Thread (7 messages) 7 messages, 3 authors, 2018-02-07

Re: WARNING in kmalloc_slab (3)

From: Dmitry Vyukov <dvyukov@google.com>
Date: 2017-12-12 15:51:04
Also in: lkml 

On Mon, Dec 4, 2017 at 10:26 AM, Dan Carpenter [off-list ref] wrote:
On Mon, Dec 04, 2017 at 09:18:05AM +0100, Dmitry Vyukov wrote:
quoted
On Mon, Dec 4, 2017 at 9:14 AM, Dan Carpenter [off-list ref] wrote:
quoted
On Sun, Dec 03, 2017 at 12:16:08PM -0800, Eric Biggers wrote:
quoted
Looks like BLKTRACESETUP doesn't limit the '.buf_nr' parameter, allowing anyone
who can open a block device to cause an extremely large kmalloc.  Here's a
simplified reproducer:
There are lots of places which allow people to allocate as much as they
want.  With Syzcaller, you might want to just hard code a __GFP_NOWARN
in to disable it.
Hi,

Hard code it where?
My idea was to just make warn_alloc() a no-op.
Yes, but how?
We specifically don't have any private patches, etc. That would cause
a bunch of much more serious problems. The system tracks HEAD of
multiple upstream repositories.
Starting testing non-upstream branches with all bad consequences,
especially for something that has an official solution and that
solution is very simple (adding __GFP_NOWARN), looks like a wrong
direction.
quoted
User-controllable allocation are supposed to use __GFP_NOWARN.
No that's not right.  What we don't want is unprivileged users to use
all the memory and we don't want unprivileged users to spam
/var/log/messages.  But you have to have slightly elevated permissions
to open block devices right?  The warning is helpful.  Admins should
"don't do that" if they don't want the warning.

The kernel really isn't designed to work with Oops on Warn.  I try to
tell people simple thinks like not printing a warning when
copy_from_user() fails because I don't want /var/log/messages to get
spammed.  But there are lots and lots of places which generate warnings.

Yes, but we also want kernel to be testable. And preferably in mostly
automated way to not hire an army of monkeys to sort out all crash
reports (we currently hit around 14 crashes per minute).

I don't question that notifying user about incorrect arguments is
useful (though, kernel generally don't do for every "return -EINVAL").
But that doesn't need to be WARNING. pr_err can do. And if we are
talking about end user, pr_err can actually provide an much better
error message (for a non-kernel developer "WARNING: CPU: 0 PID: 3081
at mm/slab_common.c:971 kmalloc_slab+0x5d/0x70 mm/slab_common.c:971"
is like wat?).
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help