From: yang lan <[email protected]>
To: Pavel Begunkov <[email protected]>
Cc: [email protected], Jens Axboe <[email protected]>
Subject: Re: [PATCH 1/1] io_uring: more graceful request alloc OOM
Date: Wed, 24 May 2023 11:15:12 +0800 [thread overview]
Message-ID: <CAAehj2nPSJzZer_jhd0=VvTDjTD2uaCtdidKqeFK=js75YA_+g@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
Hi,
Thanks.
Regards,
Yang
Pavel Begunkov <[email protected]> 于2023年5月23日周二 20:15写道:
>
> On 5/22/23 08:55, yang lan wrote:
> > Hi,
> >
> > Thanks. I'm also analyzing the root cause of this bug.
>
> The repro indeed triggers, this time in another place. Though
> when I patch all of them it would fail somewhere else, like in
> ext4 on a pagefault.
>
> We can add a couple more those "don't oom but fail" and some
> niceness around, but I think it's fine as it is as allocations
> are under cgroup. If admin cares about collision b/w users there
> should be cgroups, so allocations of one don't affect another. And
> if a user pushes it to the limit and oom's itself and gets OOM,
> that should be fine.
>
> > By the way, can I apply for a CVE? And should I submit a request to
> > some official organizations, such as Openwall, etc?
>
> Sorry, but we cannot help you here. We don't deal with CVEs.
>
> That aside, I'm not even sure it's CVE'able because it shouldn't
> be exploitable in a configured environment (unless it is). But
> I'm not an expert in that so might be wrong.
>
>
>
> > Pavel Begunkov <[email protected]> 于2023年5月22日周一 08:45写道:
> >>
> >> On 5/20/23 10:38, yang lan wrote:
> >>> Hi,
> >>>
> >>> Thanks for your response.
> >>>
> >>> But I applied this patch to LTS kernel 5.10.180, it can still trigger this bug.
> >>>
> >>> --- io_uring/io_uring.c.back 2023-05-20 17:11:25.870550438 +0800
> >>> +++ io_uring/io_uring.c 2023-05-20 16:35:24.265846283 +0800
> >>> @@ -1970,7 +1970,7 @@
> >>> static struct io_kiocb *io_alloc_req(struct io_ring_ctx *ctx)
> >>> __must_hold(&ctx->uring_lock)
> >>> {
> >>> struct io_submit_state *state = &ctx->submit_state;
> >>> - gfp_t gfp = GFP_KERNEL | __GFP_NOWARN;
> >>> + gfp_t gfp = GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY;
> >>> int ret, i;
> >>>
> >>> BUILD_BUG_ON(ARRAY_SIZE(state->reqs) < IO_REQ_ALLOC_BATCH);
> >>>
> >>> The io_uring.c.back is the original file.
> >>> Do I apply this patch wrong?
> >>
> >> The patch looks fine. I run a self-written test before
> >> sending with 6.4, worked as expected. I need to run the syz
> >> test, maybe it shifted to another spot, e.g. in provided
> >> buffers.
> >>
> >> --
> >> Pavel Begunkov
>
> --
> Pavel Begunkov
prev parent reply other threads:[~2023-05-24 3:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-19 14:05 [PATCH 1/1] io_uring: more graceful request alloc OOM Pavel Begunkov
2023-05-20 1:57 ` Jens Axboe
2023-05-20 9:38 ` yang lan
2023-05-22 0:40 ` Pavel Begunkov
2023-05-22 7:55 ` yang lan
2023-05-23 12:08 ` Pavel Begunkov
2023-05-24 3:15 ` yang lan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAehj2nPSJzZer_jhd0=VvTDjTD2uaCtdidKqeFK=js75YA_+g@mail.gmail.com' \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox