Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752634AbeAEThN convert rfc822-to-8bit (ORCPT + 1 other); Fri, 5 Jan 2018 14:37:13 -0500 Received: from mail.fireflyinternet.com ([109.228.58.192]:58816 "EHLO fireflyinternet.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752356AbeAEThM (ORCPT ); Fri, 5 Jan 2018 14:37:12 -0500 X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=78.156.65.138; Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT To: Laura Abbott , "Greg KH" , "Sumit Semwal" From: Chris Wilson In-Reply-To: <20180105191409.17807-1-labbott@redhat.com> Cc: "Laura Abbott" , devel@driverdev.osuosl.org, "LKML" , "Dan Carpenter" References: <20180105191409.17807-1-labbott@redhat.com> Message-ID: <151518101521.6838.4541956658403978617@mail.alporthouse.com> User-Agent: alot/0.3.6 Subject: Re: [PATCH 1/2] staging: android: ion: Add __GFP_NOWARN for system contig heap Date: Fri, 05 Jan 2018 19:36:55 +0000 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: Quoting Laura Abbott (2018-01-05 19:14:08) > syzbot reported a warning from Ion: > > WARNING: CPU: 1 PID: 3485 at mm/page_alloc.c:3926 > > ... > __alloc_pages_nodemask+0x9fb/0xd80 mm/page_alloc.c:4252 > alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2036 > alloc_pages include/linux/gfp.h:492 [inline] > ion_system_contig_heap_allocate+0x40/0x2c0 > drivers/staging/android/ion/ion_system_heap.c:374 > ion_buffer_create drivers/staging/android/ion/ion.c:93 [inline] > ion_alloc+0x2c1/0x9e0 drivers/staging/android/ion/ion.c:420 > ion_ioctl+0x26d/0x380 drivers/staging/android/ion/ion-ioctl.c:84 > vfs_ioctl fs/ioctl.c:46 [inline] > do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 > SYSC_ioctl fs/ioctl.c:701 [inline] > SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 > > This is a warning about attempting to allocate order > MAX_ORDER. This > is coming from a userspace Ion allocation request. Since userspace is > free to request however much memory it wants (and the kernel is free to > deny its allocation), silence the allocation attempt with __GFP_NOWARN > in case it fails. > > Reported-by: syzbot+76e7efc4748495855a4d@syzkaller.appspotmail.com > Reported-by: syzbot > Signed-off-by: Laura Abbott > --- > drivers/staging/android/ion/ion_system_heap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c > index 71c4228f8238..bc19cdd30637 100644 > --- a/drivers/staging/android/ion/ion_system_heap.c > +++ b/drivers/staging/android/ion/ion_system_heap.c > @@ -362,7 +362,7 @@ static int ion_system_contig_heap_allocate(struct ion_heap *heap, > unsigned long i; > int ret; > > - page = alloc_pages(low_order_gfp_flags, order); > + page = alloc_pages(low_order_gfp_flags | __GFP_NOWARN, order); There's both high_order_gfp and low_order_gfp. The former includes NOWARN and NORETRY. Interesting, ion_system_heap_create_pools() tries to mix low_order and high_order, but it only ever uses high_order flags. (orders[0] == 8 forcing a permanent switch from low_order_gfp to high_order_gfp). There's no good reason for low_order_gfp, high_order_gfp to be static rewritable variables. For this instance, I would go farther and suggest you may want __GFP_RETRY_MAYFAIL | __GFP_NOWARN to prevent userspace from triggering the lowmemkiller/oomkiller here. (I would kill low_order_gfp_flags / high_order_gfp_flags and avoid the obfuscation.) -Chris