Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3585674imw; Mon, 11 Jul 2022 11:26:24 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t3HXp4/nCtc18WtbBC42bLop/G/hyMHEH07OcoMnxsDlWQ8wLj8jZOO+e5ojyA84pcTq73 X-Received: by 2002:a05:6402:12d8:b0:43a:6a70:9039 with SMTP id k24-20020a05640212d800b0043a6a709039mr26873716edx.379.1657563984006; Mon, 11 Jul 2022 11:26:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657563984; cv=none; d=google.com; s=arc-20160816; b=L6Eq258lcbvUohyIo/sq2lhbi17Mefeni2gXRgNzwVv+bH61+vAez1VhzbWZ6ODugL WxUqis5mGwZqTepAYfNhbbBbu2N/NILN0D3yDUi5fyMgT4PwqIWo5Wy0ssLc1FnVpNDk 3F605O3oNTegBNCkdZMZjA3QvUmBQXLJIFEIBuWVAmY1XcmZW/gxx+Tllf9Yenvr0Lft DM+TEBJ6FD9z2wCbMiCzb9Dp7JdCpD424dkY5iCO8WbZq3IL9f7l1cFPkRboQEkCV6GC 6mBVGJ12K2Nm7V78/cAY+IlEYuue8oc7WRK1A5asx+aNJ4R1WwNH/+42S+FmNcoh7FS2 Ol+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=LDyh/vtAqlchTUEJhEUMVYzVZhOGqr+c1tP2nxvPQ3E=; b=kMopaVjdjhB9Oo7tSwDXIlGXADSWm9YAJy0JNYZa+Z2IHESUNOBJ0SR1DuOuLYyNWC Qj52N+xHWRTnAVMrTZKg2g2vcCaYGxGuBfKtb/5iVunyy5qJzcHbkHFiGickgBkEF0i3 XaHzM/vup/XmaO1cdZacaXcFIthjAEA6LDM9pS5RltlB6+AbKTFcE4+n4/C7T6kq6eQk vg0n9SkBcKJp+7Yv6zutZ1Syc/MiMj8BydhbxI87rSo8SKotzougrgMR5mIbP3vh/h74 ssMfZI/ZDRuGlNRSdA/cXclaFUgzWPI2k4cpEGsr2A02j5/tAsD9s7+/ccQ42sua2zS2 AR5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=BaSeEBuh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nb31-20020a1709071c9f00b0072b61694e92si3437983ejc.350.2022.07.11.11.25.58; Mon, 11 Jul 2022 11:26:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=BaSeEBuh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230057AbiGKSXQ (ORCPT + 99 others); Mon, 11 Jul 2022 14:23:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47622 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229635AbiGKSXP (ORCPT ); Mon, 11 Jul 2022 14:23:15 -0400 Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A07474D80E; Mon, 11 Jul 2022 11:23:14 -0700 (PDT) Received: by mail-wr1-x430.google.com with SMTP id r14so8127843wrg.1; Mon, 11 Jul 2022 11:23:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=LDyh/vtAqlchTUEJhEUMVYzVZhOGqr+c1tP2nxvPQ3E=; b=BaSeEBuhTSPhFm1WrSLp2YkYR10LGnYPSUVyfpevAiQd+DV3x60uiu1vOlXhEPoafT 8uhaaIcyLSG9Pfly5++bPQSfjqetrKb+e2ZuT3cl6BE2XJ9sebsq1WjXLnrFxAa9uuEy H0o65IOCCQv07sPoU38yamOZAPVR9Sd7l8Eh6TG99L8bB7C+WOf8NhQaC6Ukbid8ud4F T69SBV5AT+wvKH8c0PvqhABw//I3Wdju5UbLtOE+Id97rVZ/WeALxW8lH3P9dTY2NmWV FOYV00GouzXZIvvNtP2S6wbHzYTMayz+PPB/hR0kNDqsUC45ixtSk5aY1fgDPrAkg5ua Iqpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=LDyh/vtAqlchTUEJhEUMVYzVZhOGqr+c1tP2nxvPQ3E=; b=Medv72cGPK2w2uTWVRA1cxaIetKn/9/u2gIpAX+TCG8sauI/mluydfMYsWc1BcoXuz /ZL2FgzE76N+V2aIrJq8T5Y0ApdDAcHyCX1pxALcQFBXA4rBwI+cxA6LxufVK4SITvI4 p7DJ4HtEBzQx1qguLVCqsREwe5pzqUmv85/WQhZ+X9w551/ZoR3Pg/cJFJqR4O+yleQk k5XMnhXggckIMf0JMxVGKXocCxxd8+jiU+w8hnaW7imW78yt8qemur0/vKjGzoYxWkfs NESwGfvLjSdBCtjoPHGLsFfUP2zuvls42W/phf7zZO7i5rfOutSDvGoJ6mEWxWW5IAZ0 0XLA== X-Gm-Message-State: AJIora85CpOB5zmaYhKzaHzCk1R2U/pSN/Wsqop7XTNsSdYYbZSQKXlE gqOvgkEWtPNiDazlm0VvO6l+3GxfgD2WY5nqujU= X-Received: by 2002:adf:f90c:0:b0:21a:3dcb:d106 with SMTP id b12-20020adff90c000000b0021a3dcbd106mr17872123wrr.448.1657563793057; Mon, 11 Jul 2022 11:23:13 -0700 (PDT) MIME-Version: 1.0 References: <20220711075225.15687-1-mlombard@redhat.com> In-Reply-To: From: Alexander Duyck Date: Mon, 11 Jul 2022 11:23:01 -0700 Message-ID: Subject: Re: [PATCH] mm: prevent page_frag_alloc() from corrupting the memory To: Maurizio Lombardi Cc: Jakub Kicinski , Andrew Morton , linux-mm , LKML , Netdev , Chen Lin Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 11, 2022 at 9:17 AM Maurizio Lombardi wro= te: > > po 11. 7. 2022 v 17:34 odes=C3=ADlatel Alexander Duyck > napsal: > > > > Rather than forcing us to free the page it might be better to move the > > lines getting the size and computing the offset to the top of the "if > > (unlikely(offset < 0)) {" block. Then instead of freeing the page we > > could just return NULL and don't have to change the value of any > > fields in the page_frag_cache. > > > > That way a driver performing bad requests can't force us to start > > allocating and freeing pages like mad by repeatedly flushing the > > cache. > > > > I understand. On the other hand, if we free the cache page then the > next time __page_frag_cache_refill() runs it may be successful > at allocating the order=3D3 cache, the normal page_frag_alloc() behaviour= will > therefore be restored. That is a big "maybe". My concern is that it will actually make memory pressure worse by forcing us to reduce the number of uses for a lower order page. One bad actor will have us flushing memory like mad so a guy expecting a small fragment may end up allocating 32K pages because someone else is trying to allocate them. I recommend we do not optimize for a case which this code was not designed for. Try to optimize for the standard case that most of the drivers are using. These drivers that are allocating higher order pages worth of memory should really be using alloc_pages. Using this to allocate pages over 4K in size is just a waste since they are not likely to see page reuse which is what this code expects to see.