• Christoph Paasch's avatar
    net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec · 398f0132
    Christoph Paasch authored
    Since commit fc62814d ("net/packet: fix 4gb buffer limit due to overflow check")
    one can now allocate packet ring buffers >= UINT_MAX. However, syzkaller
    found that that triggers a warning:
    
    [   21.100000] WARNING: CPU: 2 PID: 2075 at mm/page_alloc.c:4584 __alloc_pages_nod0
    [   21.101490] Modules linked in:
    [   21.101921] CPU: 2 PID: 2075 Comm: syz-executor.0 Not tainted 5.0.0 #146
    [   21.102784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011
    [   21.103887] RIP: 0010:__alloc_pages_nodemask+0x2a0/0x630
    [   21.104640] Code: fe ff ff 65 48 8b 04 25 c0 de 01 00 48 05 90 0f 00 00 41 bd 01 00 00 00 48 89 44 24 48 e9 9c fe 3
    [   21.107121] RSP: 0018:ffff88805e1cf920 EFLAGS: 00010246
    [   21.107819] RAX: 0000000000000000 RBX: ffffffff85a488a0 RCX: 0000000000000000
    [   21.108753] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000000
    [   21.109699] RBP: 1ffff1100bc39f28 R08: ffffed100bcefb67 R09: ffffed100bcefb67
    [   21.110646] R10: 0000000000000001 R11: ffffed100bcefb66 R12: 000000000000000d
    [   21.111623] R13: 0000000000000000 R14: ffff88805e77d888 R15: 000000000000000d
    [   21.112552] FS:  00007f7c7de05700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
    [   21.113612] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [   21.114405] CR2: 000000000065c000 CR3: 000000005e58e006 CR4: 00000000001606e0
    [   21.115367] Call Trace:
    [   21.115705]  ? __alloc_pages_slowpath+0x21c0/0x21c0
    [   21.116362]  alloc_pages_current+0xac/0x1e0
    [   21.116923]  kmalloc_order+0x18/0x70
    [   21.117393]  kmalloc_order_trace+0x18/0x110
    [   21.117949]  packet_set_ring+0x9d5/0x1770
    [   21.118524]  ? packet_rcv_spkt+0x440/0x440
    [   21.119094]  ? lock_downgrade+0x620/0x620
    [   21.119646]  ? __might_fault+0x177/0x1b0
    [   21.120177]  packet_setsockopt+0x981/0x2940
    [   21.120753]  ? __fget+0x2fb/0x4b0
    [   21.121209]  ? packet_release+0xab0/0xab0
    [   21.121740]  ? sock_has_perm+0x1cd/0x260
    [   21.122297]  ? selinux_secmark_relabel_packet+0xd0/0xd0
    [   21.123013]  ? __fget+0x324/0x4b0
    [   21.123451]  ? selinux_netlbl_socket_setsockopt+0x101/0x320
    [   21.124186]  ? selinux_netlbl_sock_rcv_skb+0x3a0/0x3a0
    [   21.124908]  ? __lock_acquire+0x529/0x3200
    [   21.125453]  ? selinux_socket_setsockopt+0x5d/0x70
    [   21.126075]  ? __sys_setsockopt+0x131/0x210
    [   21.126533]  ? packet_release+0xab0/0xab0
    [   21.127004]  __sys_setsockopt+0x131/0x210
    [   21.127449]  ? kernel_accept+0x2f0/0x2f0
    [   21.127911]  ? ret_from_fork+0x8/0x50
    [   21.128313]  ? do_raw_spin_lock+0x11b/0x280
    [   21.128800]  __x64_sys_setsockopt+0xba/0x150
    [   21.129271]  ? lockdep_hardirqs_on+0x37f/0x560
    [   21.129769]  do_syscall_64+0x9f/0x450
    [   21.130182]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
    
    We should allocate with __GFP_NOWARN to handle this.
    
    Cc: Kal Conley <kal.conley@dectris.com>
    Cc: Andrey Konovalov <andreyknvl@google.com>
    Fixes: fc62814d ("net/packet: fix 4gb buffer limit due to overflow check")
    Signed-off-by: default avatarChristoph Paasch <cpaasch@apple.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    398f0132
af_packet.c 107 KB