* [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
@ 2018-02-09 9:45 Jason Wang
2018-02-09 9:45 ` [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails Jason Wang
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Jason Wang @ 2018-02-09 9:45 UTC (permalink / raw)
To: mst, linux-kernel, netdev; +Cc: Jason Wang
To avoid slab to warn about exceeded size, fail early if queue
occupies more than KMALLOC_MAX_SIZE.
Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
include/linux/ptr_ring.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
index 1883d61..6051a5f 100644
--- a/include/linux/ptr_ring.h
+++ b/include/linux/ptr_ring.h
@@ -466,6 +466,8 @@ static inline int ptr_ring_consume_batched_bh(struct ptr_ring *r,
static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
{
+ if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
+ return NULL;
return kcalloc(size, sizeof(void *), gfp);
}
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails
2018-02-09 9:45 [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Jason Wang
@ 2018-02-09 9:45 ` Jason Wang
2018-02-09 15:53 ` Michael S. Tsirkin
2018-02-09 19:29 ` David Miller
2018-02-09 15:39 ` [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Michael S. Tsirkin
` (2 subsequent siblings)
3 siblings, 2 replies; 9+ messages in thread
From: Jason Wang @ 2018-02-09 9:45 UTC (permalink / raw)
To: mst, linux-kernel, netdev; +Cc: Jason Wang
This patch switch to use kvmalloc_array() for using a vmalloc()
fallback to help in case kmalloc() fails.
Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
include/linux/ptr_ring.h | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
index 6051a5f..b884b77 100644
--- a/include/linux/ptr_ring.h
+++ b/include/linux/ptr_ring.h
@@ -464,11 +464,14 @@ static inline int ptr_ring_consume_batched_bh(struct ptr_ring *r,
__PTR_RING_PEEK_CALL_v; \
})
+/* Not all gfp_t flags (besides GFP_KERNEL) are allowed. See
+ * documentation for vmalloc for which of them are legal.
+ */
static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
{
if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
return NULL;
- return kcalloc(size, sizeof(void *), gfp);
+ return kvmalloc_array(size, sizeof(void *), gfp | __GFP_ZERO);
}
static inline void __ptr_ring_set_size(struct ptr_ring *r, int size)
@@ -603,7 +606,7 @@ static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
spin_unlock(&(r)->producer_lock);
spin_unlock_irqrestore(&(r)->consumer_lock, flags);
- kfree(old);
+ kvfree(old);
return 0;
}
@@ -643,7 +646,7 @@ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings,
}
for (i = 0; i < nrings; ++i)
- kfree(queues[i]);
+ kvfree(queues[i]);
kfree(queues);
@@ -651,7 +654,7 @@ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings,
nomem:
while (--i >= 0)
- kfree(queues[i]);
+ kvfree(queues[i]);
kfree(queues);
@@ -666,7 +669,7 @@ static inline void ptr_ring_cleanup(struct ptr_ring *r, void (*destroy)(void *))
if (destroy)
while ((ptr = ptr_ring_consume(r)))
destroy(ptr);
- kfree(r->queue);
+ kvfree(r->queue);
}
#endif /* _LINUX_PTR_RING_H */
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
2018-02-09 9:45 [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Jason Wang
2018-02-09 9:45 ` [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails Jason Wang
@ 2018-02-09 15:39 ` Michael S. Tsirkin
2018-02-09 19:29 ` David Miller
2018-02-10 19:32 ` Eric Biggers
3 siblings, 0 replies; 9+ messages in thread
From: Michael S. Tsirkin @ 2018-02-09 15:39 UTC (permalink / raw)
To: Jason Wang; +Cc: linux-kernel, netdev
On Fri, Feb 09, 2018 at 05:45:49PM +0800, Jason Wang wrote:
> To avoid slab to warn about exceeded size, fail early if queue
> occupies more than KMALLOC_MAX_SIZE.
>
> Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> include/linux/ptr_ring.h | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
> index 1883d61..6051a5f 100644
> --- a/include/linux/ptr_ring.h
> +++ b/include/linux/ptr_ring.h
> @@ -466,6 +466,8 @@ static inline int ptr_ring_consume_batched_bh(struct ptr_ring *r,
>
> static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
> {
> + if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
> + return NULL;
> return kcalloc(size, sizeof(void *), gfp);
> }
>
> --
> 2.7.4
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails
2018-02-09 9:45 ` [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails Jason Wang
@ 2018-02-09 15:53 ` Michael S. Tsirkin
2018-02-11 2:45 ` Jason Wang
2018-02-09 19:29 ` David Miller
1 sibling, 1 reply; 9+ messages in thread
From: Michael S. Tsirkin @ 2018-02-09 15:53 UTC (permalink / raw)
To: Jason Wang; +Cc: linux-kernel, netdev
On Fri, Feb 09, 2018 at 05:45:50PM +0800, Jason Wang wrote:
> This patch switch to use kvmalloc_array() for using a vmalloc()
> fallback to help in case kmalloc() fails.
Above isn't really saying anything about the motivation, it
just explains what kvmalloc_array does.
How about:
Switch ptr_ring from kmalloc to kvmalloc. This way it can support larger
ring sizes.
>
> Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
I don't see this as a bugfix - it's more of an enhancement.
Do we need this in net or can we defer this to net-next?
I'm not sure myself. For now
Acked-by: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> include/linux/ptr_ring.h | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
> index 6051a5f..b884b77 100644
> --- a/include/linux/ptr_ring.h
> +++ b/include/linux/ptr_ring.h
> @@ -464,11 +464,14 @@ static inline int ptr_ring_consume_batched_bh(struct ptr_ring *r,
> __PTR_RING_PEEK_CALL_v; \
> })
>
> +/* Not all gfp_t flags (besides GFP_KERNEL) are allowed. See
> + * documentation for vmalloc for which of them are legal.
> + */
> static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
> {
> if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
> return NULL;
> - return kcalloc(size, sizeof(void *), gfp);
> + return kvmalloc_array(size, sizeof(void *), gfp | __GFP_ZERO);
> }
>
> static inline void __ptr_ring_set_size(struct ptr_ring *r, int size)
> @@ -603,7 +606,7 @@ static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
> spin_unlock(&(r)->producer_lock);
> spin_unlock_irqrestore(&(r)->consumer_lock, flags);
>
> - kfree(old);
> + kvfree(old);
>
> return 0;
> }
> @@ -643,7 +646,7 @@ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings,
> }
>
> for (i = 0; i < nrings; ++i)
> - kfree(queues[i]);
> + kvfree(queues[i]);
>
> kfree(queues);
>
> @@ -651,7 +654,7 @@ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings,
>
> nomem:
> while (--i >= 0)
> - kfree(queues[i]);
> + kvfree(queues[i]);
>
> kfree(queues);
>
> @@ -666,7 +669,7 @@ static inline void ptr_ring_cleanup(struct ptr_ring *r, void (*destroy)(void *))
> if (destroy)
> while ((ptr = ptr_ring_consume(r)))
> destroy(ptr);
> - kfree(r->queue);
> + kvfree(r->queue);
> }
>
> #endif /* _LINUX_PTR_RING_H */
> --
> 2.7.4
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
2018-02-09 9:45 [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Jason Wang
2018-02-09 9:45 ` [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails Jason Wang
2018-02-09 15:39 ` [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Michael S. Tsirkin
@ 2018-02-09 19:29 ` David Miller
2018-02-10 19:32 ` Eric Biggers
3 siblings, 0 replies; 9+ messages in thread
From: David Miller @ 2018-02-09 19:29 UTC (permalink / raw)
To: jasowang; +Cc: mst, linux-kernel, netdev
From: Jason Wang <jasowang@redhat.com>
Date: Fri, 9 Feb 2018 17:45:49 +0800
> To avoid slab to warn about exceeded size, fail early if queue
> occupies more than KMALLOC_MAX_SIZE.
>
> Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
Applied.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails
2018-02-09 9:45 ` [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails Jason Wang
2018-02-09 15:53 ` Michael S. Tsirkin
@ 2018-02-09 19:29 ` David Miller
1 sibling, 0 replies; 9+ messages in thread
From: David Miller @ 2018-02-09 19:29 UTC (permalink / raw)
To: jasowang; +Cc: mst, linux-kernel, netdev
From: Jason Wang <jasowang@redhat.com>
Date: Fri, 9 Feb 2018 17:45:50 +0800
> This patch switch to use kvmalloc_array() for using a vmalloc()
> fallback to help in case kmalloc() fails.
>
> Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
Applied.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
2018-02-09 9:45 [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Jason Wang
` (2 preceding siblings ...)
2018-02-09 19:29 ` David Miller
@ 2018-02-10 19:32 ` Eric Biggers
2018-02-11 2:46 ` Jason Wang
3 siblings, 1 reply; 9+ messages in thread
From: Eric Biggers @ 2018-02-10 19:32 UTC (permalink / raw)
To: Jason Wang; +Cc: mst, linux-kernel, netdev
Hi Jason,
On Fri, Feb 09, 2018 at 05:45:49PM +0800, Jason Wang wrote:
> To avoid slab to warn about exceeded size, fail early if queue
> occupies more than KMALLOC_MAX_SIZE.
>
> Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> include/linux/ptr_ring.h | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
> index 1883d61..6051a5f 100644
> --- a/include/linux/ptr_ring.h
> +++ b/include/linux/ptr_ring.h
> @@ -466,6 +466,8 @@ static inline int ptr_ring_consume_batched_bh(struct ptr_ring *r,
>
> static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
> {
> + if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
> + return NULL;
Are you sure that size can't be over 0x40000000? The proper way to write this
(safe from integer overflow) would be:
if (size > KMALLOC_MAX_SIZE / sizeof(void *))
return NULL;
- Eric
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails
2018-02-09 15:53 ` Michael S. Tsirkin
@ 2018-02-11 2:45 ` Jason Wang
0 siblings, 0 replies; 9+ messages in thread
From: Jason Wang @ 2018-02-11 2:45 UTC (permalink / raw)
To: Michael S. Tsirkin; +Cc: linux-kernel, netdev
On 2018年02月09日 23:53, Michael S. Tsirkin wrote:
> On Fri, Feb 09, 2018 at 05:45:50PM +0800, Jason Wang wrote:
>> This patch switch to use kvmalloc_array() for using a vmalloc()
>> fallback to help in case kmalloc() fails.
> Above isn't really saying anything about the motivation, it
> just explains what kvmalloc_array does.
>
> How about:
>
> Switch ptr_ring from kmalloc to kvmalloc. This way it can support larger
> ring sizes.
>
>> Reported-by:syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
>> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
> I don't see this as a bugfix - it's more of an enhancement.
>
> Do we need this in net or can we defer this to net-next?
Consider they are users of tx_queue_len of more than 1000000 from google
searching. We'd better have this in -net.
Thanks
>
> I'm not sure myself. For now
>
> Acked-by: Michael S. Tsirkin<mst@redhat.com>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
2018-02-10 19:32 ` Eric Biggers
@ 2018-02-11 2:46 ` Jason Wang
0 siblings, 0 replies; 9+ messages in thread
From: Jason Wang @ 2018-02-11 2:46 UTC (permalink / raw)
To: Eric Biggers; +Cc: mst, linux-kernel, netdev
On 2018年02月11日 03:32, Eric Biggers wrote:
> Hi Jason,
>
> On Fri, Feb 09, 2018 at 05:45:49PM +0800, Jason Wang wrote:
>> To avoid slab to warn about exceeded size, fail early if queue
>> occupies more than KMALLOC_MAX_SIZE.
>>
>> Reported-by: syzbot+e4d4f9ddd4295539735d@syzkaller.appspotmail.com
>> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> ---
>> include/linux/ptr_ring.h | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
>> index 1883d61..6051a5f 100644
>> --- a/include/linux/ptr_ring.h
>> +++ b/include/linux/ptr_ring.h
>> @@ -466,6 +466,8 @@ static inline int ptr_ring_consume_batched_bh(struct ptr_ring *r,
>>
>> static inline void **__ptr_ring_init_queue_alloc(unsigned int size, gfp_t gfp)
>> {
>> + if (size * sizeof(void *) > KMALLOC_MAX_SIZE)
>> + return NULL;
> Are you sure that size can't be over 0x40000000? The proper way to write this
> (safe from integer overflow) would be:
>
> if (size > KMALLOC_MAX_SIZE / sizeof(void *))
> return NULL;
>
> - Eric
Good catch.
Will post a fix.
Thanks
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-02-11 2:46 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-09 9:45 [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Jason Wang
2018-02-09 9:45 ` [PATCH V4 2/2] ptr_ring: try vmalloc() when kmalloc() fails Jason Wang
2018-02-09 15:53 ` Michael S. Tsirkin
2018-02-11 2:45 ` Jason Wang
2018-02-09 19:29 ` David Miller
2018-02-09 15:39 ` [PATCH V4 1/2] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Michael S. Tsirkin
2018-02-09 19:29 ` David Miller
2018-02-10 19:32 ` Eric Biggers
2018-02-11 2:46 ` Jason Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).