From: Miles Chen <[email protected]>
The page owner read might allocate a large size of memory with
a large read count. Allocation fails can easily occur when doing
high order allocations.
Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
and avoid allocation fails due to high order allocation.
Change since v3:
- remove the change in kvmalloc
- keep kmalloc in page_owner.c
Change since v2:
- improve kvmalloc, allow sub page allocations fallback to
vmalloc when CONFIG_HIGHMEM=y
Change since v1:
- use kvmalloc()
- clamp buffer size to PAGE_SIZE
Signed-off-by: Miles Chen <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Cc: Michal Hocko <[email protected]>
---
mm/page_owner.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/page_owner.c b/mm/page_owner.c
index 87bc0dfdb52b..b83f295e4eca 100644
--- a/mm/page_owner.c
+++ b/mm/page_owner.c
@@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
.skip = 0
};
+ count = count > PAGE_SIZE ? PAGE_SIZE : count;
kbuf = kmalloc(count, GFP_KERNEL);
if (!kbuf)
return -ENOMEM;
--
2.18.0
On Fri 02-11-18 01:00:07, [email protected] wrote:
> From: Miles Chen <[email protected]>
>
> The page owner read might allocate a large size of memory with
> a large read count. Allocation fails can easily occur when doing
> high order allocations.
>
> Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
> and avoid allocation fails due to high order allocation.
It is good to mention that interface is root only so the harm due to
unbounded allocation request is somehow reduced.
I believe we want to use seq_file infrastructure in the long term
solution.
> Change since v3:
> - remove the change in kvmalloc
> - keep kmalloc in page_owner.c
>
> Change since v2:
> - improve kvmalloc, allow sub page allocations fallback to
> vmalloc when CONFIG_HIGHMEM=y
>
> Change since v1:
> - use kvmalloc()
> - clamp buffer size to PAGE_SIZE
>
> Signed-off-by: Miles Chen <[email protected]>
> Cc: Joe Perches <[email protected]>
> Cc: Matthew Wilcox <[email protected]>
> Cc: Michal Hocko <[email protected]>
Acked-by: Michal Hocko <[email protected]>
Thanks!
> ---
> mm/page_owner.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/page_owner.c b/mm/page_owner.c
> index 87bc0dfdb52b..b83f295e4eca 100644
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
> .skip = 0
> };
>
> + count = count > PAGE_SIZE ? PAGE_SIZE : count;
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;
> --
> 2.18.0
>
--
Michal Hocko
SUSE Labs
On Fri, 2 Nov 2018 01:00:07 +0800 <[email protected]> wrote:
> From: Miles Chen <[email protected]>
>
> The page owner read might allocate a large size of memory with
> a large read count. Allocation fails can easily occur when doing
> high order allocations.
>
> Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
> and avoid allocation fails due to high order allocation.
>
> ...
>
> --- a/mm/page_owner.c
> +++ b/mm/page_owner.c
> @@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
> .skip = 0
> };
>
> + count = count > PAGE_SIZE ? PAGE_SIZE : count;
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;
A bit tidier:
--- a/mm/page_owner.c~mm-page_owner-clamp-read-count-to-page_size-fix
+++ a/mm/page_owner.c
@@ -351,7 +351,7 @@ print_page_owner(char __user *buf, size_
.skip = 0
};
- count = count > PAGE_SIZE ? PAGE_SIZE : count;
+ count = min_t(size_t, count, PAGE_SIZE);
kbuf = kmalloc(count, GFP_KERNEL);
if (!kbuf)
return -ENOMEM;
On Thu, 2018-11-01 at 14:47 -0700, Andrew Morton wrote:
> On Fri, 2 Nov 2018 01:00:07 +0800 <[email protected]> wrote:
>
> > From: Miles Chen <[email protected]>
> >
> > The page owner read might allocate a large size of memory with
> > a large read count. Allocation fails can easily occur when doing
> > high order allocations.
> >
> > Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
> > and avoid allocation fails due to high order allocation.
> >
> > ...
> >
> > --- a/mm/page_owner.c
> > +++ b/mm/page_owner.c
> > @@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
> > .skip = 0
> > };
> >
> > + count = count > PAGE_SIZE ? PAGE_SIZE : count;
> > kbuf = kmalloc(count, GFP_KERNEL);
> > if (!kbuf)
> > return -ENOMEM;
>
> A bit tidier:
>
> --- a/mm/page_owner.c~mm-page_owner-clamp-read-count-to-page_size-fix
> +++ a/mm/page_owner.c
> @@ -351,7 +351,7 @@ print_page_owner(char __user *buf, size_
> .skip = 0
> };
>
> - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> + count = min_t(size_t, count, PAGE_SIZE);
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;
A bit tidier still might be
if (count > PAGE_SIZE)
count = PAGE_SIZE;
as that would not always cause a write back to count.
On Thu, Nov 01, 2018 at 04:30:12PM -0700, Joe Perches wrote:
> On Thu, 2018-11-01 at 14:47 -0700, Andrew Morton wrote:
> > +++ a/mm/page_owner.c
> > @@ -351,7 +351,7 @@ print_page_owner(char __user *buf, size_
> > .skip = 0
> > };
> >
> > - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> > + count = min_t(size_t, count, PAGE_SIZE);
> > kbuf = kmalloc(count, GFP_KERNEL);
> > if (!kbuf)
> > return -ENOMEM;
>
> A bit tidier still might be
>
> if (count > PAGE_SIZE)
> count = PAGE_SIZE;
>
> as that would not always cause a write back to count.
90% chance 'count' is already in a register and will stay there. 99.9%
chance that if it's not in a register, it's on the top of the stack,
which is by definition a hot, local, dirty cacheline.
What you're saying makes sense for a struct which might well be in a
shared cacheline state. But for a function-local variable? No.
> On Nov 1, 2018, at 3:47 PM, Andrew Morton <[email protected]> wrote:
>
> - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> + count = min_t(size_t, count, PAGE_SIZE);
> kbuf = kmalloc(count, GFP_KERNEL);
> if (!kbuf)
> return -ENOMEM;
Is the use of min_t vs. the C conditional mostly to be more self-documenting?
The compiler-generated assembly between the two versions seems mostly a wash.
William Kucharski
On Thu, 1 Nov 2018 18:41:33 -0600 William Kucharski <[email protected]> wrote:
>
>
> > On Nov 1, 2018, at 3:47 PM, Andrew Morton <[email protected]> wrote:
> >
> > - count = count > PAGE_SIZE ? PAGE_SIZE : count;
> > + count = min_t(size_t, count, PAGE_SIZE);
> > kbuf = kmalloc(count, GFP_KERNEL);
> > if (!kbuf)
> > return -ENOMEM;
>
> Is the use of min_t vs. the C conditional mostly to be more self-documenting?
Yup. It saves the reader from having to parse the code to figure out
"this is a min operation".