.samsung.com (unknown [182.195.38.247]) by epsnrtp1.localdomain (Postfix) with ESMTP id 4Pm8qh11tWz4x9Pr; Tue, 28 Mar 2023 12:58:08 +0000 (GMT) Received: from epcas1p1.samsung.com ( [182.195.41.45]) by epsmges1p1.samsung.com (Symantec Messaging Gateway) with SMTP id 04.3F.55531.F54E2246; Tue, 28 Mar 2023 21:58:07 +0900 (KST) Received: from epsmtrp1.samsung.com (unknown [182.195.40.13]) by epcas1p1.samsung.com (KnoxPortal) with ESMTPA id 20230328125807epcas1p1606c068a9043d6581a1fbdd30e7c53a2~QlqLR0RpG1527015270epcas1p19; Tue, 28 Mar 2023 12:58:07 +0000 (GMT) Received: from epsmgms1p2.samsung.com (unknown [182.195.42.42]) by epsmtrp1.samsung.com (KnoxPortal) with ESMTP id 20230328125807epsmtrp1e744afd182741b0873f0e91e05a39ae6~QlqLQ7I3x0441504415epsmtrp1j; Tue, 28 Mar 2023 12:58:07 +0000 (GMT) X-AuditID: b6c32a35-00ffd7000000d8eb-3c-6422e45fab58 Received: from epsmtip2.samsung.com ( [182.195.34.31]) by epsmgms1p2.samsung.com (Symantec Messaging Gateway) with SMTP id FF.84.31821.E54E2246; Tue, 28 Mar 2023 21:58:06 +0900 (KST) Received: from jaewon-linux.10.32.193.11 (unknown [10.253.104.99]) by epsmtip2.samsung.com (KnoxPortal) with ESMTPA id 20230328125806epsmtip26d7100341c2fb50ee98ac5f6a8f263d0~QlqLF2HcF0775707757epsmtip2D; Tue, 28 Mar 2023 12:58:06 +0000 (GMT) From: Jaewon Kim To: jstultz@google.com, tjmercier@google.com, sumit.semwal@linaro.org, daniel.vetter@ffwll.ch, akpm@linux-foundation.org, hannes@cmpxchg.org, mhocko@kernel.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, jaewon31.kim@gmail.com, Jaewon Kim Subject: [PATCH] dma-buf/heaps: c9e8440eca61 staging: ion: Fix overflow and list bugs in system heap: Date: Tue, 28 Mar 2023 21:58:18 +0900 Message-Id: <20230328125818.5574-1-jaewon31.kim@samsung.com> X-Mailer: git-send-email 2.17.1 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJKsWRmVeSWpSXmKPExsWy7bCmrm78E6UUg9kPbSzmrF/DZrHw4V1m i9WbfC26N89ktOh9/4rJ4s+JjWwWl3fNYbO4t+Y/q8Xrb8uYLU7d/cxu8W79FzYHbo/Db94z e+z9toDFY+esu+weCzaVemxa1cnmsenTJHaPO9f2sHmcmPGbxaNvyypGj8+b5AK4orJtMlIT U1KLFFLzkvNTMvPSbZW8g+Od403NDAx1DS0tzJUU8hJzU22VXHwCdN0yc4AuVlIoS8wpBQoF JBYXK+nb2RTll5akKmTkF5fYKqUWpOQUmBXoFSfmFpfmpevlpZZYGRoYGJkCFSZkZ/ScOcVa 8J63YsvJK8wNjKe5uxg5OSQETCRWLVrN1MXIxSEksINRYsaGc2wQzidGic8H/kE5nxklTt1/ wQjT8mfCThaIxC5GiebNrVDOd0aJ1llnwarYBLQl3i+YxAqSEBFYzCjx5sYXZpAEs0CpxNs3 J8BsYYF0iVPNF9hBbBYBVYmuoxeAJnFw8ArYSPx8GwOxTV5i9YYDzCBzJAS+skvsmrSfDSLh InGvYS0rhC0s8er4FnYIW0riZX8blJ0vceHiKyaQmRICNRILJxpChO0ldn2dwQoSZhbQlFi/ Sx8irCix8/dcRogr+STefe1hhejklehoE4IoUZNoefYVaqmMxN9/z6BsD4nZ186DlQsJxEo0 PxSawCg7C2H+AkbGVYxiqQXFuempxYYFhvA4Ss7P3cQIToNapjsYJ779oHeIkYmD8RCjBAez kgjv72tKKUK8KYmVValF+fFFpTmpxYcYTYGBNZFZSjQ5H5iI80riDU0sDUzMjEwsjC2NzZTE ecVtTyYLCaQnlqRmp6YWpBbB9DFxcEo1MFUfeLX8Wnpg5aM4rsdTUxZf/OS9flrtijPF2t+4 rkZcEH3o5PFx64QT34rt6p1TWgMXuJUl975ft0rl0R0BY73wTqN91+efmfl45b0WBaa5EXIe nhef8pv9fKxxxjtrx/5/RQa/39toiDK+e6ecd0anyq5+xZ/2WQrXWmKPdZ+1EBJbbnsnokmB I/3/xjbbrIJ3vxPWNXyxNtCYuazMWDjvTBJHxO4ln58fuh/fON178rYvB48HH0/QuNarJCSn s26qY+aWdQsyJA08lq49n2bQfdj3uFfPBrY3KVV3iy9um5gQHpa3pCNhXb66e2b7Tc465VmK iq3+C7RvzDPu9qxZ92t/8qFgoUPLIxl6lyqxFGckGmoxFxUnAgClbfYfDAQAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBLMWRmVeSWpSXmKPExsWy7bCSvG7cE6UUg67V1hZz1q9hs1j48C6z xepNvhbdm2cyWvS+f8Vk8efERjaLy7vmsFncW/Of1eL1t2XMFqfufma3eLf+C5sDt8fhN++Z PfZ+W8DisXPWXXaPBZtKPTat6mTz2PRpErvHnWt72DxOzPjN4tG3ZRWjx+dNcgFcUVw2Kak5 mWWpRfp2CVwZPWdOsRa8563YcvIKcwPjae4uRk4OCQETiT8TdrKA2EICOxgldiwVhYjLSLw5 /xQozgFkC0scPlzcxcgFVPKVUeLnrVtg9WwC2hLvF0xiBUmICKxmlPjwfA8jSIJZoFLi3+1b rCC2sECqxOVXs5hAbBYBVYmuoxfAhvIK2Ej8fBsDsUteYvWGA8wTGHkWMDKsYpRMLSjOTc8t Niwwykst1ytOzC0uzUvXS87P3cQIDkwtrR2Me1Z90DvEyMTBeIhRgoNZSYT39zWlFCHelMTK qtSi/Pii0pzU4kOM0hwsSuK8F7pOxgsJpCeWpGanphakFsFkmTg4pRqYtFnr0ru2Ln27NeGZ RM+7V40fdy9sZTk+6+3pbwymwrsnTCjVObXWbdOKWZ9+fNRa+reo7v+7OQZPbAWu9vbMmqq4 kXdd6tOk1/VJf5y+M39bsb5afE211L1st/lxJ+xO7jy3ucvjN/83vSnzS+++lbZa4jS5Yf6s U7Mc7Phl3bv3h69T9lsdnS14j1Wvj0nzxwILFvGvdt3/r3o+eer1PLLPprWMZbXZFLETvzra khuvfXi3P3hB6GkHe5V1mbJOd7f0nKyfoDDtSPDdaTVBeiZFstcb+WNNLr43WTvJR2bhwiL5 d37daVZ/OzMOV+t/81k6/zNL0G2HOXW/j2zewpR0qfDAhatRIQaad4SO6yqxFGckGmoxFxUn AgDeHSEWuwIAAA== X-CMS-MailID: 20230328125807epcas1p1606c068a9043d6581a1fbdd30e7c53a2 X-Msg-Generator: CA X-Sendblock-Type: SVC_REQ_APPROVE CMS-TYPE: 101P DLP-Filter: Pass X-CFilter-Loop: Reflected X-CMS-RootMailID: 20230328125807epcas1p1606c068a9043d6581a1fbdd30e7c53a2 References: X-Rspamd-Queue-Id: B9747C0017 X-Stat-Signature: b8cs6tcsur3o131sc6q9zicezphx5qyp X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1680008292-894730 X-HE-Meta: U2FsdGVkX18Dj973xFEt0empHNj2wo4wLy6KFUQCwWquuF5fou5AzkJlITOwQZ29b3bCYdTzK58XWLZg26pYqqq9Yy/46Lexj0xf3O6ZtuPturf9BwhOggyVahzsXFxguvG9OZ5/x8IIXxR6kgNGM2xhfrN1ySXwKGRtGr9zCybB4wfJqrdscqJgGHX/r1Now/sM5HfRjM+w7RRXe03ZCmX4rEsM2nxAdwTMNvDc5NRiKHkW+zkWr5yNmTXjd8c5e8/F0NRii/KwL1msrXii/MN279DVf50jhtEN4mBxkk+KgLlJB4JTnJYeOvrpTsbrpJu+bct1gUpehGkT14fY1XnegYAzt2lQCsAkUZht7kVjpYx3Mgy0or9SrTfOV6MixQhuBW+XQ0OhIAskzeoYlKEacRqBM86uTPijKADY9/l+Jc5FHyME24zMoChpxBlfy2/XlHx5/3R60Qkml57LxTvZFK/1gOvMm3CCILFQljoo0hqx8jLjzoy09M8psX/gR5ca53+pNBi8ihbqQVIJZZxQP6ZPL6as0Hdc/3aEhDUwuZ6rZrN3SlpPMfvpB54f3DcjobAEaTaMd+KRj3ibV7lBmRLnRdDKOdY71lxsChGnUBJZ8GJhuSdeQ1bsl3AXh4B3LohxfXf4ZWjYKUNCHwxdIDOa3MEsSqk+PCHKmnFD4LlRFJUkBaTEqHyDAvxfGrAkO8K/iCNLohyX+rCK8mXRH8R4ZABLDhqsyY91xJ+7obDlpVtzEMSULhy2YRK7uAZfsVd3ZIMM+OKcnW9nZ9OOZ47AlMPKoewVz6pNObp/zcf0avMgdNoR40A9MhK1Xy2Vpi0fO1EyAov9oF87wXm3ERRxbnywz3BbPi8zqUf5dASzpBI+slytBqRJ/J1x8RJCSl/3FVI8W4jLjRi1CKlMrPFTu+PG2mfb8UX60xeO+YI+VTgggFDVUJZppfvpIQ8BHiUtj5c0ui/p8xQ ch1lfaEE yCFyKU1aBwt45ABpaqgl6reuSGRl9L7FsW1v9h3USAF9hIgYFPSLJ3k7PEDSpes8aQyhTt6gHwGCBd77fnHiA4OhGQmIGJ7o5LG+2u3sj7C6v1vFRkHo+bz/hmYpGTIdT24p1J2qpmIL0qFxEIxCHBxkK+yZcLRDgLxv+6jxHblarte1j8C/0fTXJwDO72Im4RrKJBUbSj18PUC2gehfuW21vgUSwcQ8t9tiN X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Normal free:212600kB min:7664kB low:57100kB high:106536kB reserved_highatomic:4096KB active_anon:276kB inactive_anon:180kB active_file:1200kB inactive_file:0kB unevictable:2932kB writepending:0kB present:4109312kB managed:3689488kB mlocked:2932kB pagetables:13600kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:200844kB Out of memory and no killable processes... Kernel panic - not syncing: System is deadlocked on memory An OoM panic was reported, there were only native processes which are non-killable as OOM_SCORE_ADJ_MIN. After looking into the dump, I've found the dma-buf system heap was trying to allocate a huge size. It seems to be a signed negative value. dma_heap_ioctl_allocate(inline) | heap_allocation = 0xFFFFFFC02247BD38 -> ( | len = 0xFFFFFFFFE7225100, Actually the old ion system heap had policy which does not allow that huge size with commit c9e8440eca61 ("staging: ion: Fix overflow and list bugs in system heap"). We need this change again. Single allocation should not be bigger than half of all memory. Signed-off-by: Jaewon Kim Acked-by: John Stultz Reviewed-by: T.J. Mercier --- drivers/dma-buf/heaps/system_heap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c index e8bd10e60998..4c1ef2ecfb0f 100644 --- a/drivers/dma-buf/heaps/system_heap.c +++ b/drivers/dma-buf/heaps/system_heap.c @@ -351,6 +351,9 @@ static struct dma_buf *system_heap_allocate(struct dma_heap *heap, struct page *page, *tmp_page; int i, ret = -ENOMEM; + if (len / PAGE_SIZE > totalram_pages() / 2) + return ERR_PTR(-ENOMEM); + buffer = kzalloc(sizeof(*buffer), GFP_KERNEL); if (!buffer) return ERR_PTR(-ENOMEM);