Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp2506275ybh; Mon, 9 Mar 2020 07:16:04 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvZ3K5lQiaPHD2bg1XcGvkwkc4cCfaI9iGDD6X4HqOGYDhwtPvG8NlArOYmblnsOdDherKx X-Received: by 2002:a9d:ecc:: with SMTP id 70mr9220464otj.187.1583763364235; Mon, 09 Mar 2020 07:16:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583763364; cv=none; d=google.com; s=arc-20160816; b=Ta8LaZ7x+m3cJDJClVVsiE/N5YuWBls+DnXKZOGJCZ6j/c3Q7Jxy2iiVe/ceL0Yn9w Q8RDrEEdn4cTzQe4yXg2EpvkE1pK+ferD5KzT0J1DjxYGP+iQFat14pzgaRaLIs0X3xg A0wzVD6Okgl78mEi3xmrweu+vtiltKieuLnC5fUzg2EvCgAwh7wOlpFM//+JbKge/NHf iwHIb8tQKJD1SgnDgGPJBmw4TVck4idsqi06X7tRcnalimEZod77WuLIJPCi6uzYlipO g5u/rZ7FYsbIE8ru034fcpHC/8EZ5gAlHMZrvXW+RJJdCnx5CJRc9iAFxePJMlgpy3IZ gxUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=DtQS5O0hQQwBgslAAVUsLKrdeW4x55wzUHWwe5NBXGg=; b=diOffY0NwbdEA0h5kn7Ystgus4CYhqyih1jYsDkTrI1uytZcctoRyN0knjpgxuRA9w y7tM9mY9fp1iMhtwSE5sRCgXtkrMCA2TGtrDwqDzmDUq2RKcTlfDNaEcsxzvK8tHeXwo RF5lpv38GItdauGtGTWOZlWuCFUxdZI+wS2Ob5I8AtjKHX3H+YLfT2AMp8tLoe4Ct0oU 37p/ASyfCZGz5WetdO7BWwnzCOtamMPwdV+RXQaKjyrZa0GJQaHHb2xTHvh/XbnO52nC bigweu4kPikvW8lUkx0NEckTtDkzNex9yLAnzNwZj6OTrZ+50fWr2zKQWTMbvf1BKx3V 0nBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=AKz+U+gF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j20si4203532oii.168.2020.03.09.07.15.52; Mon, 09 Mar 2020 07:16:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=AKz+U+gF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727053AbgCIOBy (ORCPT + 99 others); Mon, 9 Mar 2020 10:01:54 -0400 Received: from bombadil.infradead.org ([198.137.202.133]:39306 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727005AbgCIOBx (ORCPT ); Mon, 9 Mar 2020 10:01:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Transfer-Encoding :Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=DtQS5O0hQQwBgslAAVUsLKrdeW4x55wzUHWwe5NBXGg=; b=AKz+U+gFd1aSjmGlOvFl3PMm/b V7ONgOBVPBl+LL+p0e6IvqZ9/ozi330UJkt1sWFzRdl7nbvTTG6DJiDiwV7J8/+QZ0YDwaRciyNJo Rro7rJqhN5dRSGYtmiMoE4wSmS/BVzgrY43a87z+SVWEff4i5mPG2HqgB8PnP/9i1l++pV2zidf3p ZyamoK9q1HN0wGGfvcRcbj/QJbtznsHgtLTgMg6hPhw6m9icokvLvNsTfxZAPfeXFM1NS7GRMP74d 4nx6vc9kYOYsJtD+Zww81MFJZSiNn1NZPXzZJR4s36B3StLeyITITlmZhNL9pAk5kT/kEgEv5NI9E G5Qme7rw==; Received: from willy by bombadil.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1jBIya-0002i3-QM; Mon, 09 Mar 2020 14:01:48 +0000 Date: Mon, 9 Mar 2020 07:01:48 -0700 From: Matthew Wilcox To: Jaewon Kim Cc: Andrew Morton , walken@google.com, bp@suse.de, linux-mm@kvack.org, linux-kernel@vger.kernel.org, jaewon31.kim@gmail.com Subject: Re: [PATCH] mm: mmap: show vm_unmapped_area error log Message-ID: <20200309140148.GK31215@bombadil.infradead.org> References: <20200304030206.1706-1-jaewon31.kim@samsung.com> <5E605749.9050509@samsung.com> <20200305202443.8de3598558336b1d75afbba7@linux-foundation.org> <5E61EAB6.5080609@samsung.com> <20200307154744.acd523831b45efa8d0fc1dfa@linux-foundation.org> <20200308015802.GD31215@bombadil.infradead.org> <5E64C1D7.3000208@samsung.com> <20200308123616.GH31215@bombadil.infradead.org> <5E660863.2090104@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5E660863.2090104@samsung.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 09, 2020 at 06:12:03PM +0900, Jaewon Kim wrote: > On 2020년 03월 08일 21:36, Matthew Wilcox wrote: > > On Sun, Mar 08, 2020 at 06:58:47PM +0900, Jaewon Kim wrote: > >> On 2020년 03월 08일 10:58, Matthew Wilcox wrote: > >>> On Sat, Mar 07, 2020 at 03:47:44PM -0800, Andrew Morton wrote: > >>>> On Fri, 6 Mar 2020 15:16:22 +0900 Jaewon Kim wrote: > >>>>> Even on 64 bit kernel, the mmap failure can happen for a 32 bit task. > >>>>> Virtual memory space shortage of a task on mmap is reported to userspace > >>>>> as -ENOMEM. It can be confused as physical memory shortage of overall > >>>>> system. > >>> But userspace can trigger this printk. We don't usually allow printks > >>> under those circumstances, even ratelimited. > >> Hello thank you your comment. > >> > >> Yes, userspace can trigger printk, but this was useful for to know why > >> a userspace task was crashed. There seems to be still many userspace > >> applications which did not check error of mmap and access invalid address. > >> > >> Additionally in my AARCH64 Android environment, display driver tries to > >> get userspace address to map its display memory. The display driver > >> report -ENOMEM from vm_unmapped_area and but also from GPU related > >> address space. > >> > >> Please let me know your comment again if this debug is now allowed > >> in that userspace triggered perspective. > > The scenario that worries us is an attacker being able to fill the log > > files and so also fill (eg) the /var partition. Once it's full, future > > kernel messages cannot be stored anywhere and so there will be no traces > > of their privilege escalation. > Although up to 10 times within 5 secs is not many, I think those log may remove > other important log in log buffer if it is the system which produces very few log. > In my Android phone device system, there seems to be much more kernel log though. I've never seen the logs on my android phone. All that a ratelimit is going to do is make the attacker be more patient. > > Maybe a tracepoint would be a better idea? Usually they are disabled, > > but they can be enabled by a sysadmin to gain insight into why an > > application is crashing. > In Android phone device system, we cannot get sysadmin permission if it is built > for end user. And it is not easy to reproduce this symptom because it is an user's app. > > Anyway let me try pr_devel_ratelimited which is disabled by default. I hope this is > good enough. Additionally I moved the code from mm.h to mmap.c. https://source.android.com/devices/tech/debug/ftrace