From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932787AbeDXCr3 (ORCPT ); Mon, 23 Apr 2018 22:47:29 -0400 Received: from mail-pg0-f66.google.com ([74.125.83.66]:33797 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932721AbeDXCrZ (ORCPT ); Mon, 23 Apr 2018 22:47:25 -0400 X-Google-Smtp-Source: AIpwx48604eZ24+8/1R5NQdCK2wxHjxZbW7ooAgbIHboH8MipHJwwD6VjHoJGV4xGNVMZ6JrcH63cg== Date: Mon, 23 Apr 2018 19:47:22 -0700 (PDT) From: David Rientjes X-X-Sender: rientjes@chino.kir.corp.google.com To: Mikulas Patocka cc: Michal Hocko , Matthew Wilcox , David Miller , Andrew Morton , linux-mm@kvack.org, eric.dumazet@gmail.com, edumazet@google.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, mst@redhat.com, jasowang@redhat.com, virtualization@lists.linux-foundation.org, dm-devel@redhat.com, Vlastimil Babka Subject: Re: [PATCH v3] kvmalloc: always use vmalloc if CONFIG_DEBUG_SG In-Reply-To: Message-ID: References: <20180418.134651.2225112489265654270.davem@davemloft.net> <20180420130852.GC16083@dhcp22.suse.cz> <20180420210200.GH10788@bombadil.infradead.org> <20180421144757.GC14610@bombadil.infradead.org> <20180423151545.GU17484@dhcp22.suse.cz> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 23 Apr 2018, Mikulas Patocka wrote: > The kvmalloc function tries to use kmalloc and falls back to vmalloc if > kmalloc fails. > > Unfortunatelly, some kernel code has bugs - it uses kvmalloc and then > uses DMA-API on the returned memory or frees it with kfree. Such bugs were > found in the virtio-net driver, dm-integrity or RHEL7 powerpc-specific > code. > > These bugs are hard to reproduce because kvmalloc falls back to vmalloc > only if memory is fragmented. > > In order to detect these bugs reliably I submit this patch that changes > kvmalloc to fall back to vmalloc with 1/2 probability if CONFIG_DEBUG_SG > is turned on. CONFIG_DEBUG_SG is used, because it makes the DMA API layer > verify the addresses passed to it, and so the user will get a reliable > stacktrace. > Why not just do it unconditionally? Sounds better than "50% of the time this will catch bugs". > Some bugs (such as buffer overflows) are better detected > with kmalloc code, so we must test the kmalloc path too. > > Signed-off-by: Mikulas Patocka > > --- > mm/util.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > Index: linux-2.6/mm/util.c > =================================================================== > --- linux-2.6.orig/mm/util.c 2018-04-23 00:12:05.000000000 +0200 > +++ linux-2.6/mm/util.c 2018-04-23 17:57:02.000000000 +0200 > @@ -14,6 +14,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -404,6 +405,12 @@ void *kvmalloc_node(size_t size, gfp_t f > */ > WARN_ON_ONCE((flags & GFP_KERNEL) != GFP_KERNEL); > > +#ifdef CONFIG_DEBUG_SG > + /* Catch bugs when the caller uses DMA API on the result of kvmalloc. */ > + if (!(prandom_u32_max(2) & 1)) > + goto do_vmalloc; > +#endif > + > /* > * We want to attempt a large physically contiguous block first because > * it is less likely to fragment multiple larger blocks and therefore > @@ -427,6 +434,9 @@ void *kvmalloc_node(size_t size, gfp_t f > if (ret || size <= PAGE_SIZE) > return ret; > > +#ifdef CONFIG_DEBUG_SG > +do_vmalloc: > +#endif You can just do do_vmalloc: __maybe_unused > return __vmalloc_node_flags_caller(size, node, flags, > __builtin_return_address(0)); > } > >