From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E698C433EF for ; Thu, 2 Dec 2021 22:04:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E27276B0072; Thu, 2 Dec 2021 17:03:57 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id DD5606B0074; Thu, 2 Dec 2021 17:03:57 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C9D286B0075; Thu, 2 Dec 2021 17:03:57 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0193.hostedemail.com [216.40.44.193]) by kanga.kvack.org (Postfix) with ESMTP id BD0CC6B0072 for ; Thu, 2 Dec 2021 17:03:57 -0500 (EST) Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 855091812920D for ; Thu, 2 Dec 2021 22:03:47 +0000 (UTC) X-FDA: 78874232094.11.A39359A Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id 30AD030000A9 for ; Thu, 2 Dec 2021 22:03:49 +0000 (UTC) Received: from mail.kernel.org (unknown [198.145.29.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 434E062858; Thu, 2 Dec 2021 22:03:46 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 6107A60720; Thu, 2 Dec 2021 22:03:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1638482625; bh=Z+asMALHzPYrO+IR2rdKboxf7edOU/5TebxtM/QVZkM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=DtThWfVOSaiod19he20AN1clvI2L1lj1D2y/K+EXX5DgjdjTDEtKVe4NBVK3pYo2x IFSRSirQ1/18QUgxlopZOMQdAYTfDZ4vTRSiMtNJbnhhA8+YRQ0r9EDEMQBUK57kIM fiP4z+Uc6Wh5GHfJjEZjCf2eHNI3i3DSj+lPfwGo= Date: Thu, 2 Dec 2021 14:03:43 -0800 From: Andrew Morton To: Kees Cook Cc: Leon Romanovsky , Matthew Wilcox , Bixuan Cui , linux-mm@kvack.org, linux-kernel@vger.kernel.org, torvalds@linux-foundation.org, w@1wt.eu Subject: Re: [PATCH -next] mm: delete oversized WARN_ON() in kvmalloc() calls Message-Id: <20211202140343.0fd5dbc41513b1c95661ff8f@linux-foundation.org> In-Reply-To: <202112021320.87AB40A@keescook> References: <1638410784-48646-1-git-send-email-cuibixuan@linux.alibaba.com> <20211201192643.ecb0586e0d53bf8454c93669@linux-foundation.org> <202112021105.C9E64318F@keescook> <202112021320.87AB40A@keescook> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 30AD030000A9 X-Stat-Signature: myboz9xwrw39tx3yeru6rk5ir4pbyis7 Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=DtThWfVO; spf=pass (imf08.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-HE-Tag: 1638482629-2872 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, 2 Dec 2021 13:23:13 -0800 Kees Cook wrote: > > > I think we have two cases: > > > > > > - limiting kvmalloc allocations to INT_MAX > > > - issuing a WARN when that limit is exceeded > > > > > > The argument for the having the WARN is "that amount should never be > > > allocated so we want to find the pathological callers". > > > > > > But if the actual issue is that >INT_MAX is _acceptable_, then we have > > > to do away with the entire check, not just the WARN. > > > > First we need to get rid from WARN_ON(), which is completely safe thing to do. > > > > Removal of the check can be done in second step as it will require audit > > of whole kvmalloc* path. > > If those are legit sizes, I'm fine with dropping the WARN. (But I still > think if they're legit sizes, we must also drop the INT_MAX limit.) Can we suppress the WARN if the caller passed __GFP_NOWARN?