From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A662CC76196
	for <linux-mm@archiver.kernel.org>; Thu,  6 Apr 2023 23:38:27 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 3D74E6B0071; Thu,  6 Apr 2023 19:38:27 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 360056B0074; Thu,  6 Apr 2023 19:38:27 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1D99C6B0075; Thu,  6 Apr 2023 19:38:27 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 0A9CE6B0071
	for <linux-mm@kvack.org>; Thu,  6 Apr 2023 19:38:27 -0400 (EDT)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id C47481A0C85
	for <linux-mm@kvack.org>; Thu,  6 Apr 2023 23:38:26 +0000 (UTC)
X-FDA: 80652582612.25.3594296
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf27.hostedemail.com (Postfix) with ESMTP id 0D94E40008
	for <linux-mm@kvack.org>; Thu,  6 Apr 2023 23:38:24 +0000 (UTC)
Authentication-Results: imf27.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=1fs25dyW;
	spf=pass (imf27.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1680824305;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=4xcxqI13YblR5naM0xfJF4hAuiaf6zTvAqeX0dtk2i0=;
	b=QTBtshlVxItyDotIFTRoxDYJT6ZmbDindHm0EMchLiLdDsQXDClrpRdluGSoVr5g2YKFBB
	7jvEvsITYswtnJVR2opm1Q7pfTBmXqHgaNnLSIlb/Tdi1mQuZQ/E8bOrbmntzudI3t9vvT
	lzRigk1uYFAWv7n5G9Y5rAvpknyYBOk=
ARC-Authentication-Results: i=1;
	imf27.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=1fs25dyW;
	spf=pass (imf27.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680824305; a=rsa-sha256;
	cv=none;
	b=PSRg/5EDS1H4gfosdeX9dcDOqSFHYB7+0RVgX6sTveUXaBPfcBFb6XGSQHpwwJAWfGehhv
	3ca0gjuBALKYrw9gWdAX6sQL7gUHI8+K7v4gBClvHbVCxmR7z1IvtO+djlDdlgdSVAzP7h
	0lDq5gVXdsU+J3IHyXg1E4F8D7QSa0I=
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 11E7664CB2;
	Thu,  6 Apr 2023 23:38:24 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B04AC433EF;
	Thu,  6 Apr 2023 23:38:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1680824303;
	bh=tW514L5hEk5UoZsNv5iuj5NM1Wiovb5lmuY845RFnBI=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=1fs25dyW3xLIBBhxXao4Izy35sLuzQoQifUh9Gk8kYN98rzV9wPQRFgya3v6F+g2s
	 tdkgj5m8taSgjxTailT0FGCt73QgU78jrCkG2YWHWa9l7H6SxPeXBND6BvhZHiCG8I
	 srBDD75mvSRFDPlMiyI8K6+LdWZFffuGsRaewjaU=
Date: Thu, 6 Apr 2023 16:38:22 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: "T.J. Mercier" <tjmercier@google.com>
Cc: John Stultz <jstultz@google.com>, jaewon31.kim@samsung.com,
 "sumit.semwal@linaro.org" <sumit.semwal@linaro.org>,
 "daniel.vetter@ffwll.ch" <daniel.vetter@ffwll.ch>, "hannes@cmpxchg.org"
 <hannes@cmpxchg.org>, "mhocko@kernel.org" <mhocko@kernel.org>,
 "linux-mm@kvack.org" <linux-mm@kvack.org>, "linux-kernel@vger.kernel.org"
 <linux-kernel@vger.kernel.org>, "jaewon31.kim@gmail.com"
 <jaewon31.kim@gmail.com>
Subject: Re: [PATCH v2] dma-buf/heaps: system_heap: Avoid DoS by limiting
 single allocations to half of all memory
Message-Id: <20230406163822.faae6a90b3aa4942df6e7442@linux-foundation.org>
In-Reply-To: <CABdmKX0ZnQX5BPEJjqxwUsx=c8ykcX8Bjitak50DAYvfti6VFw@mail.gmail.com>
References: <20230405185650.239f9721f066aa480e83d543@linux-foundation.org>
	<20230405172524.e25b62e1c548a95564b1d324@linux-foundation.org>
	<20230406000854.25764-1-jaewon31.kim@samsung.com>
	<20230406014419epcms1p3f285b6e3fdbb1457db1bcbaab9e863be@epcms1p3>
	<CGME20230406000841epcas1p3630010a770682be0f1d540a448f3e00e@epcms1p2>
	<20230406021712epcms1p216f274040d25d18380668ffbfa809c48@epcms1p2>
	<20230405200923.9b0dca2165ef3335a0f6b112@linux-foundation.org>
	<CANDhNCq+mhhXjW7huYoQwUq18sRCcn6HjbPqh7mU9KrGyKeLfA@mail.gmail.com>
	<CABdmKX0ZnQX5BPEJjqxwUsx=c8ykcX8Bjitak50DAYvfti6VFw@mail.gmail.com>
X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 0D94E40008
X-Stat-Signature: frrzsohu5z4ntm6a1grsp9zi7dczhhyf
X-Rspam-User: 
X-Rspamd-Server: rspam08
X-HE-Tag: 1680824304-976359
X-HE-Meta: U2FsdGVkX18yOfeRYK7F2VmLcoS4NPw/ce7YJ71kqRfX3HcF/ZWIj6DZdAmYYUHBYVnRT1TJa9G05EVeB4EFNR3ftVDBNWoKIQvj9OmQ8TpLZDpH0rpyBCfbZJhi96G9QR2frg7eLiefugO0mQzeANmDKVlU2H9mdXFMbNtJnMAxAsyWneZTC3gg4t35yUTVRbrevJMVFv4ufXG/3RG5DIwK8w90cStb4rrsdhQxeaU04rGKcaFVq996r+LDO8kt/1HdcsdvU6iXgea6gOkYvH0qHP3RJJNkc2IKgWRbfBgYgRMf7C+D6y2kyktA1KkyKgwGwZLvoa1lwmb7llSI2R8y4ZCWX6VoIBdXECWENScKXy1zudbd79m1x1qDBA8oPQu4pFnMyae+3Qbq8kNlIIWQ1VOjj3yiYmh1BDO0sSfaigUBzKwHykHjXV3Mu1nagYTa8rsAuPXhN2FCoSuIyK3zwlNEl9zesbgelt7gTyW1t2TnN5Zr8uNVGE364AZ3RzH/vJ2aisO9xC6MHsatUVmDdQlEKz77Ny4fhCG+iekBsbF+qNy4Uu/94eTK33kfFQSthr9xTc+1HSdOWcsPMzzHpviVfXTJYJ/LY1K1AGqjAeg4Lq1LQZGGZ9+K4oXrxE4JBYfGT1xdLMC3Usqa13KkC8RaCvQVGnbGQcpDFJtyxvmT/+mnr00QRBGDFrnBu3aYvmIr9ooGcB5PFfQuC4BuPlrfYV5JuqYGxMUGtJJCumwCPsPga3zgkrd+osRtswIvfrtrr+v4AyBpHBhhb9BZHq5RxITElMCSuyPsO6F7U2ZQY2NIpCy5L0B+tEJLItzwXgPd/adgQqRMcD9H9ehhy23fkHdTUpBkwbCseBkwGCauV+kX2CXDSIav3a8AFd+0L4qyxqQI/PrYu2MZjKU5l5s0bh6a1HN34ZNXbbzRlMBU9wSb5NRlpAu2KPwgxiQpE2xqpLR20kupnWQ
 xywYsMPX
 kQe0PRzoqWGxjKt133UEs+6+6STMmYh5uujOwsSWEX0d6j6Wz0eJ0jLpjJwd5OtEP4S6cvsW+1k9rUDDvVbT8l4j3tkkBQpHnzzCy/v85SMM0kmjhF0+eWs6/OMr61Lt1CcCfWkoHEQtHxfnyu4Q7mQipEwp1SBAjK/oQGln6LfgomN6TSJ8Rzk2XQ+3dyuF/uRfLMMHMfnuBDeWXWBIlBWctw2gYcd0S6UlfgtvEKxtYVgimziunwfa5riAKsf0IN0FQfOCu806IT14N++RGHgyVwdrQStBZbvHQ/GQV1jZVnFssbmLhfE52qj+Z4I87n7P+O4lqHpOl7ulDdYLAO7TWfr9dnJj3y4tBbr806mKZINnDuFLoNXMFASDVCzM2Dy0SK+egShjITGfXxhR8s5PwIgYuQS4u+Yv8xr8t+bBYcghJdlnF82mIMEIYA57I1D7ysOztFShH+fw9/lGiR5RB6Pqxwx1DQAhrkLsFNcxf8n26m54WOWOVyuFAXSXNkEoCoOdy6wPuEqHqcGcRKB5SDQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, 6 Apr 2023 16:27:28 -0700 "T.J. Mercier" <tjmercier@google.com> wrote:

> > When you say "decide what's the largest reasonable size", I think it
> > is difficult as with the variety of RAM sizes and buffer sizes I don't
> > think there's a fixed limit. Systems with more ram will use larger
> > buffers for image/video capture buffers.  And yes, you're right that
> > ram/2-1 in a single allocation is just as broken, but I'm not sure how
> > to establish a better guard rail.
> >
> > thanks
> > -john
> 
> I like ENOMEM with the len / PAGE_SIZE > totalram_pages() check and
> WARN_ON. We know for sure that's an invalid request, and it's pretty
> cheap to check as opposed to trying a bunch of reclaim before failing.

Well, if some buggy caller has gone and requested eleventy bigabytes of
memory, doing a lot of reclaiming before failing isn't really a problem
- we don't want to optimize for this case!

> For buffers smaller than that I agree with John in that I'm not sure
> there's a definitive threshold.

Well...  why do we want to do _anything_ here?  Why cater for buggy
callers?  I think it's because "dma-buf behaves really badly with very
large allocation requests".  Again, can we fix that instead?