From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29DFCC3DA7F for ; Wed, 31 Jul 2024 07:15:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A48D96B0092; Wed, 31 Jul 2024 03:15:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9F8C96B0095; Wed, 31 Jul 2024 03:15:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 899146B0096; Wed, 31 Jul 2024 03:15:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 646BC6B0092 for ; Wed, 31 Jul 2024 03:15:57 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 1FE60A2E49 for ; Wed, 31 Jul 2024 07:15:57 +0000 (UTC) X-FDA: 82399188354.26.B0FE638 Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by imf25.hostedemail.com (Postfix) with ESMTP id 2EC96A002A for ; Wed, 31 Jul 2024 07:15:54 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=F2QKK23Y; dmarc=pass (policy=quarantine) header.from=suse.com; spf=pass (imf25.hostedemail.com: domain of mhocko@suse.com designates 209.85.128.44 as permitted sender) smtp.mailfrom=mhocko@suse.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722410114; a=rsa-sha256; cv=none; b=sRDZvopCecAIP+NGaKAL6/6tBnvBCQUlWj87GzGD+x6kxKJEiWY7kc2+AflqZ/UPbuUG5f P4W/B45oCsZer1DrAUFVRVRyz1LyxSvfY8XFamyJm0JD+BBP/BqKNUiLWIuFw8AjqBfcwT iQkUl+h+5oPTnnleg0Lnzxgv1HJAj5s= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=F2QKK23Y; dmarc=pass (policy=quarantine) header.from=suse.com; spf=pass (imf25.hostedemail.com: domain of mhocko@suse.com designates 209.85.128.44 as permitted sender) smtp.mailfrom=mhocko@suse.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722410114; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zudpktKJf5WXnSTtb9WADDZ8shOgAvseh08NAfB+ers=; b=KHcEIzBGPWNwBntNo6MkXd8F5q8n+41rQQgqjHHioBV9VyU5v94w5EOESg6RkccFJSOZwc Wju79rYJqwCU3Pctr19rUb9I030SvtbHm7Fm/kdcIp+zI3IL9ciS5PmCw/CrOTroTRraVI Y/vqksgGhM7vxw7pBVqiea0mriNRQ7U= Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-428141be2ddso34340435e9.2 for ; Wed, 31 Jul 2024 00:15:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1722410154; x=1723014954; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=zudpktKJf5WXnSTtb9WADDZ8shOgAvseh08NAfB+ers=; b=F2QKK23YO7QK/az0+ORB11x9Rf6GWlkO0v6HiSp4ljhGUdIAS45+oIpQ7dCLV0JSPV AepJVJatwL/lGKyfx1ke2YtprMpvwDIPrP44VBwQXVgYS5zGyA8E+qRtrje2E8NyIDFu vNL+neUkP/DkPfHeQVr0wN1HWQs3LwqiDA9RKJOA7tFCGUnYpWIXsX+wdop5rYgCaEKp dydjYZbnZlyMJJpMnszNEPGamqI3Y8yLAqqGMJMmmdiNh7QSACfTPvPmpYyhEXNBPaIU tHP4iCApod2ROfsxYs0YzZUUmYSZQKNnmVZKQQZjD3/AahE4j4lYso6t4cLYDhkmWr4X mdHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722410154; x=1723014954; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=zudpktKJf5WXnSTtb9WADDZ8shOgAvseh08NAfB+ers=; b=gNvyKTCzDDmVkxWd/YV1ZN8hZOUumwDC/+41SAYtH5AsCxFNBkXRVzEwUb1BaX9BFR tnS2xBZJ9qaqI9fqOWGR/qt3hA5+TResh0C2PHQvoWdLoavyHMDBDz1FnolyZuy+l0zr omuzSL01tT8rZNqyduzg3cXrWgQxcauV+pVvUVD4Yn+L8BTJckPldVuzX6qMpZGz2/io xABRVKO7SRMI2tkloPTiNwDXJMxJb08NSpsh2dXf1MZiq1GYZVt6wtfqaGqjD6Wgqj1Z 3djy9abiuZqvv7pZ0+sLtRhSxvp9COo49qUjRgGNo6OZMC+OLk/G5rfgrzgLJ29yZLrx CqBg== X-Forwarded-Encrypted: i=1; AJvYcCWbXum6cs3fRWkDJYdAEztl6FVccHHT1f5OKtBJe1sbE1kBIGOBnH/Q3TIItKcPN4vhqe3oErLbmbaJUkUMvFapoSs= X-Gm-Message-State: AOJu0Yx5ych1vOec+lrz2f0cAJxF29OEWbGBX6oSIQ9nHmma+QOwSeHV eUln+4gLVVOvAco4XCEdpYw2wZdxwwMEmAogiORsU23oqFFVVBrqDcPw4dB/DGA= X-Google-Smtp-Source: AGHT+IH3SbxOfbCbqfY0UXbai4Q1ROAP4tq/7Y8V9LwUiEQO8fwPL9b5eKCsaKjcznBGEhNvY2lVTA== X-Received: by 2002:a05:600c:190f:b0:425:80d5:b8b2 with SMTP id 5b1f17b1804b1-42811d89fb4mr88528815e9.16.1722410153577; Wed, 31 Jul 2024 00:15:53 -0700 (PDT) Received: from localhost (109-81-83-231.rct.o2.cz. [109.81.83.231]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36b367c0889sm16319146f8f.22.2024.07.31.00.15.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 00:15:53 -0700 (PDT) Date: Wed, 31 Jul 2024 09:15:52 +0200 From: Michal Hocko To: Barry Song <21cnbao@gmail.com> Cc: akpm@linux-foundation.org, linux-mm@kvack.org, 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, lstoakes@gmail.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, Kees Cook Subject: Re: [PATCH v2 4/4] mm: prohibit NULL deference exposed for unsupported non-blockable __GFP_NOFAIL Message-ID: References: <20240731000155.109583-1-21cnbao@gmail.com> <20240731000155.109583-5-21cnbao@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240731000155.109583-5-21cnbao@gmail.com> X-Rspamd-Queue-Id: 2EC96A002A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: sdzm3ruijf46fwaimr6tyudngqode5m5 X-HE-Tag: 1722410154-175576 X-HE-Meta: U2FsdGVkX1/jLI9U8XxB88ZBeZc1n/uZJXkXZ0VSvnhhPp8GVDDG0UkGRjnjDNgdjY+sAn0Xm08a94XYEIMsxdKvov/LIUEfZy1nrHFp1ydqQXBgrRJ0fB9ZrNYkLJ63gqpHdJ5oHj3LKLCIW89JT+SclyaqHuMrDFMN0Vk4Fa1zzKaIoFatHVcTB1KKwnqi0oH1v4/Gjv+j0b3CO/NHyMhqV8zzkifbPQUqU+bxR2v3kZqWLaNlpUE2RfqrA+Uxv9HFhvJw4g9kaoMAxe/yMfTX/cE0PpzmWG8vW/b4N/7JJlgWrusEviU9ca9OTkbSJmK4AS60zMK9YFOckKIc90wCN7TInR88qXgf3Ht9zv6CwokUfEBHzsQxPB5zq6YGbq+mdgjP+i8+skX1XXncm5EWdmGJVM6IX42xivos2oBeNOMSRiA3qOzPeAwFOfLufpMb7P7lIerNJ3d2g2naGpmySoPqSnhgi0Zc2xdt94jQyeh47m2eZwvpmSnDZznSLTsQQpO+uOsfYO3DE1zIJLxrA1sMEZjGA3e1mBhS2X33Ugw9QUmvyIpSdrOChP1pHdLGN5R+uzVnm6FOVRd2qDQZm/1amEl+yuJQVDBvhvjp+QfyPgAnLVUBlH+vvt0yc/7GbtSpr2GiD7FfqWmn+0tZf53iDEDfHmx+YsbVm6o6OJIcR7qxMW18nC13djlvlmprY9ukgsyNrDczQO+/aC7izbFVYLGh5QR3oxz05prlpZCU2lO3yNw0eBhwMo5KqGrX9VKNBpTSKglNolb1OrDpHHJ6LlLPIHxJnp5x5fV5yXhqPw5GnE9KqwUCKkK5NVCDsYmbgHDYAwmrryvw4O0F3H4XwY76SZHzS8eg6y3SPPI/yCSxXjUIOqbtsd015ujlIJ9N1pFFx40y5SgoM/cxqqDaBVBM+6ajgI1nJ0ZfzuqDbCxqVdU5DAwWCkaV7epMJA5oeuCTlCrmrXL Fw6Iebxp 18VjSlIWDdbj0n8B9frVPHt7sbCN8VXMA+u30eDah/MQPiDQKu2m/Mew0sbn0+4M0VwER4pnn75QmsY2M79yWhUlJ3kapope4VV1pFUzFDwWPXfqZTm3Ss2Rn7ZSRLV5npkBwhjPUEn32nTRD8VDdV/WAHLbfbk8kSTMQWN59fs8rFVyYLtL90sGAsRr+zBVuY2NQ+sT/OYeKLD4DWoDZGPRNJee/OOIeVaGoe/g1CCmL0zt91z9GFoSdTW3MENHs7DgesgjcHRThOHS5dwDr2iDoRM72+oPnlnRD3wIFq+0SbA6mxZ2ZRHzW/zPZ6vvLaze05OKlVAMq+BmiEynC2NOGO7fJgsW4FtT3RJVArEqqeJigYD2NpIiobLDhbZmtNpACWQ2X3yaFpsLj3DSBYltcmQB2h14iGcIzRM8EuaTmqUpHhAAqdSADgv1pZgFmiZWLze3qygyqoTLfkdXxblD/1d5wz6iDkpNwUZRiyh3HP8xM8IYqbOyLd+Ousx22j7WKBhDxym4IQxU6PNuZvc7jrZ8MUGg3vsiPcXsQtr2TvBm+Kq0qw0v/9QWTf4WmZAxXgTIz1TNvBBiEqB+tv3n5Zr+Huh5eVwEX1LcAtua6fgfkDeS6TORUbBa+WAtihMMwJPfrHZIxbk1DoZivaDFWhBnK4RIXbOWnwoTwK7/pNcCM1JJwCQVP8iknFHUtGrHAkabcX5J5xEvq9ZbukjorUSjRhZbD29TVp6uWFyLopompCfJxjveiuH3jgN+Rje/5zz4l3eBX8hJI4KyJs4TxK8QLMY48jlhWS3qoepEnDtXkR1aenqpWaP7uZziah+IJFgAhXOYR7CaNMqprWOl6ZzAAyMMBsjVhAJUB8yZjKpg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed 31-07-24 12:01:55, Barry Song wrote: > From: Barry Song > > When users allocate memory with the __GFP_NOFAIL flag, they might > incorrectly use it alongside GFP_ATOMIC, GFP_NOWAIT, etc. This kind > of non-blockable __GFP_NOFAIL is not supported and is pointless. If > we attempt and still fail to allocate memory for these users, we have > two choices: > > 1. We could busy-loop and hope that some other direct reclamation or > kswapd rescues the current process. However, this is unreliable > and could ultimately lead to hard or soft lockups, which might not > be well supported by some architectures. > > 2. We could use BUG_ON to trigger a reliable system crash, avoiding > exposing NULL dereference. > > This patch chooses the second option because the first is unreliable. Even > if the process incorrectly using __GFP_NOFAIL is sometimes rescued, the > long latency might be unacceptable, especially considering that misusing > GFP_ATOMIC and __GFP_NOFAIL is likely to occur in atomic contexts with > strict timing requirements. Well, any latency arguments are out of table with BUG_ON crashing the system. So this is not about reliability but rather making those incorrect uses more obvious. With your GFP_NOFAIL follow up this should be simply impossible to trigger though. I am still not sure which of the bad solutions is more appropriate so I am not giving this an ack. Either of them is better than allow to fail though. > Cc: Michal Hocko > Cc: Uladzislau Rezki (Sony) > Cc: Christoph Hellwig > Cc: Lorenzo Stoakes > Cc: Christoph Lameter > Cc: Pekka Enberg > Cc: David Rientjes > Cc: Joonsoo Kim > Cc: Vlastimil Babka > Cc: Roman Gushchin > Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> > Cc: Linus Torvalds > Cc: Kees Cook > Signed-off-by: Barry Song > --- > mm/page_alloc.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c > index cc179c3e68df..ed1bd8f595bd 100644 > --- a/mm/page_alloc.c > +++ b/mm/page_alloc.c > @@ -4439,11 +4439,11 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, > */ > if (gfp_mask & __GFP_NOFAIL) { > /* > - * All existing users of the __GFP_NOFAIL are blockable, so warn > - * of any new users that actually require GFP_NOWAIT > + * All existing users of the __GFP_NOFAIL are blockable > + * otherwise we introduce a busy loop with inside the page > + * allocator from non-sleepable contexts > */ > - if (WARN_ON_ONCE_GFP(!can_direct_reclaim, gfp_mask)) > - goto fail; > + BUG_ON(!can_direct_reclaim); > > /* > * PF_MEMALLOC request from this context is rather bizarre > @@ -4474,7 +4474,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, > cond_resched(); > goto retry; > } > -fail: > + > warn_alloc(gfp_mask, ac->nodemask, > "page allocation failure: order:%u", order); > got_pg: > -- > 2.34.1 -- Michal Hocko SUSE Labs