Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4816892rwl; Tue, 28 Mar 2023 11:40:51 -0700 (PDT) X-Google-Smtp-Source: AKy350aaKhVxn1zIZqr+cZ1Dc6tgp7klpRZ04hwnIFdCz14bcVXZvp/xfPK/W4I6Hn+rXumXihAv X-Received: by 2002:a17:907:7e87:b0:93f:f70:b2e6 with SMTP id qb7-20020a1709077e8700b0093f0f70b2e6mr19175670ejc.0.1680028851133; Tue, 28 Mar 2023 11:40:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680028851; cv=none; d=google.com; s=arc-20160816; b=NoFmmLahP5o669qYMNkaIGy7RFC+ex2VQsyZ428P0mHZKPYwmi1MG6A5mu5TBRAwBS hk3cLCpRWIsKllAfkbeAxOOXirnxmtd/RXHu2ZON5WX4GBlgawi94i69rUgLamorWGX2 cpLyUDcGgJ0OKcp9m7OWW25aSOUxT9tpkP7YHf8temmBA8hGOLdiTWo28SxusdzsZ4XL xZMG1bpVoBFWgRXEqoCiOKPpRAVEghG9T4pfOD/aw9e8W/oqQzjpow2YQNzyd24QoLHA mEEDww4LzFrbjWatfxANOqePKgPCeASb+L9WDPg3W7H5rWenimtFCLOIO/9uGm7oGIVf SD7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=QAYteq3mFV588TpLqRaA86uUyETx+bdriGoU/y4d71Q=; b=zeZz/djhOfLy0sGcgUmLBQC8xHJNzY7GSjP/IZY8p5cLvjbxg0yCaBcX3icbJ7dYTo qvk6Y+cMMg/GwQpu+Rjmyym3xqqXDCCEDOEfqQWOSAid2MeFPBmbQbxbQb04Mz7JZM4S ZX+xtn6gRy8y9Ox593aG0A/2P2Au4XyV4MX98hALTu2jwRfpFVLexc4+dUDdVzsbRsPV TeKsNAE2j2v1rJrXvjpe44mTKSwDQbrgJDb70khiONi7g1fEoZx7JSGoERHBK+epVrXm eafv1aSlEE0p6hIv9W4B8JwDNb3VJpphlRsD0qeKsNuNDs1lx0Iec7iy+e351BQFajkF tAeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EtkvNeRa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id tf13-20020a1709078d8d00b0093e79e46252si11527177ejc.1036.2023.03.28.11.40.26; Tue, 28 Mar 2023 11:40:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EtkvNeRa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229682AbjC1Sfo (ORCPT + 99 others); Tue, 28 Mar 2023 14:35:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229436AbjC1Sfm (ORCPT ); Tue, 28 Mar 2023 14:35:42 -0400 Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75EF71BE9 for ; Tue, 28 Mar 2023 11:35:41 -0700 (PDT) Received: by mail-yb1-xb35.google.com with SMTP id z83so16364359ybb.2 for ; Tue, 28 Mar 2023 11:35:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680028540; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=QAYteq3mFV588TpLqRaA86uUyETx+bdriGoU/y4d71Q=; b=EtkvNeRanejerUBKb1YW3cH+uFNUeYLsqvaqGYBqdrzxnDPIhaTdpsAP5STbq4tqos VX3vS/hPsUvsRaov5cj5X+n8Dfw9cSF6EBigZbkMh08EAPI+bGNfsAItFKbgAWRnOahG 3ura0nlamPbFBr1BxPGMsB3sQVsh3sB3eB/sP9+nKQdNYIAdsu+dxXbVuWHIwwl/Utl+ V4qDqg+93Ku6ZNgowrnSX2vnpi8+X7GdsqEb6etgloYbB8ZnhRhS8AjL5jPncd02y8Lx DJ+2GSWatIo1RZXLx77f8fpT8JOLpChsogotPbGX6gzNf1pQzd/u9tfmn1buGCjQ95Av EbzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680028540; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QAYteq3mFV588TpLqRaA86uUyETx+bdriGoU/y4d71Q=; b=x7IPkMYOD9f0qKk5lRRoWOy0QIXL6C3etUJP6PR0O9G/O8sPX5fkc4XBAAc0bwg+MC FpkRtj6WP+S1gQe1Nav1mwuR2VWTJmEnpdNaGT/LNoOwb0hSsblf5JL97B0/d0z9znNl rAYXyffFuFYfweXPvSO0ERnwNEAtd5ejqn86ZfL5L3P2+gvV6DHXDXbmA7x5OAmWxUcD vLplWsBDmZlZJ7955OWkPllQvhUZMjDEs+Ym7Gt1yTzVuEN7J+E36RvomtdnKPmc4UaC mlhMcsf8AKkKflCQq8JqFreNfTDN8DrsmvxPc1b1jDC/BS9G/L2SelOmK7qt3aWhzhWk dI5Q== X-Gm-Message-State: AAQBX9efMjeCrUCrfP/HWPm2zQ1G56ASXjnFJmEwkZHfvf3UnJh5TJbg dr0L1/OJnAkKZZfiUXIv9h7MqP791Xu0HGG0rC+AWQ== X-Received: by 2002:a05:6902:1543:b0:b77:158d:b3a0 with SMTP id r3-20020a056902154300b00b77158db3a0mr14053685ybu.6.1680028540565; Tue, 28 Mar 2023 11:35:40 -0700 (PDT) MIME-Version: 1.0 References: <20230328125818.5574-1-jaewon31.kim@samsung.com> In-Reply-To: <20230328125818.5574-1-jaewon31.kim@samsung.com> From: "T.J. Mercier" Date: Tue, 28 Mar 2023 11:35:29 -0700 Message-ID: Subject: Re: [PATCH] dma-buf/heaps: c9e8440eca61 staging: ion: Fix overflow and list bugs in system heap: To: Jaewon Kim Cc: jstultz@google.com, sumit.semwal@linaro.org, daniel.vetter@ffwll.ch, akpm@linux-foundation.org, hannes@cmpxchg.org, mhocko@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, jaewon31.kim@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-15.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 28, 2023 at 5:58=E2=80=AFAM Jaewon Kim wrote: > > Normal free:212600kB min:7664kB low:57100kB high:106536kB > reserved_highatomic:4096KB active_anon:276kB inactive_anon:180kB > active_file:1200kB inactive_file:0kB unevictable:2932kB > writepending:0kB present:4109312kB managed:3689488kB mlocked:2932kB > pagetables:13600kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:200844kB > Out of memory and no killable processes... > Kernel panic - not syncing: System is deadlocked on memory > > An OoM panic was reported, there were only native processes which are > non-killable as OOM_SCORE_ADJ_MIN. > > After looking into the dump, I've found the dma-buf system heap was > trying to allocate a huge size. It seems to be a signed negative value. > > dma_heap_ioctl_allocate(inline) > | heap_allocation =3D 0xFFFFFFC02247BD38 -> ( > | len =3D 0xFFFFFFFFE7225100, > > Actually the old ion system heap had policy which does not allow that > huge size with commit c9e8440eca61 ("staging: ion: Fix overflow and list > bugs in system heap"). We need this change again. Single allocation > should not be bigger than half of all memory. > > Signed-off-by: Jaewon Kim > --- > drivers/dma-buf/heaps/system_heap.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/= system_heap.c > index e8bd10e60998..4c1ef2ecfb0f 100644 > --- a/drivers/dma-buf/heaps/system_heap.c > +++ b/drivers/dma-buf/heaps/system_heap.c > @@ -351,6 +351,9 @@ static struct dma_buf *system_heap_allocate(struct dm= a_heap *heap, > struct page *page, *tmp_page; > int i, ret =3D -ENOMEM; > > + if (len / PAGE_SIZE > totalram_pages() / 2) > + return ERR_PTR(-ENOMEM); > + Instead of policy like that, would __GFP_RETRY_MAYFAIL on the system heap's LOW_ORDER_GFP flags also avoid the panic, and eventually fail the allocation request?