Kernel KVM-PPC virtualization development
 help / color / mirror / Atom feed
* [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
@ 2021-09-01  8:45 Alexey Kardashevskiy
  2021-09-01  8:45 ` [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Alexey Kardashevskiy
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Alexey Kardashevskiy @ 2021-09-01  8:45 UTC (permalink / raw)
  To: linuxppc-dev; +Cc: Alexey Kardashevskiy, kvm-ppc

The userspace can trigger "vmalloc size %lu allocation failure: exceeds
total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.

This silences the warning by checking the limit before calling vzalloc()
and returns ENOMEM if failed.

This does not call underlying valloc helpers as __vmalloc_node() is only
exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is not
exported at all.

Spotted by syzkaller.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
 arch/powerpc/kvm/book3s_hv.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 474c0cfde384..a59f1cccbcf9 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -4830,8 +4830,12 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
 	unsigned long npages = mem->memory_size >> PAGE_SHIFT;
 
 	if (change = KVM_MR_CREATE) {
-		slot->arch.rmap = vzalloc(array_size(npages,
-					  sizeof(*slot->arch.rmap)));
+		unsigned long cb = array_size(npages, sizeof(*slot->arch.rmap));
+
+		if ((cb >> PAGE_SHIFT) > totalram_pages())
+			return -ENOMEM;
+
+		slot->arch.rmap = vzalloc(cb);
 		if (!slot->arch.rmap)
 			return -ENOMEM;
 	}
-- 
2.30.2

^ permalink raw reply related	[flat|nested] 9+ messages in thread
* [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
  2021-09-01  8:45 [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Alexey Kardashevskiy
@ 2021-09-01  8:45 ` Alexey Kardashevskiy
  2021-09-01 14:45   ` Fabiano Rosas
  2021-12-15  0:40   ` Michael Ellerman
  2021-09-01 14:59 ` [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Fabiano Rosas
  2021-12-15  0:40 ` Michael Ellerman
  2 siblings, 2 replies; 9+ messages in thread
From: Alexey Kardashevskiy @ 2021-09-01  8:45 UTC (permalink / raw)
  To: linuxppc-dev; +Cc: Alexey Kardashevskiy, kvm-ppc

H_COPY_TOFROM_GUEST is an hcall for an upper level VM to access its nested
VMs memory. The userspace can trigger WARN_ON_ONCE(!(gfp & __GFP_NOWARN))
in __alloc_pages() by constructing a tiny VM which only does
H_COPY_TOFROM_GUEST with a too big GPR9 (number of bytes to copy).

This silences the warning by adding __GFP_NOWARN.

Spotted by syzkaller.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
 arch/powerpc/kvm/book3s_hv_nested.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kvm/book3s_hv_nested.c b/arch/powerpc/kvm/book3s_hv_nested.c
index e57c08b968c0..a2e34efb8d31 100644
--- a/arch/powerpc/kvm/book3s_hv_nested.c
+++ b/arch/powerpc/kvm/book3s_hv_nested.c
@@ -580,7 +580,7 @@ long kvmhv_copy_tofrom_guest_nested(struct kvm_vcpu *vcpu)
 	if (eaddr & (0xFFFUL << 52))
 		return H_PARAMETER;
 
-	buf = kzalloc(n, GFP_KERNEL);
+	buf = kzalloc(n, GFP_KERNEL | __GFP_NOWARN);
 	if (!buf)
 		return H_NO_MEM;
 
-- 
2.30.2

^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
  2021-09-01  8:45 ` [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Alexey Kardashevskiy
@ 2021-09-01 14:45   ` Fabiano Rosas
  2021-12-15  0:40   ` Michael Ellerman
  1 sibling, 0 replies; 9+ messages in thread
From: Fabiano Rosas @ 2021-09-01 14:45 UTC (permalink / raw)
  To: Alexey Kardashevskiy, linuxppc-dev; +Cc: Alexey Kardashevskiy, kvm-ppc

Alexey Kardashevskiy <aik@ozlabs.ru> writes:

> H_COPY_TOFROM_GUEST is an hcall for an upper level VM to access its nested
> VMs memory. The userspace can trigger WARN_ON_ONCE(!(gfp & __GFP_NOWARN))
> in __alloc_pages() by constructing a tiny VM which only does
> H_COPY_TOFROM_GUEST with a too big GPR9 (number of bytes to copy).
>
> This silences the warning by adding __GFP_NOWARN.
>
> Spotted by syzkaller.
>
> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
> ---

Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>

>  arch/powerpc/kvm/book3s_hv_nested.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/kvm/book3s_hv_nested.c b/arch/powerpc/kvm/book3s_hv_nested.c
> index e57c08b968c0..a2e34efb8d31 100644
> --- a/arch/powerpc/kvm/book3s_hv_nested.c
> +++ b/arch/powerpc/kvm/book3s_hv_nested.c
> @@ -580,7 +580,7 @@ long kvmhv_copy_tofrom_guest_nested(struct kvm_vcpu *vcpu)
>  	if (eaddr & (0xFFFUL << 52))
>  		return H_PARAMETER;
>
> -	buf = kzalloc(n, GFP_KERNEL);
> +	buf = kzalloc(n, GFP_KERNEL | __GFP_NOWARN);
>  	if (!buf)
>  		return H_NO_MEM;

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
  2021-09-01  8:45 [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Alexey Kardashevskiy
  2021-09-01  8:45 ` [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Alexey Kardashevskiy
@ 2021-09-01 14:59 ` Fabiano Rosas
  2021-09-02  4:25   ` Alexey Kardashevskiy
  2021-12-15  0:40 ` Michael Ellerman
  2 siblings, 1 reply; 9+ messages in thread
From: Fabiano Rosas @ 2021-09-01 14:59 UTC (permalink / raw)
  To: Alexey Kardashevskiy, linuxppc-dev; +Cc: Alexey Kardashevskiy, kvm-ppc

Alexey Kardashevskiy <aik@ozlabs.ru> writes:

> The userspace can trigger "vmalloc size %lu allocation failure: exceeds
> total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.
>
> This silences the warning by checking the limit before calling vzalloc()
> and returns ENOMEM if failed.
>
> This does not call underlying valloc helpers as __vmalloc_node() is only
> exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is not
> exported at all.
>
> Spotted by syzkaller.
>
> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
> ---
>  arch/powerpc/kvm/book3s_hv.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
> index 474c0cfde384..a59f1cccbcf9 100644
> --- a/arch/powerpc/kvm/book3s_hv.c
> +++ b/arch/powerpc/kvm/book3s_hv.c
> @@ -4830,8 +4830,12 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
>  	unsigned long npages = mem->memory_size >> PAGE_SHIFT;
>
>  	if (change = KVM_MR_CREATE) {
> -		slot->arch.rmap = vzalloc(array_size(npages,
> -					  sizeof(*slot->arch.rmap)));
> +		unsigned long cb = array_size(npages, sizeof(*slot->arch.rmap));

What does cb mean?

> +
> +		if ((cb >> PAGE_SHIFT) > totalram_pages())
> +			return -ENOMEM;
> +
> +		slot->arch.rmap = vzalloc(cb);
>  		if (!slot->arch.rmap)
>  			return -ENOMEM;
>  	}

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
  2021-09-01 14:59 ` [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Fabiano Rosas
@ 2021-09-02  4:25   ` Alexey Kardashevskiy
  2021-09-02 13:08     ` Fabiano Rosas
  0 siblings, 1 reply; 9+ messages in thread
From: Alexey Kardashevskiy @ 2021-09-02  4:25 UTC (permalink / raw)
  To: Fabiano Rosas, linuxppc-dev; +Cc: kvm-ppc



On 02/09/2021 00:59, Fabiano Rosas wrote:
> Alexey Kardashevskiy <aik@ozlabs.ru> writes:
> 
>> The userspace can trigger "vmalloc size %lu allocation failure: exceeds
>> total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.
>>
>> This silences the warning by checking the limit before calling vzalloc()
>> and returns ENOMEM if failed.
>>
>> This does not call underlying valloc helpers as __vmalloc_node() is only
>> exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is not
>> exported at all.
>>
>> Spotted by syzkaller.
>>
>> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
>> ---
>>   arch/powerpc/kvm/book3s_hv.c | 8 ++++++--
>>   1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
>> index 474c0cfde384..a59f1cccbcf9 100644
>> --- a/arch/powerpc/kvm/book3s_hv.c
>> +++ b/arch/powerpc/kvm/book3s_hv.c
>> @@ -4830,8 +4830,12 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
>>   	unsigned long npages = mem->memory_size >> PAGE_SHIFT;
>>
>>   	if (change = KVM_MR_CREATE) {
>> -		slot->arch.rmap = vzalloc(array_size(npages,
>> -					  sizeof(*slot->arch.rmap)));
>> +		unsigned long cb = array_size(npages, sizeof(*slot->arch.rmap));
> 
> What does cb mean?

"count of bytes"

This is from my deep Windows past :)

https://docs.microsoft.com/en-us/windows/win32/stg/coding-style-conventions


> 
>> +
>> +		if ((cb >> PAGE_SHIFT) > totalram_pages())
>> +			return -ENOMEM;
>> +
>> +		slot->arch.rmap = vzalloc(cb);
>>   		if (!slot->arch.rmap)
>>   			return -ENOMEM;
>>   	}

-- 
Alexey

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
  2021-09-02  4:25   ` Alexey Kardashevskiy
@ 2021-09-02 13:08     ` Fabiano Rosas
  2021-09-02 13:23       ` David Laight
  0 siblings, 1 reply; 9+ messages in thread
From: Fabiano Rosas @ 2021-09-02 13:08 UTC (permalink / raw)
  To: Alexey Kardashevskiy, linuxppc-dev; +Cc: kvm-ppc

Alexey Kardashevskiy <aik@ozlabs.ru> writes:

> On 02/09/2021 00:59, Fabiano Rosas wrote:
>> Alexey Kardashevskiy <aik@ozlabs.ru> writes:
>> 
>>> The userspace can trigger "vmalloc size %lu allocation failure: exceeds
>>> total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.
>>>
>>> This silences the warning by checking the limit before calling vzalloc()
>>> and returns ENOMEM if failed.
>>>
>>> This does not call underlying valloc helpers as __vmalloc_node() is only
>>> exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is not
>>> exported at all.
>>>
>>> Spotted by syzkaller.
>>>
>>> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
>>> ---
>>>   arch/powerpc/kvm/book3s_hv.c | 8 ++++++--
>>>   1 file changed, 6 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
>>> index 474c0cfde384..a59f1cccbcf9 100644
>>> --- a/arch/powerpc/kvm/book3s_hv.c
>>> +++ b/arch/powerpc/kvm/book3s_hv.c
>>> @@ -4830,8 +4830,12 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
>>>   	unsigned long npages = mem->memory_size >> PAGE_SHIFT;
>>>
>>>   	if (change = KVM_MR_CREATE) {
>>> -		slot->arch.rmap = vzalloc(array_size(npages,
>>> -					  sizeof(*slot->arch.rmap)));
>>> +		unsigned long cb = array_size(npages, sizeof(*slot->arch.rmap));
>> 
>> What does cb mean?
>
> "count of bytes"
>
> This is from my deep Windows past :)
>
> https://docs.microsoft.com/en-us/windows/win32/stg/coding-style-conventions

=D How interesting! And according to that link 'sz' means "Zero terminated
String". Imagine the confusion.. haha

>> 
>>> +
>>> +		if ((cb >> PAGE_SHIFT) > totalram_pages())
>>> +			return -ENOMEM;
>>> +
>>> +		slot->arch.rmap = vzalloc(cb);
>>>   		if (!slot->arch.rmap)
>>>   			return -ENOMEM;
>>>   	}

^ permalink raw reply	[flat|nested] 9+ messages in thread
* RE: [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
  2021-09-02 13:08     ` Fabiano Rosas
@ 2021-09-02 13:23       ` David Laight
  0 siblings, 0 replies; 9+ messages in thread
From: David Laight @ 2021-09-02 13:23 UTC (permalink / raw)
  To: 'Fabiano Rosas', Alexey Kardashevskiy,
	linuxppc-dev@lists.ozlabs.org
  Cc: kvm-ppc@vger.kernel.org

...
> > This is from my deep Windows past :)
> >
> > https://docs.microsoft.com/en-us/windows/win32/stg/coding-style-conventions
> 
> =D How interesting! And according to that link 'sz' means "Zero terminated
> String". Imagine the confusion.. haha

Is that document responsible for some of the general unreadability
of windows code?
(I'm not going to addle by brain by trying to read it.)

Types like DWORD_PTR really shouldn't exist.
You won't guess what it is...

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
  2021-09-01  8:45 ` [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Alexey Kardashevskiy
  2021-09-01 14:45   ` Fabiano Rosas
@ 2021-12-15  0:40   ` Michael Ellerman
  1 sibling, 0 replies; 9+ messages in thread
From: Michael Ellerman @ 2021-12-15  0:40 UTC (permalink / raw)
  To: Alexey Kardashevskiy, linuxppc-dev; +Cc: kvm-ppc

On Wed, 1 Sep 2021 18:45:50 +1000, Alexey Kardashevskiy wrote:
> H_COPY_TOFROM_GUEST is an hcall for an upper level VM to access its nested
> VMs memory. The userspace can trigger WARN_ON_ONCE(!(gfp & __GFP_NOWARN))
> in __alloc_pages() by constructing a tiny VM which only does
> H_COPY_TOFROM_GUEST with a too big GPR9 (number of bytes to copy).
> 
> This silences the warning by adding __GFP_NOWARN.
> 
> [...]

Applied to powerpc/next.

[1/1] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
      https://git.kernel.org/powerpc/c/792020907b11c6f9246c21977cab3bad985ae4b6

cheers

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
  2021-09-01  8:45 [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Alexey Kardashevskiy
  2021-09-01  8:45 ` [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Alexey Kardashevskiy
  2021-09-01 14:59 ` [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Fabiano Rosas
@ 2021-12-15  0:40 ` Michael Ellerman
  2 siblings, 0 replies; 9+ messages in thread
From: Michael Ellerman @ 2021-12-15  0:40 UTC (permalink / raw)
  To: Alexey Kardashevskiy, linuxppc-dev; +Cc: kvm-ppc

On Wed, 1 Sep 2021 18:45:12 +1000, Alexey Kardashevskiy wrote:
> The userspace can trigger "vmalloc size %lu allocation failure: exceeds
> total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.
> 
> This silences the warning by checking the limit before calling vzalloc()
> and returns ENOMEM if failed.
> 
> This does not call underlying valloc helpers as __vmalloc_node() is only
> exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is not
> exported at all.
> 
> [...]

Applied to powerpc/next.

[1/1] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
      https://git.kernel.org/powerpc/c/511d25d6b789fffcb20a3eb71899cf974a31bd9d

cheers

^ permalink raw reply	[flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-12-15  0:40 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-01  8:45 [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Alexey Kardashevskiy
2021-09-01  8:45 ` [PATCH kernel] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Alexey Kardashevskiy
2021-09-01 14:45   ` Fabiano Rosas
2021-12-15  0:40   ` Michael Ellerman
2021-09-01 14:59 ` [PATCH kernel] KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots Fabiano Rosas
2021-09-02  4:25   ` Alexey Kardashevskiy
2021-09-02 13:08     ` Fabiano Rosas
2021-09-02 13:23       ` David Laight
2021-12-15  0:40 ` Michael Ellerman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox