[Devel] [PATCH vz8 2/2] tun: Silence allocation failer if user asked for too big header
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Jun 15 20:22:52 MSK 2021
According to https://jira.sw.ru/browse/PSBM-103639?focusedCommentId=3000918&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3000918
it seems the problem is not easily triggerable on RHEL8/ms => let's drop this patch for now.
Until we face the issue again, at least.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 06/11/2021 05:35 PM, Valeriy Vdovin wrote:
> From: Andrey Ryabinin <aryabinin at virtuozzo.com>
>
> Userspace may ask tun device to send packet with ridiculously
> big header and trigger this:
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 15366 at mm/page_alloc.c:3548 __alloc_pages_nodemask+0x537/0x1200
> order 19 >= 11, gfp 0x2044d0
> Call Trace:
> dump_stack+0x19/0x1b
> __warn+0x17f/0x1c0
> warn_slowpath_fmt+0xad/0xe0
> __alloc_pages_nodemask+0x537/0x1200
> kmalloc_large_node+0x5f/0xd0
> __kmalloc_node_track_caller+0x425/0x630
> __kmalloc_reserve.isra.33+0x47/0xd0
> __alloc_skb+0xdd/0x5f0
> alloc_skb_with_frags+0x8f/0x540
> sock_alloc_send_pskb+0x5e5/0x940
> tun_get_user+0x38b/0x24a0 [tun]
> tun_chr_aio_write+0x13a/0x250 [tun]
> do_sync_readv_writev+0xdf/0x1c0
> do_readv_writev+0x1a5/0x850
> vfs_writev+0xba/0x190
> SyS_writev+0x17c/0x340
> system_call_fastpath+0x25/0x2a
>
> Just add __GFP_NOWARN and silently return -ENOMEM to fix this.
>
> https://jira.sw.ru/browse/PSBM-103639
> Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
> (cherry-picked from 1e0ad3477bddaf5621b7cc620e6ed64e405ec8cd)
> https://jira.sw.ru/browse/PSBM-127856
> Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
> ---
> drivers/net/venetdev.c | 2 +-
> kernel/ve/vecalls.c | 5 +++--
> kernel/ve/vzstat.c | 1 +
> 3 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/venetdev.c b/drivers/net/venetdev.c
> index 4c5e3cb180e7..9d898bcbc6db 100644
> --- a/drivers/net/venetdev.c
> +++ b/drivers/net/venetdev.c
> @@ -841,6 +841,7 @@ static void *veip_seq_next(struct seq_file *m, void *v, loff_t *pos)
> struct hlist_node *p;
> int i;
>
> + (*pos)++;
> if (v == SEQ_START_TOKEN)
> goto find;
>
> @@ -854,7 +855,6 @@ static void *veip_seq_next(struct seq_file *m, void *v, loff_t *pos)
> if (p != NULL) {
> m->private = (void *)(long)(i + 1);
> found:
> - (*pos)++;
> return p;
> }
> }
> diff --git a/kernel/ve/vecalls.c b/kernel/ve/vecalls.c
> index dcda8c0753c8..04e3d41dfed6 100644
> --- a/kernel/ve/vecalls.c
> +++ b/kernel/ve/vecalls.c
> @@ -181,9 +181,10 @@ static void *ve_seq_start(struct seq_file *m, loff_t *pos)
>
> static void *ve_seq_next(struct seq_file *m, void *v, loff_t *pos)
> {
> - if (!ve_is_super(get_exec_env()))
> + if (!ve_is_super(get_exec_env())) {
> + (*pos)++;
> return NULL;
> - else
> + } else
> return seq_list_next(v, &ve_list_head, pos);
> }
>
> diff --git a/kernel/ve/vzstat.c b/kernel/ve/vzstat.c
> index 0fb0cfbb0407..db8de1b9dba0 100644
> --- a/kernel/ve/vzstat.c
> +++ b/kernel/ve/vzstat.c
> @@ -626,6 +626,7 @@ static void *empty_seq_start(struct seq_file *m, loff_t *pos)
>
> static void *empty_seq_next(struct seq_file *m, void *v, loff_t *pos)
> {
> + (*pos)++;
> return NULL;
> }
>
>
More information about the Devel
mailing list