From: Matthew Wilcox <willy@infradead.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: hsinhuiwu@gmail.com, bugzilla-daemon@bugzilla.kernel.org,
linux-mm@kvack.org
Subject: Re: [Bug 210023] New: Crash when allocating > 2 TB memory
Date: Wed, 4 Nov 2020 00:47:05 +0000 [thread overview]
Message-ID: <20201104004705.GJ27442@casper.infradead.org> (raw)
In-Reply-To: <20201103162740.6a7c835276b5a704d5b219cc@linux-foundation.org>
On Tue, Nov 03, 2020 at 04:27:40PM -0800, Andrew Morton wrote:
> const gfp_t nested_gfp = (gfp_mask & GFP_RECLAIM_MASK) | __GFP_ZERO;
> unsigned int nr_pages = get_vm_area_size(area) >> PAGE_SHIFT;
> - unsigned int array_size = nr_pages * sizeof(struct page *), i;
> + unsigned long array_size
> + unsigned int i;
> struct page **pages;
>
> + array_size = (unsigned long)nr_pages * sizeof(struct page *);
This is only pushing the problem out ~5 years. If somebody tries
to allocate a 16TB area, 16TB / 4kB is 4GB and nr_pages overflows.
That's only 3 doublings of RAM away.
I think we need to change vm_struct's nr_pages from an unsigned int to
an unsigned long. It won't take up any more room because it's sandwiched
between a pointer and a phys_addr_t.
next prev parent reply other threads:[~2020-11-04 0:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <bug-210023-27@https.bugzilla.kernel.org/>
2020-11-04 0:27 ` Andrew Morton
2020-11-04 0:47 ` Matthew Wilcox [this message]
2020-11-04 13:55 ` Hsin-Hui Wu
2020-11-04 18:19 ` Andrew Morton
[not found] ` <CANpob6LY6oXqTG0GTJk-Z9qJtp9kpCCdoDAsbOJgTA8QfPCe2Q@mail.gmail.com>
[not found] ` <20201104163822.95df9ee4e42ad5ec45852a19@linux-foundation.org>
2020-11-05 3:52 ` Hsin-Hui Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201104004705.GJ27442@casper.infradead.org \
--to=willy@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=bugzilla-daemon@bugzilla.kernel.org \
--cc=hsinhuiwu@gmail.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox