From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79C15C52D6F for ; Mon, 19 Aug 2024 17:12:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DBA3E6B007B; Mon, 19 Aug 2024 13:12:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D69DC6B0082; Mon, 19 Aug 2024 13:12:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C31796B0083; Mon, 19 Aug 2024 13:12:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A556C6B007B for ; Mon, 19 Aug 2024 13:12:55 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 43242A1437 for ; Mon, 19 Aug 2024 17:12:55 +0000 (UTC) X-FDA: 82469639910.15.8174980 Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) by imf20.hostedemail.com (Postfix) with ESMTP id 1F6FC1C0024 for ; Mon, 19 Aug 2024 17:12:52 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=N2g689k1; dmarc=pass (policy=quarantine) header.from=suse.com; spf=pass (imf20.hostedemail.com: domain of mhocko@suse.com designates 209.85.167.43 as permitted sender) smtp.mailfrom=mhocko@suse.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724087516; a=rsa-sha256; cv=none; b=z4wpeHNJtPA/zo7VotwJIUjnm3PJiUwciadb03SV0F0UUsMyDPAes3p/bTNLBanyHAGJgZ aBgdKByHfejEbRoYsrPcenPxmn0L/ksA8rOmJcpq72CnZeE9QZJVpOQkTgw0jRgTkpRZ/P W1IJKtbW+oE/5uLs4x6g+lhngjLOphc= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=N2g689k1; dmarc=pass (policy=quarantine) header.from=suse.com; spf=pass (imf20.hostedemail.com: domain of mhocko@suse.com designates 209.85.167.43 as permitted sender) smtp.mailfrom=mhocko@suse.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724087516; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=AN5zhCn+htt3noRzaKCJLW9ql26hNTmL7gyUWJWJMns=; b=trB4cnMiP+35cbSVknRZJ2E8B/a4QOx3P8b49H5pfA6CSmccopNmckM8yFHR+9QF66FTCS CsA03dPkyEcxNyzSOV2buIhG8iXf6cfJYZCvAIz9cilYWRDWq5gCG1N3hQqqdn1weHcmqx og8xouxhFEPBseG8WK44fbtLsyye+vk= Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-52efe4c7c16so5960167e87.0 for ; Mon, 19 Aug 2024 10:12:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1724087571; x=1724692371; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=AN5zhCn+htt3noRzaKCJLW9ql26hNTmL7gyUWJWJMns=; b=N2g689k13WwniPEnW6uBzS2L1aeHOdlqctIUkTGelh9a0Uay16c7RKF8/ZbuC5czwS K8g293S0bzJiZoQGiu/5j+2NFzc6fw5JVjIi3TGVcR6Ca637OjitX5toGQ/VBcXr5Ein zNoZjcaeQhYs+vy9sJ5Zo+V6nVCI+9BLbG7HLaK1B+yhjcx/Vovsx3Xli3zjuoLhYAjF EvvZuadp9Wy7lP8+qaZ7uwO98KUmYWf/CJm/j6sz0IE3jzGRF6muTlE82bK5DSgZ0n4w k/u4HUvUfLcnxKiLmrHbHdS52VyB15U3jNUc2IWbmd3TFDLk+v8ntrJAV4tBcxA5T3ZC jxVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724087571; x=1724692371; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=AN5zhCn+htt3noRzaKCJLW9ql26hNTmL7gyUWJWJMns=; b=TE/ZmrS5g2zGFM5kc5NA6aICdNf4hquz7dliGs5fmaYrxYJdSR8ZBT89jYDHWlrngq Wp5iPmUHn2RbMptKTopXEX5E5XC7qEYG6zorFnjkPV4dIP/CpeTYeyAHMdATbFjY2Lq3 dylPUANILRdvtlGL6gryfIOFx+pLUyJrXpCKrqQktZU1p++Glq60pcgPMY+IobUHzf+r 0B5T+6NrttcyftW2092YSeyR4AU9hMHFOCqcGbGXzURv7Ds2r8kLK3F2RWl0C4hd+DJk E47AgJwo6OpLVHbrBoUHOgD4Wb5S7i89xP6wOT+UccXtmV9fvaAOFJj1HtHjMMkJo0a8 9N+Q== X-Forwarded-Encrypted: i=1; AJvYcCWY0KNxEDmPwq2DivtkshJM31D9FitKnXsUFalI6tcPg9FAQWEEk17/WZfvsDEp3CTVbu+LlD7xDfukToHQomQZaUo= X-Gm-Message-State: AOJu0YxsFO/eh1Zoa8T84J4N5RW5ZHlnsQEeLmV1Xr4v2JIQjQIVPCkO X3vPKj+x64zqxk6GZaflNE9Tzghgea1qO9OdZa6o7HNr+VxblZrx5tzug9M7GPA= X-Google-Smtp-Source: AGHT+IG2U2zQoNGTqC2ysJvFQAGTwJhpWlG5Siw96cD6hn+S1RR1nspkMAdoDrgkzNNMOIQ0bz4RaQ== X-Received: by 2002:a05:6512:33d6:b0:52f:ca2b:1d33 with SMTP id 2adb3069b0e04-5332df41e54mr4774582e87.20.1724087571066; Mon, 19 Aug 2024 10:12:51 -0700 (PDT) Received: from localhost (109-81-83-72.rct.o2.cz. [109.81.83.72]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a838394723asm665069066b.171.2024.08.19.10.12.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Aug 2024 10:12:50 -0700 (PDT) Date: Mon, 19 Aug 2024 19:12:50 +0200 From: Michal Hocko To: David Hildenbrand Cc: Barry Song <21cnbao@gmail.com>, akpm@linux-foundation.org, linux-mm@kvack.org, 42.hyeyoo@gmail.com, cl@linux.com, hailong.liu@oppo.com, hch@infradead.org, iamjoonsoo.kim@lge.com, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, torvalds@linux-foundation.org, urezki@gmail.com, v-songbaohua@oppo.com, vbabka@suse.cz, virtualization@lists.linux.dev, Christoph Hellwig , Lorenzo Stoakes , Kees Cook , Eugenio =?iso-8859-1?Q?P=E9rez?= , Jason Wang , Maxime Coquelin , "Michael S. Tsirkin" , Xuan Zhuo Subject: Re: [PATCH v3 3/4] mm: BUG_ON to avoid NULL deference while __GFP_NOFAIL fails Message-ID: References: <20240817062449.21164-1-21cnbao@gmail.com> <20240817062449.21164-4-21cnbao@gmail.com> <5654b71c-1d9d-4c48-b28b-664662da8897@redhat.com> <416ac265-ced2-4f90-a347-0a256edf7fdf@redhat.com> <54a4619d-e826-465e-9a0f-0a8f37798e15@redhat.com> <5424dfa3-03db-4a82-a08e-fb31285774b3@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5424dfa3-03db-4a82-a08e-fb31285774b3@redhat.com> X-Rspamd-Queue-Id: 1F6FC1C0024 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: d75u75wyquari8mrtz36qrscsxuqarp4 X-HE-Tag: 1724087572-787505 X-HE-Meta: U2FsdGVkX18vg6dort5yoGEb0jhM2SqgyjcyYRZJSJiNc/xRe24lioZ8jbBC1rMjE1M3ki+O3+5skP4l4kwH48JBIzTWcEvgdi4oLPJ6WuujrsKkdEQ4mixNtDOer6jcO4l2SNEQvqwYRBIbq4Bxa2l8fgJGywjH4Aj3e1YMxj3KDgTiBqFPQ+UKevDJZf3lSXJMlV6WClLiOk9k5ihgfASuQuiSJYf/0Mo0UpC2ZmJdDOTna28aENJqHi18K58EjQcIPv1ol8Bz0O1wdnFgiBXr93mHFj9dIMrekDHkPDUtepjYo7fsUGU93JhzA13SrCkwqBuFr2OkblM9ZxIMCjnxnOTz6lTidU+BJvmUw34HFOK164lSJNV6RK8EDQmXdDnJxj+U9rr65r0EJNlUhy8McdRdRFxhEGfd84rScrNG8QZGn44XWQP6CzO0AbTdPlH7TyXdCrqGH2cbpZoOZcN9ISbPp5biriGfvnMpOAuPqCgnxbDYQe9ZrGga+hQg2LqHQ8mZ/HuTmelrBEJfOv0SwG6n3JkhRlm/bPiuDOb7yKt0/dP5yPneRDeA2B3wk/wWclF1YJDKYK1WpJs1vKnTkv4O38hORCVEoj+w7NWQpWuED0mb1sb4q5QWWrlPlTdxz0X4Ff8ijDe2O9I5rRX6LkTHHz6gVDitEYPYSJxNvfjAD3qRzJgXIkqEM0Og7h+eMeak+CiwsoC4rUIG2myX47AUTN+r5s8kuGx2osW9q+0t+zGSYQwNVdb3cI9Nq18cyR3pJ3waHNbAxJ2k/C4m4m6V9zGT0r2grq4o1n6N1VqOFC7wpej6Q+g2hVrRJHs1Iq1K6gR0aGlvF4495Pr/zhKun070OJvi/nzjfLEHZbc/1eJRD3w9apWUF3boTXrwren4JSv8AlOq7BhSavdY026U0zrfZ5x6ekjEr/GqKidiR1jgbxnBbajBvOi59EusBXj4cIJNa26dBCQ n/13jaZZ /5mPrnEyTB6l9KxKmlr6uv85Qz6MaMqlK+3FolGNac3Yrn/vP2oQeWsmn7FtGFd7PDZgl+fg/loP8eg7EfISZ5JDSBjCujZDpWYlqQZGdAjxH+OSxKrbS2cIqVicLn5syiNshSM6ff3/fkrNViZKkAzCJNgqZ7BOkX7I/XskQ/XMC/k/hgC+2W3klONoxBC59FMV1/87AK/RAoGf+nPJFml7bRsTG3PnrQjh0A5JK3VkDF3ZrfdeIIX/1gWj3thiWNKfyfdSFMG9kwGzQDu63nBHnuZXb1pUZVcP7kiOi+kNgZjA+/3sXUQD9rWpJUMq2wXLTsTyuw9c4EGWbM5nIDOx7zbfwbHub4WzU/FXjEPEJq5Jq3u9OB+3+9taimZvUh7PUzQNnrqFa3XJnL8l57YGhCw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon 19-08-24 14:49:55, David Hildenbrand wrote: > On 19.08.24 14:48, Barry Song wrote: [...] > > > > > > > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c > > > > > > > > index 60742d057b05..d2c37f8f8d09 100644 > > > > > > > > --- a/mm/page_alloc.c > > > > > > > > +++ b/mm/page_alloc.c > > > > > > > > @@ -4668,8 +4668,10 @@ struct page *__alloc_pages_noprof(gfp_t gfp, unsigned int order, > > > > > > > > * There are several places where we assume that the order value is sane > > > > > > > > * so bail out early if the request is out of bound. > > > > > > > > */ > > > > > > > > - if (WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)) > > > > > > > > + if (WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)) { > > > > > > > > + BUG_ON(gfp & __GFP_NOFAIL); > > > > > > > > return NULL; > > > > > > > > + } [...] > > Returning NULL doesn't necessarily crash the caller's process, p->field, > > *(p + offset) deference could be used by hackers to exploit the system. > > See my other reply to Michal: why do we even allow to specify them > separately and not simply let one enforce the other? Are you replying to this patch? This is not about a combination of flags. This is about the above (and other similar) boundary checks which return NULL if the size is deemed incorrect. I think those are potential problems because it could be a lack of input check which could be turned into a potentially malicious code. Because unchecked (return value because NOFAIL never fails, right?) return value might even not OOPs and become a silent read/write into memory. Whether to BUG_ON or simply loop for ever in the allocator if somebody requests non-sleeping NOFAIL allocation is a different story. -- Michal Hocko SUSE Labs