From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 345D5C76196 for ; Tue, 28 Mar 2023 18:35:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A8AF86B0072; Tue, 28 Mar 2023 14:35:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A3B0F6B0074; Tue, 28 Mar 2023 14:35:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8DC4A900002; Tue, 28 Mar 2023 14:35:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 7D90B6B0072 for ; Tue, 28 Mar 2023 14:35:43 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5996D1A02E6 for ; Tue, 28 Mar 2023 18:35:43 +0000 (UTC) X-FDA: 80619160566.02.AF55FB0 Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com [209.85.219.181]) by imf09.hostedemail.com (Postfix) with ESMTP id 8F6DF140026 for ; Tue, 28 Mar 2023 18:35:41 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=EtkvNeRa; spf=pass (imf09.hostedemail.com: domain of tjmercier@google.com designates 209.85.219.181 as permitted sender) smtp.mailfrom=tjmercier@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680028541; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QAYteq3mFV588TpLqRaA86uUyETx+bdriGoU/y4d71Q=; b=vmJ9uv7LB27eXbWnt9AQgcGo9muPspjqP2ySpGwSrAcpoULTl3G7BmZ5jQOcUO1btFqDdV wn9jsVg85932quYd86p8neADgvPaPR/3vcmZjLj5JAybbvzv6DgnyNbnYUtjJvPA/C+tn/ hDVtfheLW16EOa2J5qVV6oSCAUxVat4= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=EtkvNeRa; spf=pass (imf09.hostedemail.com: domain of tjmercier@google.com designates 209.85.219.181 as permitted sender) smtp.mailfrom=tjmercier@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680028541; a=rsa-sha256; cv=none; b=A6ADccu4b4g+D0lGcmfzDrrjrXOwy2o1NhwQ8rlRG8Sa7rfIqezp0nGz4IfNiT8+KIU60X 1V7g2ACjaXzFZ5nCCTdvbVdlqMM0B5fDrTdLz9vqv8HJxmW6eY3VvzH5rzpbwVvG3npxzD 2ayCbvI9Jfor7LPI3NVqwv7jrD4C9sE= Received: by mail-yb1-f181.google.com with SMTP id p204so16312473ybc.12 for ; Tue, 28 Mar 2023 11:35:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680028540; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=QAYteq3mFV588TpLqRaA86uUyETx+bdriGoU/y4d71Q=; b=EtkvNeRanejerUBKb1YW3cH+uFNUeYLsqvaqGYBqdrzxnDPIhaTdpsAP5STbq4tqos VX3vS/hPsUvsRaov5cj5X+n8Dfw9cSF6EBigZbkMh08EAPI+bGNfsAItFKbgAWRnOahG 3ura0nlamPbFBr1BxPGMsB3sQVsh3sB3eB/sP9+nKQdNYIAdsu+dxXbVuWHIwwl/Utl+ V4qDqg+93Ku6ZNgowrnSX2vnpi8+X7GdsqEb6etgloYbB8ZnhRhS8AjL5jPncd02y8Lx DJ+2GSWatIo1RZXLx77f8fpT8JOLpChsogotPbGX6gzNf1pQzd/u9tfmn1buGCjQ95Av EbzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680028540; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QAYteq3mFV588TpLqRaA86uUyETx+bdriGoU/y4d71Q=; b=mkGKI/lU90jr4ncn5X73ARylxEa7/VOze9BGBqwn8MKGTEW7lBpiO8zDAClFvy3rOy BTJCFElcYMGrio8RnoXlQsnygguoeVnFXuvU1jJl2rm6ZCGcfZM54DGvDJ5t1jF9Bo90 u775AhNfsDJkXYix9TdTFKnHZ5aIvW35oGDCtDkFJRpNb+Tqbvw0jAksrCo9oZlpVCmv yeYIi9OGtjcJ+0gyu7aeZPg9lO/EjmyjyoCukIwlBMB4wCDBuBSYe1koKtt6McUfLjcM 1KU2+rXoXxVnjmXxbMHVHbgco2UhlfcQmot7pobJyCCdwRRUJVBgCePyC9vUNhvkYqCz dzWg== X-Gm-Message-State: AAQBX9ekT7T+cl8gsFeEmoozIghotcNI1aXRXhubrOpEgJOJz19+JQKY 5dDFHJ6LlwhVBFbWPSVJSlvt0LS3ndQSBHFKQ6Kaqw== X-Google-Smtp-Source: AKy350YdWjxd5LK3M07fya8VNGhvEsapUC41YfV/gEay0jSdep7mSp60+MTMxUlrV/q2Vtcbppv04hHCkyRuXanpzEM= X-Received: by 2002:a05:6902:1543:b0:b77:158d:b3a0 with SMTP id r3-20020a056902154300b00b77158db3a0mr14053685ybu.6.1680028540565; Tue, 28 Mar 2023 11:35:40 -0700 (PDT) MIME-Version: 1.0 References: <20230328125818.5574-1-jaewon31.kim@samsung.com> In-Reply-To: <20230328125818.5574-1-jaewon31.kim@samsung.com> From: "T.J. Mercier" Date: Tue, 28 Mar 2023 11:35:29 -0700 Message-ID: Subject: Re: [PATCH] dma-buf/heaps: c9e8440eca61 staging: ion: Fix overflow and list bugs in system heap: To: Jaewon Kim Cc: jstultz@google.com, sumit.semwal@linaro.org, daniel.vetter@ffwll.ch, akpm@linux-foundation.org, hannes@cmpxchg.org, mhocko@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, jaewon31.kim@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 8F6DF140026 X-Rspam-User: X-Stat-Signature: yeepmjjoo1wwxtexwtn3cwzf16dfo89k X-HE-Tag: 1680028541-98572 X-HE-Meta: U2FsdGVkX1+EcFx6/9BbNJodQArMXc9vTRyuAvRlt8j5aY5aM7ssMJIbvki4ly+EO0D6GAsC1m3ShfNKXUuOpaFR+cNpHhqG20UWrvIF8T6DCpkaTbnh7m1Gkp4Y21z7QowvS2+CSZfqyY5GTvI1ZtGNlyru/8413WQqTibLA2KDL79gQXghNRjbkWsWfzzOE4AaMM+1lmuNT9BDXpYGXyaTsKhVEOEN/iwG3v5JbjQ3MZ98mgjcJZu37rFdASYM+oGkYE+4r1vDPl4znPqqmqWi+AGG942djT1grxCLr9S1Z/5hehaWCcx0wrMzYEQh+4YLOZB3FgxRFNRafl7263nprJafpvvIb4w6j+XgZ48tczXNj1pMZLcxbmfYhgTfr581d9WU2WeSuE5uA2PNwB+jrEqRoozgx1XEhJxv81RpCdvadoHDjCho+vHL05bTJyRHmOmze6zswrtSaV7dIZ854Rx9y3+dYTxg2hHO1lcMSS9WJOhoczlLAMdIWi169XTuNdDQZOYHfPSPnkJgOjoxg5sbwbdIHenw5ZsPO9Vuz/r/L+fKAmRfFvFomhVgcUfylyieU8IOBuPqbw6hTr+Vbx4VXh6T1ehoy7n4qfOJNg2R6CqwSv+EVVHh06JBJU4aTWOxQjxuw8hCDQoRSLzw1DwEB74S/l1MGkaPHnPrXsYbXGsC72UbkrDuN5/uqrNnTc/iLmFGKfiELeyHuQd3BsK8G3/zyoKwpN+vfQg8Ap6hcsN8wwuwCWnAnjz9SIMXdqfy5ZQDVfnpAm/sjvTf3jCMzx49UaUMzShwoXQ0CPbuVRI56K36rhuPlYcucaGwRcFfl1ftTEZoD+Nhd1SGQWcEfnInT2RCu7sGwwv+QOghyrkXIcg/oLXRmL7RxC7EJc2mfmz8wimpyw0sTH687srrwNvLNjW13td4Yb38X5EFtZ4gN+vufea6cYGZ3dAeFsUTu4bmUdhXQK6 02WRCJgk YMNswbiwvVxorO2PnEt2c3KL+3NFLodQdhpbiyDa2fkSoS5iB5Wp91yDZdZTePU3PWTgNKsoAeM20TDZ6ogTrN68zM0Cn8y2zd5h4VwhzVaR3fN5CNnuA2fT2FmFGwkHXdHUJ0WVgB8Zg8c+nSlYt4yiOpsz3QJYrJU0ZmP8h8A1x1v1wOso0M/JRez4LKvs5WXq8FtMLsjErxEo8C2j9feZspd6WDe7FXlalaWsKagrTYq6/BXvp5z56HEBm0CrP/is7W7O7sFGCD6r5WgUMAnLmAhpIxMrML6JZfM1m9qoBQGbE1fs1HBSrAUbBWhobmRHfXi2JptpnCLgIKRqNTflc7w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Mar 28, 2023 at 5:58=E2=80=AFAM Jaewon Kim wrote: > > Normal free:212600kB min:7664kB low:57100kB high:106536kB > reserved_highatomic:4096KB active_anon:276kB inactive_anon:180kB > active_file:1200kB inactive_file:0kB unevictable:2932kB > writepending:0kB present:4109312kB managed:3689488kB mlocked:2932kB > pagetables:13600kB bounce:0kB free_pcp:0kB local_pcp:0kB > free_cma:200844kB > Out of memory and no killable processes... > Kernel panic - not syncing: System is deadlocked on memory > > An OoM panic was reported, there were only native processes which are > non-killable as OOM_SCORE_ADJ_MIN. > > After looking into the dump, I've found the dma-buf system heap was > trying to allocate a huge size. It seems to be a signed negative value. > > dma_heap_ioctl_allocate(inline) > | heap_allocation =3D 0xFFFFFFC02247BD38 -> ( > | len =3D 0xFFFFFFFFE7225100, > > Actually the old ion system heap had policy which does not allow that > huge size with commit c9e8440eca61 ("staging: ion: Fix overflow and list > bugs in system heap"). We need this change again. Single allocation > should not be bigger than half of all memory. > > Signed-off-by: Jaewon Kim > --- > drivers/dma-buf/heaps/system_heap.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/= system_heap.c > index e8bd10e60998..4c1ef2ecfb0f 100644 > --- a/drivers/dma-buf/heaps/system_heap.c > +++ b/drivers/dma-buf/heaps/system_heap.c > @@ -351,6 +351,9 @@ static struct dma_buf *system_heap_allocate(struct dm= a_heap *heap, > struct page *page, *tmp_page; > int i, ret =3D -ENOMEM; > > + if (len / PAGE_SIZE > totalram_pages() / 2) > + return ERR_PTR(-ENOMEM); > + Instead of policy like that, would __GFP_RETRY_MAYFAIL on the system heap's LOW_ORDER_GFP flags also avoid the panic, and eventually fail the allocation request?