2018-11-01 17:01:46

by Miles Chen

[permalink] [raw]
Subject: [PATCH v4] mm/page_owner: clamp read count to PAGE_SIZE

From: Miles Chen <[email protected]>

The page owner read might allocate a large size of memory with
a large read count. Allocation fails can easily occur when doing
high order allocations.

Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
and avoid allocation fails due to high order allocation.

Change since v3:
- remove the change in kvmalloc
- keep kmalloc in page_owner.c

Change since v2:
- improve kvmalloc, allow sub page allocations fallback to
vmalloc when CONFIG_HIGHMEM=y

Change since v1:
- use kvmalloc()
- clamp buffer size to PAGE_SIZE

Signed-off-by: Miles Chen <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Cc: Michal Hocko <[email protected]>
---
mm/page_owner.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/mm/page_owner.c b/mm/page_owner.c
index 87bc0dfdb52b..b83f295e4eca 100644
--- a/mm/page_owner.c
+++ b/mm/page_owner.c
@@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
.skip = 0
};

+ count = count > PAGE_SIZE ? PAGE_SIZE : count;
kbuf = kmalloc(count, GFP_KERNEL);
if (!kbuf)
return -ENOMEM;
--
2.18.0



2018-11-01 17:11:03

by Michal Hocko

[permalink] [raw]
Subject: Re: [PATCH v4] mm/page_owner: clamp read count to PAGE_SIZE

On Fri 02-11-18 01:00:07, [email protected] wrote:
> From: Miles Chen <[email protected]>
>
> The page owner read might allocate a large size of memory with
> a large read count. Allocation fails can easily occur when doing
> high order allocations.
>
> Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
> and avoid allocation fails due to high order allocation.

It is good to mention that interface is root only so the harm due to
unbounded allocation request is somehow reduced.

I believe we want to use seq_file infrastructure in the long term
solution.

> Change since v3:
> - remove the change in kvmalloc
> - keep kmalloc in page_owner.c
>
> Change since v2:
> - improve kvmalloc, allow sub page allocations fallback to
> vmalloc when CONFIG_HIGHMEM=y
>
> Change since v1:
> - use kvmalloc()
> - clamp buffer size to PAGE_SIZE
>
> Signed-off-by: Miles Chen <[email protected]>
> Cc: Joe Perches <[email protected]>
> Cc: Matthew Wilcox <[email protected]>
> Cc: Michal Hocko <[email protected]>

Acked-by: Michal Hocko <[email protected]>

Thanks!

> ---
> mm/page_owner.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 87bc0dfdb52b..b83f295e4eca 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
> .skip = 0
> };
>
> + count = count > PAGE_SIZE ? PAGE_SIZE : count;
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;
> --
> 2.18.0
>

--
Michal Hocko
SUSE Labs

2018-11-01 21:49:44

by Andrew Morton

[permalink] [raw]
Subject: Re: [PATCH v4] mm/page_owner: clamp read count to PAGE_SIZE

On Fri, 2 Nov 2018 01:00:07 +0800 <[email protected]> wrote:

> From: Miles Chen <[email protected]>
>
> The page owner read might allocate a large size of memory with
> a large read count. Allocation fails can easily occur when doing
> high order allocations.
>
> Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
> and avoid allocation fails due to high order allocation.
>
> ...
>
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
> .skip = 0
> };
>
> + count = count > PAGE_SIZE ? PAGE_SIZE : count;
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;

A bit tidier:

--- a/mm/page_owner.c~mm-page_owner-clamp-read-count-to-page_size-fix
+++ a/mm/page_owner.c
@@ -351,7 +351,7 @@ print_page_owner(char __user *buf, size_
.skip = 0
};

- count = count > PAGE_SIZE ? PAGE_SIZE : count;
+ count = min_t(size_t, count, PAGE_SIZE);
kbuf = kmalloc(count, GFP_KERNEL);
if (!kbuf)
return -ENOMEM;


2018-11-01 23:30:55

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH v4] mm/page_owner: clamp read count to PAGE_SIZE

On Thu, 2018-11-01 at 14:47 -0700, Andrew Morton wrote:
> On Fri, 2 Nov 2018 01:00:07 +0800 <[email protected]> wrote:
>
> > From: Miles Chen <[email protected]>
> >
> > The page owner read might allocate a large size of memory with
> > a large read count. Allocation fails can easily occur when doing
> > high order allocations.
> >
> > Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
> > and avoid allocation fails due to high order allocation.
> >
> > ...
> >
> > --- a/mm/page_owner.c
> > +++ b/mm/page_owner.c
> > @@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
> > .skip = 0
> > };
> >
> > + count = count > PAGE_SIZE ? PAGE_SIZE : count;
> > kbuf = kmalloc(count, GFP_KERNEL);
> > if (!kbuf)
> > return -ENOMEM;
>
> A bit tidier:
>
> --- a/mm/page_owner.c~mm-page_owner-clamp-read-count-to-page_size-fix
> +++ a/mm/page_owner.c
> @@ -351,7 +351,7 @@ print_page_owner(char __user *buf, size_
> .skip = 0
> };
>
> - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> + count = min_t(size_t, count, PAGE_SIZE);
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;

A bit tidier still might be

if (count > PAGE_SIZE)
count = PAGE_SIZE;

as that would not always cause a write back to count.



2018-11-02 00:03:50

by Matthew Wilcox

[permalink] [raw]
Subject: Re: [PATCH v4] mm/page_owner: clamp read count to PAGE_SIZE

On Thu, Nov 01, 2018 at 04:30:12PM -0700, Joe Perches wrote:
> On Thu, 2018-11-01 at 14:47 -0700, Andrew Morton wrote:
> > +++ a/mm/page_owner.c
> > @@ -351,7 +351,7 @@ print_page_owner(char __user *buf, size_
> > .skip = 0
> > };
> >
> > - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> > + count = min_t(size_t, count, PAGE_SIZE);
> > kbuf = kmalloc(count, GFP_KERNEL);
> > if (!kbuf)
> > return -ENOMEM;
>
> A bit tidier still might be
>
> if (count > PAGE_SIZE)
> count = PAGE_SIZE;
>
> as that would not always cause a write back to count.

90% chance 'count' is already in a register and will stay there. 99.9%
chance that if it's not in a register, it's on the top of the stack,
which is by definition a hot, local, dirty cacheline.

What you're saying makes sense for a struct which might well be in a
shared cacheline state. But for a function-local variable? No.

2018-11-02 00:44:01

by William Kucharski

[permalink] [raw]
Subject: Re: [PATCH v4] mm/page_owner: clamp read count to PAGE_SIZE



> On Nov 1, 2018, at 3:47 PM, Andrew Morton <[email protected]> wrote:
>
> - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> + count = min_t(size_t, count, PAGE_SIZE);
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;

Is the use of min_t vs. the C conditional mostly to be more self-documenting?

The compiler-generated assembly between the two versions seems mostly a wash.

William Kucharski

2018-11-06 21:54:49

by Andrew Morton

[permalink] [raw]
Subject: Re: [PATCH v4] mm/page_owner: clamp read count to PAGE_SIZE

On Thu, 1 Nov 2018 18:41:33 -0600 William Kucharski <[email protected]> wrote:

>
>
> > On Nov 1, 2018, at 3:47 PM, Andrew Morton <[email protected]> wrote:
> >
> > - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> > + count = min_t(size_t, count, PAGE_SIZE);
> > kbuf = kmalloc(count, GFP_KERNEL);
> > if (!kbuf)
> > return -ENOMEM;
>
> Is the use of min_t vs. the C conditional mostly to be more self-documenting?

Yup. It saves the reader from having to parse the code to figure out
"this is a min operation".