From: Kent Overstreet <kent.overstreet@linux.dev>
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: linux-bcachefs@vger.kernel.org, linux-mm@kvack.org,
Vlastimil Babka <vbabka@suse.cz>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Uladzislau Rezki <urezki@gmail.com>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [PATCH] mm: Drop INT_MAX limit from kvmalloc()
Date: Sun, 20 Oct 2024 13:03:57 -0400 [thread overview]
Message-ID: <zfr4sh3wtzi4viladlgwyon6voqhcj5fe3fv2nc3hqyyxdw5wd@onyj3r2m3usz> (raw)
In-Reply-To: <ebe58a08-2371-403c-a0d7-6280160b6848@lucifer.local>
On Sun, Oct 20, 2024 at 05:44:37PM +0100, Lorenzo Stoakes wrote:
> +cc Linus, vmalloc reviewers
>
> On Sun, Oct 20, 2024 at 09:00:07AM -0400, Kent Overstreet wrote:
> > On Sun, Oct 20, 2024 at 12:45:33PM +0100, Lorenzo Stoakes wrote:
> > > On Sat, Oct 19, 2024 at 05:00:37PM -0400, Kent Overstreet wrote:
> > > > A user with a 75 TB filesystem reported the following journal replay
> > > > error:
> > > > https://github.com/koverstreet/bcachefs/issues/769
> > > >
> > > > In journal replay we have to sort and dedup all the keys from the
> > > > journal, which means we need a large contiguous allocation. Given that
> > > > the user has 128GB of ram, the 2GB limit on allocation size has become
> > > > far too small.
> > > >
> > > > Cc: Vlastimil Babka <vbabka@suse.cz>
> > > > Cc: Andrew Morton <akpm@linux-foundation.org>
> > > > Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
> > > > ---
> > > > mm/util.c | 6 ------
> > > > 1 file changed, 6 deletions(-)
> > > >
> > > > diff --git a/mm/util.c b/mm/util.c
> > > > index 4f1275023eb7..c60df7723096 100644
> > > > --- a/mm/util.c
> > > > +++ b/mm/util.c
> > > > @@ -665,12 +665,6 @@ void *__kvmalloc_node_noprof(DECL_BUCKET_PARAMS(size, b), gfp_t flags, int node)
> > > > if (!gfpflags_allow_blocking(flags))
> > > > return NULL;
> > > >
> > > > - /* Don't even allow crazy sizes */
> > > > - if (unlikely(size > INT_MAX)) {
> > > > - WARN_ON_ONCE(!(flags & __GFP_NOWARN));
> > > > - return NULL;
> > > > - }
> > > > -
> > >
> > > Err, and not replace it with _any_ limit? That seems very unwise.
> >
> > large allocations will go to either the page allocator or vmalloc, and
> > they have their own limits.
>
> Ah actually I misread it here, I see the allocation gets immediately sent
> off to __kmalloc_node_noprof() and thus that'll apply its own limits before
> doing this check prior to the vmalloc call.
>
> We actually do have a basic check in __vmalloc_node_range_noprof() that
> prevents _totally_ insane requests, checking that size >> PAGE_SHIFT <=
> totalram_pages(), so we shouldn't get anything too stupid here (I am
> thinking especially of ptr + size overflow type situations).
Yep, exactly.
> But Linus explicitly introduced this INT_MAX check in commit 7661809d493b
> ("mm: don't allow oversized kvmalloc() calls"), presumably for a reason, so
> have cc'd him here in case he has an objection to this which amounts to a
> revert of that patch.
Ah, thanks for adding him.
Yeah, the concern historically has been that integer truncation bugs are
really nasty and entirely too common, and we have little in the way of
tooling that can catch that.
Unfortunately that's still the case today. Kees has been doing work on
catching integer overflow, but I don't think we have anything coming yet
for catching integer truncation.
But given that vmalloc() already supports > INT_MAX requests, and memory
sizes keep growing so 2GB is getting pretty small - I think it's time,
this is going to come up in other places sooner or later.
next prev parent reply other threads:[~2024-10-20 17:04 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-19 21:00 Kent Overstreet
2024-10-20 11:45 ` Lorenzo Stoakes
2024-10-20 13:00 ` Kent Overstreet
2024-10-20 16:44 ` Lorenzo Stoakes
2024-10-20 17:03 ` Kent Overstreet [this message]
2024-10-20 18:46 ` Linus Torvalds
2024-10-20 18:53 ` Kent Overstreet
2024-10-20 19:09 ` Linus Torvalds
2024-10-20 19:09 ` Linus Torvalds
2024-10-20 19:16 ` Kent Overstreet
2024-10-21 16:15 ` Uladzislau Rezki
2024-10-20 20:10 ` Kent Overstreet
2024-10-20 20:19 ` Linus Torvalds
2024-10-20 20:29 ` Kent Overstreet
2024-10-20 20:54 ` Linus Torvalds
2024-10-20 21:21 ` Linus Torvalds
2024-10-20 21:40 ` Kent Overstreet
2024-10-27 19:58 ` Kent Overstreet
2024-10-20 21:29 ` Kent Overstreet
2024-10-20 21:30 ` Linus Torvalds
2024-10-20 21:42 ` Kent Overstreet
2024-10-20 21:51 ` Joshua Ashton
2024-10-20 21:57 ` Kent Overstreet
2024-10-21 8:46 ` Janpieter Sollie
2024-10-21 9:22 ` Janpieter Sollie
2024-10-20 19:10 ` Kent Overstreet
2024-10-20 19:53 ` Vlastimil Babka
2024-10-20 20:08 ` Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=zfr4sh3wtzi4viladlgwyon6voqhcj5fe3fv2nc3hqyyxdw5wd@onyj3r2m3usz \
--to=kent.overstreet@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=hch@infradead.org \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=torvalds@linux-foundation.org \
--cc=urezki@gmail.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox