From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf0-f199.google.com (mail-pf0-f199.google.com [209.85.192.199]) by kanga.kvack.org (Postfix) with ESMTP id 873C46B0005 for ; Mon, 23 Apr 2018 22:47:26 -0400 (EDT) Received: by mail-pf0-f199.google.com with SMTP id b189so9483852pfa.10 for ; Mon, 23 Apr 2018 19:47:26 -0700 (PDT) Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id z3sor4061404pfe.102.2018.04.23.19.47.24 for (Google Transport Security); Mon, 23 Apr 2018 19:47:24 -0700 (PDT) Date: Mon, 23 Apr 2018 19:47:22 -0700 (PDT) From: David Rientjes Subject: Re: [PATCH v3] kvmalloc: always use vmalloc if CONFIG_DEBUG_SG In-Reply-To: Message-ID: References: <20180418.134651.2225112489265654270.davem@davemloft.net> <20180420130852.GC16083@dhcp22.suse.cz> <20180420210200.GH10788@bombadil.infradead.org> <20180421144757.GC14610@bombadil.infradead.org> <20180423151545.GU17484@dhcp22.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: owner-linux-mm@kvack.org List-ID: To: Mikulas Patocka Cc: Michal Hocko , Matthew Wilcox , David Miller , Andrew Morton , linux-mm@kvack.org, eric.dumazet@gmail.com, edumazet@google.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, mst@redhat.com, jasowang@redhat.com, virtualization@lists.linux-foundation.org, dm-devel@redhat.com, Vlastimil Babka On Mon, 23 Apr 2018, Mikulas Patocka wrote: > The kvmalloc function tries to use kmalloc and falls back to vmalloc if > kmalloc fails. > > Unfortunatelly, some kernel code has bugs - it uses kvmalloc and then > uses DMA-API on the returned memory or frees it with kfree. Such bugs were > found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific > code. > > These bugs are hard to reproduce because kvmalloc falls back to vmalloc > only if memory is fragmented. > > In order to detect these bugs reliably I submit this patch that changes > kvmalloc to fall back to vmalloc with 1/2 probability if CONFIG_DEBUG_SG > is turned on. CONFIG_DEBUG_SG is used, because it makes the DMA API layer > verify the addresses passed to it, and so the user will get a reliable > stacktrace. > Why not just do it unconditionally? Sounds better than "50% of the time this will catch bugs". > Some bugs (such as buffer overflows) are better detected > with kmalloc code, so we must test the kmalloc path too. > > Signed-off-by: Mikulas Patocka > > --- > mm/util.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > Index: linux-2.6/mm/util.c > =================================================================== > --- linux-2.6.orig/mm/util.c 2018-04-23 00:12:05.000000000 +0200 > +++ linux-2.6/mm/util.c 2018-04-23 17:57:02.000000000 +0200 > @@ -14,6 +14,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -404,6 +405,12 @@ void *kvmalloc_node(size_t size, gfp_t f > */ > WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL); > > +#ifdef CONFIG_DEBUG_SG > + /* Catch bugs when the caller uses DMA API on the result of kvmalloc. */ > + if (!(prandom_u32_max(2) & 1)) > + goto do_vmalloc; > +#endif > + > /* > * We want to attempt a large physically contiguous block first because > * it is less likely to fragment multiple larger blocks and therefore > @@ -427,6 +434,9 @@ void *kvmalloc_node(size_t size, gfp_t f > if (ret || size <= PAGE_SIZE) > return ret; > > +#ifdef CONFIG_DEBUG_SG > +do_vmalloc: > +#endif You can just do do_vmalloc: __maybe_unused > return __vmalloc_node_flags_caller(size, node, flags, > __builtin_return_address(0)); > } > >