From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8FAAC3DA4A for ; Mon, 19 Aug 2024 13:19:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1EBBB6B0082; Mon, 19 Aug 2024 09:19:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 19A466B0088; Mon, 19 Aug 2024 09:19:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 03B0D6B008A; Mon, 19 Aug 2024 09:19:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D21106B0082 for ; Mon, 19 Aug 2024 09:19:52 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 74413A1302 for ; Mon, 19 Aug 2024 13:19:52 +0000 (UTC) X-FDA: 82469052624.15.736717C Received: from mail-qv1-f41.google.com (mail-qv1-f41.google.com [209.85.219.41]) by imf24.hostedemail.com (Postfix) with ESMTP id 9A146180012 for ; Mon, 19 Aug 2024 13:19:50 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=lr5juX22; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf24.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.219.41 as permitted sender) smtp.mailfrom=21cnbao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724073527; a=rsa-sha256; cv=none; b=WfBeIm8Fby0u6wWOvkRpp3jMGBoXpQP1xS4Q4vE/8wMqP4/oJTOwZPTAcp0L52WZOpAJ1k 77wd7GVssJ1vMPiPt4HD/o4U6FXEbTbV9yroFOkhv83suejctpkb6+Oz0FI09IVHZMQqQV XWHBsYqNH3FrNucxaPWwSm247EnAtj0= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=lr5juX22; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf24.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.219.41 as permitted sender) smtp.mailfrom=21cnbao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724073527; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+9cBvtpI693vgnPvfCeM9ZnZwQY5t+/0DMSD6dNvCO8=; b=kHX6ziqPG1y6x3iG1Soz4ZVujn4G6Vup6amGOmHtT/M07WuQ5Sj/QpwYYljSoxxzNhqxBj 4s9nEQxy9P5nkzu1UZA6Pa7plbAWegf+KF/cp3Y0JYHPNH9e14qIT3i3ftehw00QEXZctU I2UEV7qNVtshy9c6FwvKRcSR6ht8ic0= Received: by mail-qv1-f41.google.com with SMTP id 6a1803df08f44-6bf6755323cso25497796d6.1 for ; Mon, 19 Aug 2024 06:19:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724073589; x=1724678389; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=+9cBvtpI693vgnPvfCeM9ZnZwQY5t+/0DMSD6dNvCO8=; b=lr5juX22ABMsc7kpn4QFOMH1x0wiUVUxhdOEYlG57EcpGkyfXxmKZwR6JF83wBoJTt sWgYGmGxz+sLGBn6iLOf+y4yEfDMSkVaRGqKfX0gHaU5zWR/URI+PD1Ve2z0KFcWEgXs dwGqYLi5YKC4laceyk1YvwnZ9HbsMr4rZnu6MsaJXPzI0bqHCf77A6oW+0MD3IQaaDFk KLmK+F1Z/AutwifepPwzpic1bvchHaQBE1E5i2E2npVChAdhG065ieMK3H4sEBqyj27b uBGYo1VMh1mWswmDBmfd2syAXYsFETpCRTYNfwRGPVP4JIyEKhrOSOel7am7IO66dnGv OiOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724073589; x=1724678389; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+9cBvtpI693vgnPvfCeM9ZnZwQY5t+/0DMSD6dNvCO8=; b=xNxFXf06VtFRjFSG9ASFTTPaqni/myquIJpLmCXpFGJEm6szfSiYSMEjjyf25DZ9xj vnJ/XB1U7mtRVMKvPl1vymrl5fLq+jWUfC8FWWMJgYrAunPZtVort7qX5FI9ihGuHOZd usmASmFXFBS329da2QiQy9A4KEL57+pYSI2C4AIBzoLZVQvAPAS2utyoQSED7GvQhWMv Jx73w55NTPZjQ5UDd5Jg0C9PR3AV27JuepL/+Jb0WTHTwdwj+BcYIVgfX4xcmm+s7Hxf Ro1iB+tfZzNC5tAlwOm1MaFJZvtDbIhw7nb8sKv1EJKc7n/9mLbWzeYe+CYm7jdMqW++ AZCA== X-Forwarded-Encrypted: i=1; AJvYcCWcEySATz4ve8wai1HQDyAcoHG23s5kvDbTktjk1R3gt4RqU9WmT8H3CCg2nFfbxWMGyzHxcKKgVeUCoaP5QqZMLEE= X-Gm-Message-State: AOJu0YwsWILjPIMT5/hWlfdQv0ajdJj48uWKi8poytiDvIJR0Bpi5/fZ uxsVe40eJPx9Frv9vVADLSQv1qHe6EantWBIxaFkp5pXKS+RioqHOp8+HWZOg8o0VBJLOQBpafx oTqKknBML/8rd7O6gYauQuLV+fMc= X-Google-Smtp-Source: AGHT+IEcdmyGrZtw5VDXV9FbD56QJbSUlXapDjkvC+i8qePb8Qd5ZVGu1LtH5mPqDJbnnaH2+E+sqm8/pGLD2xFiQxw= X-Received: by 2002:a05:6214:428b:b0:6b5:e451:81d0 with SMTP id 6a1803df08f44-6bf7cd85cb0mr103739856d6.3.1724073589522; Mon, 19 Aug 2024 06:19:49 -0700 (PDT) MIME-Version: 1.0 References: <20240817062449.21164-1-21cnbao@gmail.com> <20240817062449.21164-4-21cnbao@gmail.com> <5654b71c-1d9d-4c48-b28b-664662da8897@redhat.com> <416ac265-ced2-4f90-a347-0a256edf7fdf@redhat.com> <54a4619d-e826-465e-9a0f-0a8f37798e15@redhat.com> <20240819124924.GA7642@lst.de> <9f4fa8cf-df02-463d-9715-087a7cd6fc88@redhat.com> In-Reply-To: <9f4fa8cf-df02-463d-9715-087a7cd6fc88@redhat.com> From: Barry Song <21cnbao@gmail.com> Date: Tue, 20 Aug 2024 01:19:38 +1200 Message-ID: Subject: Re: [PATCH v3 3/4] mm: BUG_ON to avoid NULL deference while __GFP_NOFAIL fails To: David Hildenbrand Cc: Christoph Hellwig , akpm@linux-foundation.org, linux-mm@kvack.org, 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, mhocko@suse.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, Lorenzo Stoakes , Kees Cook , =?UTF-8?Q?Eugenio_P=C3=A9rez?= , Jason Wang , Maxime Coquelin , "Michael S. Tsirkin" , Xuan Zhuo Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 9A146180012 X-Stat-Signature: omnpi1uqr3uq7qzqe7xzeu69yeg4iwb6 X-Rspam-User: X-HE-Tag: 1724073590-249548 X-HE-Meta: U2FsdGVkX1/dyHgITgvdgaNNQsygNJB6wQm+tDR+I+J+G5sRO6RzXV+KqO8fuHs21r3MpABtKpxJXLIbqJ8UmonBGpmqV5izfColdcUWw9Drxp5kfY/L1VDgL9n9ytXwzx0NspEoYiz21YM2igepS2VnV4phg8mHaSGZRPGgEgv6n8WFTJCVHcjeW327ZBKfREzGwX3UjIp5KvDrVD2Gr36P3fYfTa660++ic63dGnG1R63a7X3Vg83tZjJQEtAgzey+SNn7Dy3oBWsYwvSctijWUKDtbmFo8gJAPHfiIohovs6WkaIcgx0awQhjCmScSTO9YGGRZ/34PXkciN2rnYVxF3uPH3dCAmkxJJV0Vo59AwSBhOg/RV5c0Yh3+Yktne5ctVciGrKDLfIY99P5vMUJLgAM0Bzu9mOvw91T294+uaH9khz+HguamVDpbTHAmmAq+LCmcHXuDEfXRbMVJ1TvbU5aK2e9uZiGwCMU9X8XSwsipfAPI5MNq0OzBB9jFcvW+hrPhFvvX7vJ+BeH5o6gOb7eAx25yB96+JEA7y5/ZqofxJI2GCRHnbbT2RhH4EsVD6Ka8NgfPxiITBvVwt6JS3nrwUyJmea18S0U9TAPLo3P31V8cWD6LPubXJTtV5YCjN/ddk3MFzai6epvFylMmyzOlSoS4h9u8H9KnyE31ot6r9s5qgCHAPc+eWIc1EkdcKwq5htUVSf5LxdvhvkB6iLCCtGueJMxDgUt2tKE/fRcpQNx0vLSUsteSxU17idlgF2bdSNOMVJQdTFhr1UJmfnD3ZcX2PH/xMIpS1ScFfbe4Jfcmq+G7LDdFy8OFiSQmsjB7nttNeFS5txDDQ6ngUAULYRtcSMpMBAIi+wMQiO6YVIZsFnp593NWZJaaiEyO2eNy6m8VxxlhkwUXwRRlmuWkobLbTYRypX9Mmr5NFMGQyibUrZ2dTJWZZh8wJBgHvlQopgg+nA8CyO Z/akEomp 1Tg+gbe5pFkNR/Hse8ln4r/YtZcBkhPeSiO7DZn4qRKU/48WvnzRA503a6kWmsKi6oue7su79Dkv8zlnuSHskKkkcz/cNTFCDGmLDsgIS8vwNHyg8E5JGPDsHlbkhGJ6NCchz392MASMJU69fVghS2aOqqVv8X1wdlLegtBD1HZ+pAXUj6N1uIRjJ1FVLHvCWHrsiVqLGdrxzIwCfNzvbepP2vFfSh3pqzHlTAfquc0zlfggoKlzSBb/rtzyT1kpcckHtBCTEPcje6Iv7l2IlYPRnHWRnCtdXd0BsLgYM4nbKFAbEjOittEQl1WuDmNNa1JJOlRKtBwEZnFs30wxKfDe7OoSfQ8lskb+ZtWu6oRT9oXuw02Q6QoNZFKn8IYFIsZoJjL2O8eNMgOm2rmeFUH2oDajEcpRRICFMuggfx34v+ELtISbTReGVRV8Wdjd5aGN+PiXbSk8i9ks8u4KNT/Q3z+RXfKxEDkBzB/zHSm/kdlfqmJRnqRGFKASPEWQ4/F7or6K7IvqGmkXfso3IyIxaF//ax5+dsuTlXFSQRXX3mew= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Aug 20, 2024 at 1:10=E2=80=AFAM David Hildenbrand wrote: > > On 19.08.24 15:05, Barry Song wrote: > > On Tue, Aug 20, 2024 at 12:51=E2=80=AFAM David Hildenbrand wrote: > >> > >> On 19.08.24 14:49, Christoph Hellwig wrote: > >>> On Mon, Aug 19, 2024 at 02:33:06PM +0200, David Hildenbrand wrote: > >>>> It should all be caught during testing either way. And if some OOT m= odule > >>>> does something nasty, that's not our responsibility. > >>>> > >>>> BUG_ON is not a way to write assertions into the code. > >>> > >>> So you'd rather create exploits than crashing on a fundamental API > >>> violation? That's exactly what the series is trying to fix. > >> > >> I'd rather have a sane API that doesn't even allow this level of > >> flexibility with NOFAIL. > > > > yes, i have already sent a RFC enforcing direct_reclamation: > > https://www.spinics.net/lists/linux-mm/msg394659.html > > > > somehow, it is not ready yet. i think Christoph prefers scope > > api rather than GFP_NOFAIL which definitely has > > __GFP_DIRECT_RECLAIM set. I guess you know I have > > at least 5 series running, so it will happen soon though. > > That really sounds like the right thing to do, at least with the "direct > reclaim" problem ... > > > > >> > >> But probably I'm missing more details here why this all has to be so > >> complicated ;) > > > > enforcing direct_reclamation is right and will work for a reasonable si= ze. > > but for this overflow size, even if we enforce direct_reclamation > > in GFP_NOFAIL, we are still failing. > > Right, someone requested something completely impossible. It's harder to > do something here that doesn't return NULL. Except WARN_ON_ONCE() and > loop for all infinity. Returning NULL can introduce security vulnerabilities. While I=E2=80=99m no= t a hacker, it=E2=80=99s hard to predict how they might exploit this. If we want to avo= id using BUG_ON, an alternative approach could be as follows: while(gfp & __GFP_NOFAIL) some_cpu_relaxed_job; ? > > -- > Cheers, > > David / dhildenb >