Re: [PATCH] mm/slub: fix to return errno if kmalloc() fails

From: "Vlastimil Babka (SUSE)" <vbabka@kernel.org>
To: Marion & Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
	Chao Yu <chao@kernel.org>,
	linux-mm@kvack.org
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	Chao Yu <chao.yu@oppo.com>,
	muchun.song@linux.dev
Subject: Re: [PATCH] mm/slub: fix to return errno if kmalloc() fails
Date: Sat, 17 Sep 2022 00:58:56 +0200	[thread overview]
Message-ID: <caa4b270-aefe-f817-4c40-36509b526210@kernel.org> (raw)
In-Reply-To: <4b87891d-b475-0ad6-db36-a9c1f334c785@wanadoo.fr>

On 9/13/22 07:26, Marion & Christophe JAILLET wrote:
> 
> Le 13/09/2022 à 05:42, Chao Yu a écrit :
>> On 2022/9/10 0:47, Christophe JAILLET wrote:
>>> Le 30/08/2022 à 16:10, Chao Yu a écrit :
>>>> From: Chao Yu <chao.yu@oppo.com>
>>>>
>>>> In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to
>>>> out-of-memory, if it fails, return errno correctly rather than
>>>> triggering panic via BUG_ON();
>>>>
>>>> kernel BUG at mm/slub.c:5893!
>>>> Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
>>>>
>>>> Call trace:
> [...]
>>>>
>>>> Cc: <stable@kernel.org>
>>>> Reported-by: syzbot+81684812ea68216e08c5@syzkaller.appspotmail.com
>>>> Signed-off-by: Chao Yu <chao.yu@oppo.com>
>>>> ---
>>>>   mm/slub.c | 5 ++++-
>>>>   1 file changed, 4 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/mm/slub.c b/mm/slub.c
>>>> index 862dbd9af4f5..e6f3727b9ad2 100644
>>>> --- a/mm/slub.c
>>>> +++ b/mm/slub.c
>>>> @@ -5890,7 +5890,8 @@ static char *create_unique_id(struct kmem_cache *s)
>>>>       char *name = kmalloc(ID_STR_LENGTH, GFP_KERNEL);
>>>
>>> Hi,
>>>
>>> looks that ID_STR_LENGTH could even be reduced to 32 or 16.
>>>
>>> The 2nd BUG_ON at the end of the function could certainly be just removed
>>> as well or remplaced by a:
>>>         if (p > name + ID_STR_LENGTH - 1) {
>>>          kfree(name);
>>>          return -E<something>;
>>>      }
>>
>> Hi Christophe, Vlastimil,
>>
>> Should I include this in v3? or may be in another patch?
> 
> Hi,
> 
> My own preference would be for 3 patches.
> 
> Yours, as-is.
> It fixes a specific issue spotted by syzbot.

Yeah and it's already in git.

> Another one for removing a BUG_ON() (that, IIUC can't happen!)
> Mostly a clean-up or a good practice in order to remove BUG_ON() from the
> kernel we it can be handled another way.
> 
> Eventually a 3rd one for reducing ID_STR_LENGTH.
> I guess that it is safe to reduce it to 32 or 16, but the impact on RL would
> be so small, that I wonder if it worth proposing it.

Agree. Doing 2+3 in the same patch would be OK with me too.