From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC3D1C7618D for ; Thu, 6 Apr 2023 01:44:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 28E676B0075; Wed, 5 Apr 2023 21:44:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 262816B0078; Wed, 5 Apr 2023 21:44:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1049A6B007B; Wed, 5 Apr 2023 21:44:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 01AE46B0075 for ; Wed, 5 Apr 2023 21:44:27 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 9DCBE4017A for ; Thu, 6 Apr 2023 01:44:27 +0000 (UTC) X-FDA: 80649271374.22.9F8298F Received: from mailout1.samsung.com (mailout1.samsung.com [203.254.224.24]) by imf16.hostedemail.com (Postfix) with ESMTP id 3F41E18000F for ; Thu, 6 Apr 2023 01:44:23 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=samsung.com header.s=mail20170921 header.b=N9q4WXFC; dmarc=pass (policy=none) header.from=samsung.com; spf=pass (imf16.hostedemail.com: domain of jaewon31.kim@samsung.com designates 203.254.224.24 as permitted sender) smtp.mailfrom=jaewon31.kim@samsung.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680745465; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qZFeenoZbfGPR/OPIHqYvDFEdzYQ1bBGy2vJuSOpMn8=; b=dm9r4hVmHaQ2+rTVLKgL6z86cE1zA/mWyu2mHN/mzn1ym2Im5qFNUfKmYBLXnbNhsJ/fku yHskpVewb/iAWYkxGEBq+cnJvb8KqtkFd1zOapKKY60XS6MQXFVRsj8IcAhXaLsqXc+LzF rtWFkGWUGhDhkokEXJ1I3M2CKTTwuZk= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=samsung.com header.s=mail20170921 header.b=N9q4WXFC; dmarc=pass (policy=none) header.from=samsung.com; spf=pass (imf16.hostedemail.com: domain of jaewon31.kim@samsung.com designates 203.254.224.24 as permitted sender) smtp.mailfrom=jaewon31.kim@samsung.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680745465; a=rsa-sha256; cv=none; b=632aMBRbaaKjtdl/KryybOJPV5WjooxAm1hI7+igK/zlGL02fj6Cz6Kf8sSLcgu9bn6jxh I/G8nFWe4n69hbreMrot4lj02DRd2wBuDtXYH7MbwghTQLEjjYF8y2wuNuImnAqwawzfik 9T6CN0LvZgIyr6BnyIm7RWuwsxxFhDs= Received: from epcas1p2.samsung.com (unknown [182.195.41.46]) by mailout1.samsung.com (KnoxPortal) with ESMTP id 20230406014420epoutp011055991eabd6d7470b1010a8db2800ed~TNRdkUVlX0938809388epoutp01J for ; Thu, 6 Apr 2023 01:44:20 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.samsung.com 20230406014420epoutp011055991eabd6d7470b1010a8db2800ed~TNRdkUVlX0938809388epoutp01J DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1680745460; bh=qZFeenoZbfGPR/OPIHqYvDFEdzYQ1bBGy2vJuSOpMn8=; h=Subject:Reply-To:From:To:CC:In-Reply-To:Date:References:From; b=N9q4WXFCHRnDfAB6CZ+dafR/+ogFIqDG97WzCDQRSygL1oZdQaOvTlFvqDp2wHns3 SBwc8VKYBDfcFMQzFjignlajBZJn9ux/ZQJ6g3hg33YRv4cnB3gt43FT25MECYa6Ks sAwanJg9+FYvb9YxF7YHn+V4DsJykDUEOC+3qy8Q= Received: from epsnrtp4.localdomain (unknown [182.195.42.165]) by epcas1p3.samsung.com (KnoxPortal) with ESMTP id 20230406014419epcas1p39e0e8ae9a1093cfffd9825551ea3b1e8~TNRc5RY_t1876618766epcas1p3v; Thu, 6 Apr 2023 01:44:19 +0000 (GMT) Received: from epsmges1p1.samsung.com (unknown [182.195.38.242]) by epsnrtp4.localdomain (Postfix) with ESMTP id 4PsPS330tGz4x9Q6; Thu, 6 Apr 2023 01:44:19 +0000 (GMT) X-AuditID: b6c32a35-00ffd7000000d8eb-b0-642e23f3aa84 Received: from epcas1p1.samsung.com ( [182.195.41.45]) by epsmges1p1.samsung.com (Symantec Messaging Gateway) with SMTP id 91.FD.55531.3F32E246; Thu, 6 Apr 2023 10:44:19 +0900 (KST) Mime-Version: 1.0 Subject: RE: [PATCH v2] dma-buf/heaps: system_heap: Avoid DoS by limiting single allocations to half of all memory Reply-To: jaewon31.kim@samsung.com From: Jaewon Kim To: Andrew Morton CC: "jstultz@google.com" , "tjmercier@google.com" , "sumit.semwal@linaro.org" , "daniel.vetter@ffwll.ch" , "hannes@cmpxchg.org" , "mhocko@kernel.org" , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , "jaewon31.kim@gmail.com" X-Priority: 3 X-Content-Kind-Code: NORMAL In-Reply-To: <20230405172524.e25b62e1c548a95564b1d324@linux-foundation.org> X-Drm-Type: N,general X-Msg-Generator: Mail X-Msg-Type: PERSONAL X-Reply-Demand: N Message-ID: <20230406014419epcms1p3f285b6e3fdbb1457db1bcbaab9e863be@epcms1p3> Date: Thu, 06 Apr 2023 10:44:19 +0900 X-CMS-MailID: 20230406014419epcms1p3f285b6e3fdbb1457db1bcbaab9e863be Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Sendblock-Type: SVC_REQ_APPROVE X-CPGSPASS: Y X-CPGSPASS: Y CMS-TYPE: 101P X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrKJsWRmVeSWpSXmKPExsWy7bCmru5nZb0Ug5e7xCzmrF/DZvHykKbF wod3mS1Wb/K16N48k9Gi9/0rJos/JzayWVzeNYfN4t6a/6wWr78tY7Y4dfczu8W79V/YHHg8 Dr95z+yx99sCFo+ds+6yeyzYVOqxaVUnm8emT5PYPe5c28PmcWLGbxaPvi2rGD0+b5IL4IrK tslITUxJLVJIzUvOT8nMS7dV8g6Od443NTMw1DW0tDBXUshLzE21VXLxCdB1y8wBulpJoSwx pxQoFJBYXKykb2dTlF9akqqQkV9cYquUWpCSU2BWoFecmFtcmpeul5daYmVoYGBkClSYkJ2x ZNpS1oLTshVzv01lbGC8J97FyMkhIWAicXLpC+YuRi4OIYEdjBLXz21n62Lk4OAVEJT4u0MY xBQWKJGYvFsBpFxIQEni7I8r7CC2sICuRFP3ahYQm01AW+L9gkmsILYIUHzV811gI5kFDjJL nLw2mQliF6/EjPanLBC2tMT25VsZQWxOAW+Jz7Oms0HERSVurn7LDmO/PzafEcIWkWi9d5YZ whaUePBzNyPMnD/Hn0P1Fkss63wAtatGYsW5VVBxc4mGtyvBbF4BX4m2ZWvADmURUJXYvHkS 1BwXiYmz1oH1MgvIS2x/O4cZ5HdmAU2J9bv0IUoUJXb+nssI80rDxt/s6GxmAT6Jd197WGHi O+Y9gTpHTaLl2VeouIzE33/PWCcwKs1CBPQsJItnISxewMi8ilEstaA4Nz212LDAEB63yfm5 mxjB6VfLdAfjxLcf9A4xMnEwHmKU4GBWEuFV7dJKEeJNSaysSi3Kjy8qzUktPsRoCvTyRGYp 0eR8YAbIK4k3NLE0MDEzMrEwtjQ2UxLn/fJUO0VIID2xJDU7NbUgtQimj4mDU6qB6VjPTYbz wQmi9ovrjmyu3d/1oKFCb6JZ06fQjTcP93Vd35jzz/bjorcdp/ad1POcViLNuuhQ0f1/Sbea BATvX9nUvlbslOPMb/M2PPe5mTxHZ9anc1abT69RYZQ48HOtz9x8/jwN5WNxOst4xI52nVK+ af31yXTn3lt7Uy7a2M/e4flxMsuuXWHsr1nqDHpZOfdM2ilfzF8TdKrU6a6J2vosY3MFnqaF PzpnF22UjP9gbfFIpOtHxY3sW4+kT/hFWLw/I/+Yfyuj51utWf7sc56rv9N/3pV428HsqUFH 5J5lm28d1OVImmpcMWnDtpvHFhxduWfVIucLa3/v/K9wl8N8FUf5waPtz/7euKY0c8dEJZbi jERDLeai4kQAmxZkXEgEAAA= DLP-Filter: Pass X-CFilter-Loop: Reflected X-CMS-RootMailID: 20230406000841epcas1p3630010a770682be0f1d540a448f3e00e References: <20230405172524.e25b62e1c548a95564b1d324@linux-foundation.org> <20230406000854.25764-1-jaewon31.kim@samsung.com> X-Rspamd-Queue-Id: 3F41E18000F X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: hjg8c7rpakccroxk67qiw1undji4yy56 X-HE-Tag: 1680745463-565542 X-HE-Meta: U2FsdGVkX1+irHeUGnAEhomZk9wYrvZTwhyc7ob32uVOFafnIoYaEAPgeJ24vNHO5xedoKBB03RNTiDLzd2BSYZlbowGdJIdFQ0+eqy0JCx3A+fEZpLO+ebT77kZxZwTTr2GE9h1kfxXIQS3CmowjxFam9b6Z3TUW7yd0Jn+/MefW+vdQHP9BVODe1J5f+Uy2Deho391EDJqC8lEeUCfy7riTyNQ+QtemwmK7UeGWkMUk0Ve/RjJKODjQvet/Odarsjt81+/LtTrTYgClMZTnWZFDhqNQPsNBxio5rHY++R6pztFRZ9jYUHVzum5CxHQZ7lozIPJ5NAQBEPz40o8ICzE0H8mqSgOTc/cSalNWivYtWzKfoGG0PEliNyH3qfG4tqAovXOOGqDiYWesbdG4h5Ft6h83BiWLBQg2BVFYACoan3Hvmd1SH3tkzFL9lwB4hsz4fdJhP32ar5C9rm3FkDpAaq86KYTbMKIGavKDapvVmiZ+Hq4aEX72dhZSNBzUPgBeQVc8gU1Jp5QXDkHUXoX5n2y9rlVb6gq90qL5b+1I1AFcYnaOaoZanVtn8gStAgYkKXWJmBouLpd/O5zGgNdrjC1et9fdur/izeZB0cA+2c5vHPmCJ6hzfa3+f2xzOAtAmmi0rnsa1trMSY5vXfiPYgFDvXpcShi2c8jcsuoSHkxY+XUC0DVKFIWvLCkkT7f2eSNQTkWkcnQNGa+su2KPxFylz8NliG5p8eT5fmq5urquqvy11e3fgHvyPlPwa7sXVClnhH/qr8r6TP3UomwnHzfv3jjUVbHGwNm1ACTBbzjavO8OWJ/2rZstWAbIDGaPTVzsMQ/uLt49s5KBDrO2uM/TBLcNFfCSCw2n7h+riOwRvkr1d9o1nHPeLL3NZkAmGkI1I3BwX3RSwWF6yhmJby5/UzkuFtrNlJ/rdWSgnnajWqE1ofg3kWpXQUmxqGutj15F2YXYDiT6CZ WEzl9u46 zMqm2hBY8l5usXi0ON+08J15XWI+Q1FGORfoOtiutxfKbNCCmYK5Lxe6XQ4tO4tVL6C1i302GDnoGSYnHZUM4w8OhMzX1zWCzxwZmpx4pzmwdxI9a7Dtpd9N1W8gKhfknt4DJ3WE94sGd77hiBC2RykQ+t/3EnfRusXBiAMHm+XWm1rP8dQk61jRj2fNCkXBZ4V9ztNYQFdSZIOjDrOgwDPa4abR3A/ltdRnkQXMWaZYh9XSMJMWYAy/8owwBaylBtwWYEJ7qGlO5VyDysPxlGma85VPGpHS1X/qP2zlvAorAD4bfcPsD0LzjDEmpnfeDe+LDQSzE7ZICUFCBNUCi1gKPWhWAMX0X9EcRwYhVZ4/u5UlLUyXzTs08HxOEc1rWw6BljGLsiPzEdeo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: >On Thu, 6 Apr 2023 09:08:54 +0900 Jaewon Kim wrote: > >> Normal free:212600kB min:7664kB low:57100kB high:106536kB >> reserved_highatomic:4096KB active_anon:276kB inactive_anon:180kB >> active_file:1200kB inactive_file:0kB unevictable:2932kB >> writepending:0kB present:4109312kB managed:3689488kB mlocked:2932kB >> pagetables:13600kB bounce:0kB free_pcp:0kB local_pcp:0kB >> free_cma:200844kB >> Out of memory and no killable processes... >> Kernel panic - not syncing: System is deadlocked on memory >> >> An OoM panic was reported, there were only native processes which are >> non-killable as OOM_SCORE_ADJ_MIN. >> >> After looking into the dump, I've found the dma-buf system heap was >> trying to allocate a huge size. It seems to be a signed negative value. >> >> dma_heap_ioctl_allocate(inline) >> | heap_allocation = 0xFFFFFFC02247BD38 -> ( >> | len = 0xFFFFFFFFE7225100, >> >> Actually the old ion system heap had policy which does not allow that >> huge size with commit c9e8440eca61 ("staging: ion: Fix overflow and list >> bugs in system heap"). We need this change again. Single allocation >> should not be bigger than half of all memory. >> >> ... >> >> --- a/drivers/dma-buf/heaps/system_heap.c >> +++ b/drivers/dma-buf/heaps/system_heap.c >> @@ -351,6 +351,9 @@ static struct dma_buf *system_heap_allocate(struct dma_heap *heap, >> struct page *page, *tmp_page; >> int i, ret = -ENOMEM; >> >> + if (len / PAGE_SIZE > totalram_pages() / 2) >> + return ERR_PTR(-ENOMEM); >> + > >This seems so random. Why ram/2 rather than ram/3 or 17*ram/35? Hello Thank you for your comment. I just took the change from the old ion driver code, and actually I thought the half of all memory is unrealistic. It could be unwanted size like negative, or too big size which incurs slowness or OoM panic. > >Better behavior would be to try to allocate what the caller asked >for and if that doesn't work out, fail gracefully after freeing the >partial allocations which have been performed thus far. If dma_buf >is changed to do this then that change is useful in many scenarios other >than this crazy corner case. I think you would like __GFP_RETRY_MAYFAIL. Actually T.J. Mercier recommended earlier, here's what we discussed. https://lore.kernel.org/linux-mm/20230331005140epcms1p1ac5241f02f645e9dbc29626309a53b24@epcms1p1/ I just worried about a case in which we need oom kill to get more memory but let me change my mind. That case seems to be rare. I think now it's time when we need to make a decision and not to allow oom kill for dma-buf system heap allocations. But I still want to block that huge size over ram. For an unavailabe size, I think, we don't have to do memory reclaim or killing processes, and we can avoid freezing screen in user perspecitve. This is eventually what I want. Can we check totalram_pages and and apply __GFP_RETRY_MAYFAIL? --- a/drivers/dma-buf/heaps/system_heap.c +++ b/drivers/dma-buf/heaps/system_heap.c @@ -41,7 +41,7 @@ struct dma_heap_attachment { bool mapped; }; -#define LOW_ORDER_GFP (GFP_HIGHUSER | __GFP_ZERO | __GFP_COMP) +#define LOW_ORDER_GFP (GFP_HIGHUSER | __GFP_ZERO | __GFP_COMP | __GFP_RETRY_MAYFAIL) #define MID_ORDER_GFP (LOW_ORDER_GFP | __GFP_NOWARN) #define HIGH_ORDER_GFP (((GFP_HIGHUSER | __GFP_ZERO | __GFP_NOWARN \ | __GFP_NORETRY) & ~__GFP_RECLAIM) \ @@ -351,6 +351,9 @@ static struct dma_buf *system_heap_allocate(struct dma_heap *heap, struct page *page, *tmp_page; int i, ret = -ENOMEM; + if (len / PAGE_SIZE > totalram_pages()) + return ERR_PTR(-ENOMEM); + BR Jaewon Kim