From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6331BC2D0A3 for ; Wed, 4 Nov 2020 00:27:46 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id A5F0222409 for ; Wed, 4 Nov 2020 00:27:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="VtKjK1oA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A5F0222409 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id AD74D6B005C; Tue, 3 Nov 2020 19:27:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A87D86B005D; Tue, 3 Nov 2020 19:27:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 973B56B0068; Tue, 3 Nov 2020 19:27:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0152.hostedemail.com [216.40.44.152]) by kanga.kvack.org (Postfix) with ESMTP id 6A9036B005C for ; Tue, 3 Nov 2020 19:27:44 -0500 (EST) Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 0AE5E8249980 for ; Wed, 4 Nov 2020 00:27:44 +0000 (UTC) X-FDA: 77444847648.28.angle75_5003c4f272bc Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin28.hostedemail.com (Postfix) with ESMTP id D940D6C1A for ; Wed, 4 Nov 2020 00:27:43 +0000 (UTC) X-HE-Tag: angle75_5003c4f272bc X-Filterd-Recvd-Size: 3664 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf48.hostedemail.com (Postfix) with ESMTP for ; Wed, 4 Nov 2020 00:27:43 +0000 (UTC) Received: from X1 (unknown [208.106.6.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F247F223EA; Wed, 4 Nov 2020 00:27:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604449662; bh=2/u4DGZLL1HZQBWAOyaO++iRdQJ5VcSPlZg7HCezRBg=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=VtKjK1oAeV0Zg048rzLAyz1k1c+gk594NuHgq6E9IVMr75XwVCuoFOyC3brKESptI 4+OuuEnlNt1oeuheL2bgh+DTFUNH5OZJJwPkKo74w54wWCZjlAUNc78pU2kN9H7fVP 2ZZqaRCVvrLFM8h8zJvGkViouqN4GCDUhKCsc4yc= Date: Tue, 3 Nov 2020 16:27:40 -0800 From: Andrew Morton To: hsinhuiwu@gmail.com Cc: bugzilla-daemon@bugzilla.kernel.org, linux-mm@kvack.org Subject: Re: [Bug 210023] New: Crash when allocating > 2 TB memory Message-Id: <20201103162740.6a7c835276b5a704d5b219cc@linux-foundation.org> In-Reply-To: References: X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: (switched to email. Please respond via emailed reply-to-all, not via the bugzilla web interface). On Tue, 03 Nov 2020 18:50:07 +0000 bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=210023 > > Bug ID: 210023 > Summary: Crash when allocating > 2 TB memory > Product: Memory Management > Version: 2.5 > Kernel Version: 3.10.0-957.27.2.el7.x86_64 > Hardware: All > OS: Linux > Tree: Mainline > Status: NEW > Severity: blocking > Priority: P1 > Component: Slab Allocator > Assignee: akpm@linux-foundation.org > Reporter: hsinhuiwu@gmail.com > Regression: No > > With a machine with 3 TB (more than 2 TB memory). If you use vmalloc to > allocate > 2 TB memory, the array_size below will be overflowed. How was this observed? Is there any know userspace operation which causes the kernel to try to vmalloc such a large hunk of memory? > The array_size is an unsigned int and can only be used to allocate less than 2 > TB memory. If you pass 2*1028*1028*1024*1024 = 2 * 2^40 in the argument of > vmalloc. The array_size will become 2*2^31 = 2^32. The 2^32 cannot be store > with a 32 bit integer. > > The fix is to change the type of array_size to unsigned long. > > vmalloc.c > > 1762 void *vmalloc(unsigned long size) > 1763 { > 1764 return __vmalloc_node_flags(size, NUMA_NO_NODE, > 1765 GFP_KERNEL | __GFP_HIGHMEM); > 1766 } OK, thanks. Against current mainline your proposed change would look like this, yes? --- a/mm/vmalloc.c~a +++ a/mm/vmalloc.c @@ -2461,9 +2461,11 @@ static void *__vmalloc_area_node(struct { const gfp_t nested_gfp = (gfp_mask & GFP_RECLAIM_MASK) | __GFP_ZERO; unsigned int nr_pages = get_vm_area_size(area) >> PAGE_SHIFT; - unsigned int array_size = nr_pages * sizeof(struct page *), i; + unsigned long array_size + unsigned int i; struct page **pages; + array_size = (unsigned long)nr_pages * sizeof(struct page *); gfp_mask |= __GFP_NOWARN; if (!(gfp_mask & (GFP_DMA | GFP_DMA32))) gfp_mask |= __GFP_HIGHMEM; _