Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3118907imw; Mon, 11 Jul 2022 02:08:18 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uLpyW9N4zTJ7YOtiPH4ciFg2/J5m9b+sJNin1Rc1QJSjKMe2ghb4Sapg2+8LKqz3m1BOHv X-Received: by 2002:aa7:cdc9:0:b0:43a:7b6f:e569 with SMTP id h9-20020aa7cdc9000000b0043a7b6fe569mr22819732edw.401.1657530497844; Mon, 11 Jul 2022 02:08:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657530497; cv=none; d=google.com; s=arc-20160816; b=ZmcYd7fwsD6h6raHYHYqKFTJr4yuhNSi0SbKoqOf7ZLnqQHBzLe8biq/T3NeKUSlFx ufeHwml3cfTJR80f2vH0H2a6Mmv+vd7KAaxglncYCDUoQkR0DQwYmDZHbp2mCUjAwh6f 3ONqt3IK1A/N3+mDnX7TBhM8G6Ect9ewoOOBcBCra7fXLV1ob2o8dBpxVfqUYfTZp5u9 IVJ1TxbMi7LEekb9n7jqPArG3nOKKMyZcAaQIvFgFcWiGoAKqj7PJNvUCivY2y+gG10J MqmpNNfGyPy+0itX2Pej9CYvT9iXCc4lFDuplEYz+aUvvIhWFZgyV94HGe1Gjgya4NgO OnAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KahG8dPujyuQmr3vS7XPH97ViH9jTIKR8+ux8kd1QT8=; b=IuI4rIeR7+LjP42y8nHCuAXqsFiy0fOHTefXVhblCnWCtYwgGK3+FjLHMRH4H3HNnY a8ulS3RNdudei768P/77jK2whPjnhu7CP8g5jobMJ6EISL9UJl+rJgZz5WHbFCDkEEUV HkbcCZKGt7HaYe1ygfNpHQ6PNwKSNhJ6VSatKvB/SvnivpLeev2b8m7Gn0yd0Wa1aJKf lOVXep3qH/c+qz3jUdq0QhGAMYNdINihrA+DOrm1Yuutk90ut7/lWke5mCGQQMSdtomD c0kimvvID5M7k8X5CYSpnvz2rMc1U/53YqvEY2I+TH2cPipVDWv1EtMDRYZkxrTrb11c 8+yQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=W3sTrSuh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y9-20020a056402440900b0043a52317e54si11722679eda.391.2022.07.11.02.07.51; Mon, 11 Jul 2022 02:08:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=W3sTrSuh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230134AbiGKJCu (ORCPT + 99 others); Mon, 11 Jul 2022 05:02:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229636AbiGKJCs (ORCPT ); Mon, 11 Jul 2022 05:02:48 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5FA8E21E31 for ; Mon, 11 Jul 2022 02:02:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1657530166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KahG8dPujyuQmr3vS7XPH97ViH9jTIKR8+ux8kd1QT8=; b=W3sTrSuhCr6HC+/MmWLSGXz4MACtGvnM4IBuMXA21UG8ANLcESZgYdVrRVrdd0YLb1s4K7 9mTwDw/7uvDXcKLqjAjWZH7oCKoiGe0Q81GtvsqvGZ/f2gXHnyWXE63JTHz8T2MoCMmlUA ngiNCaWI0zHiqZWg9EHgyOQ8nTXKOyE= Received: from mail-ua1-f71.google.com (mail-ua1-f71.google.com [209.85.222.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-564-EGLab0c2NcqI8CLq9OEUJA-1; Mon, 11 Jul 2022 05:02:45 -0400 X-MC-Unique: EGLab0c2NcqI8CLq9OEUJA-1 Received: by mail-ua1-f71.google.com with SMTP id o5-20020ab01505000000b00382efb8efabso898477uae.12 for ; Mon, 11 Jul 2022 02:02:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KahG8dPujyuQmr3vS7XPH97ViH9jTIKR8+ux8kd1QT8=; b=eIRCRXn/bonukV7C0vdIqGLg9TkRGrq+7FvNYb4hmsIfzUkmyp7r+QzngglP3gmyxZ FHStY3YcoU5IC4qaXoVvrvnlkVdBg7IfX6igctOPJwJ613Lyp9ITl2Aebk74wpb8VhB3 CQLeYu53hg5C4aXoLvhEAqnMMgRK2P5QM+4X29mRUeXK0BQnyE/aaeH1YfRr8Rw8EsRm LSLFivdjiI05Xx4irBMkt9Y0b70+R7KTQQxCcbD67PGk72G3Au1Yqn0b/4ZH/bUvc1oU BB1mhAAv5czDy9QFAMutWlf9hTlDtddlSVB6R5unOzn4qanjGefm/puU9LZ+/76k5xHU XgDQ== X-Gm-Message-State: AJIora8RORzcRluzqFcwq/gBNMIefsIzxM7FsCMw/5bIxS+w2FmMGOMM pNVPMUdmbA+d7OwhgokQy+uEZXKTYrCc4OBoOPZW4hpYxXj3zQBjSO4pyWipQl0cJ/nZttP2stb FOT8YL7JH45kOZ28OlAi23Y7/HX0nuV3AERCBpCBg X-Received: by 2002:a67:c894:0:b0:324:c5da:a9b5 with SMTP id v20-20020a67c894000000b00324c5daa9b5mr5669763vsk.33.1657530164718; Mon, 11 Jul 2022 02:02:44 -0700 (PDT) X-Received: by 2002:a67:c894:0:b0:324:c5da:a9b5 with SMTP id v20-20020a67c894000000b00324c5daa9b5mr5669757vsk.33.1657530164473; Mon, 11 Jul 2022 02:02:44 -0700 (PDT) MIME-Version: 1.0 References: <20220711075225.15687-1-mlombard@redhat.com> In-Reply-To: <20220711075225.15687-1-mlombard@redhat.com> From: Maurizio Lombardi Date: Mon, 11 Jul 2022 11:02:33 +0200 Message-ID: Subject: Re: [PATCH] mm: prevent page_frag_alloc() from corrupting the memory To: Alexander Duyck Cc: Jakub Kicinski , Andrew Morton , linux-mm , LKML , Netdev , =?UTF-8?B?5oSa5qCR?= Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tested with this kernel module: http://bsdbackstore.eu/misc/oomk/ It requires 2 parameters: the first one is the amount of memory you want to allocate with page_frag_alloc(), the second one is the size of the fragment I tested it on a machine with ~7Gb of free memory. Without the patch: ------------------------------------------------- 3Gb of memory will be used with frag size = 1024 byte. No issue: #insmod oomk.ko memory_size_gb=3 fragsize=1024 [ 177.875107] Test begins, memory size = 3 fragsize = 1024 [ 177.974538] Test completed! 10 Gb of memory, 1024 byte frag. page allocation failure but the kernel handles it and doesn't crash: #insmod oomk.ko memory_size_gb=10 fragsize=1024 [ 215.104801] Test begins, memory size = 10 fragsize = 1024 [ 215.227854] insmod: page allocation failure: order:0, mode:0xa20(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0 [ 215.230231] CPU: 1 PID: 1738 Comm: insmod Kdump: loaded Tainted: G OE --------- --- 5.14.0-124.kpq0.el9.x86_64 #1 [ 215.232344] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 215.233523] Call Trace: [ 215.234001] dump_stack_lvl+0x34/0x44 [ 215.234894] warn_alloc+0x134/0x160 [ 215.235592] __alloc_pages_slowpath.constprop.0+0x809/0x840 [ 215.236687] ? get_page_from_freelist+0xc6/0x500 [ 215.237569] __alloc_pages+0x1fa/0x230 [ 215.238381] page_frag_alloc_align+0x16c/0x1a0 [...] [ 215.315722] allocation number 7379888 failed! [ 215.426227] Test completed! 10Gb, 4097 byte frag. Kernel crashes: #insmod oomk.ko memory_size_gb=10 fragsize=4097 [ 623.461505] BUG: Bad page state in process insmod pfn:10a80c [ 623.462634] page:000000000654dc14 refcount:0 mapcount:0 mapping:000000007a56d6cd index:0x0 pfn:0x10a80c [ 623.464401] memcg:ffff900343a5b501 [ 623.465058] aops:0xffff9003409e5d38 with invalid host inode 00003524480055f0 [ 623.466394] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 623.467632] raw: 0017ffffc0000000 dead000000000100 dead000000000122 ffff900346cf2900 [ 623.469069] raw: 0000000000000000 0000000000100010 00000000ffffffff ffff900343a5b501 [ 623.470521] page dumped because: page still charged to cgroup [...] [ 626.632838] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] PREEMPT SMP PTI [ 626.633913] ------------[ cut here ]------------ [ 626.639981] CPU: 0 PID: 722 Comm: agetty Kdump: loaded Tainted: G B OE --------- --- 5.14.0-124.kpq0.el9.x86_64 #1 [ 626.640923] WARNING: CPU: 1 PID: 22 at mm/slub.c:4566 __ksize+0xc4/0xe0 [ 626.645018] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 626.645021] RIP: 0010:___slab_alloc+0x1b7/0x5c0 ------------------------------------------ With the patch the kernel doesn't crash: #insmod oomk.ko memory_size_gb=10 fragsize=4097 [ 4859.358496] Test begins, memory size = 10 fragsize = 4097 [ 4859.459674] allocation number 607754 failed! [ 4859.495489] Test completed! #insmod oomk.ko memory_size_gb=10 fragsize=40000 [ 8428.021491] Test begins, memory size = 10 fragsize = 40000 [ 8428.024308] allocation number 0 failed! [ 8428.025709] Test completed! Maurizio