Quoting Laura Abbott (2018-01-05 19:14:08) > syzbot reported a warning from Ion: > > WARNING: CPU: 1 PID: 3485 at mm/page_alloc.c:3926 > > ... > __alloc_pages_nodemask+0x9fb/0xd80 mm/page_alloc.c:4252 > alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2036 > alloc_pages include/linux/gfp.h:492 [inline] > ion_system_contig_heap_allocate+0x40/0x2c0 > drivers/staging/android/ion/ion_system_heap.c:374 > ion_buffer_create drivers/staging/android/ion/ion.c:93 [inline] > ion_alloc+0x2c1/0x9e0 drivers/staging/android/ion/ion.c:420 > ion_ioctl+0x26d/0x380 drivers/staging/android/ion/ion-ioctl.c:84 > vfs_ioctl fs/ioctl.c:46 [inline] > do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686 > SYSC_ioctl fs/ioctl.c:701 [inline] > SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 > > This is a warning about attempting to allocate order > MAX_ORDER. This > is coming from a userspace Ion allocation request. Since userspace is > free to request however much memory it wants (and the kernel is free to > deny its allocation), silence the allocation attempt with __GFP_NOWARN > in case it fails. > > Reported-by: syzbot+76e7efc4748495855a4d@xxxxxxxxxxxxxxxxxxxxxxxxx > Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx> > Signed-off-by: Laura Abbott <labbott@xxxxxxxxxx> > --- > drivers/staging/android/ion/ion_system_heap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c > index 71c4228f8238..bc19cdd30637 100644 > --- a/drivers/staging/android/ion/ion_system_heap.c > +++ b/drivers/staging/android/ion/ion_system_heap.c > @@ -362,7 +362,7 @@ static int ion_system_contig_heap_allocate(struct ion_heap *heap, > unsigned long i; > int ret; > > - page = alloc_pages(low_order_gfp_flags, order); > + page = alloc_pages(low_order_gfp_flags | __GFP_NOWARN, order); There's both high_order_gfp and low_order_gfp. The former includes NOWARN and NORETRY. Interesting, ion_system_heap_create_pools() tries to mix low_order and high_order, but it only ever uses high_order flags. (orders[0] == 8 forcing a permanent switch from low_order_gfp to high_order_gfp). There's no good reason for low_order_gfp, high_order_gfp to be static rewritable variables. For this instance, I would go farther and suggest you may want __GFP_RETRY_MAYFAIL | __GFP_NOWARN to prevent userspace from triggering the lowmemkiller/oomkiller here. (I would kill low_order_gfp_flags / high_order_gfp_flags and avoid the obfuscation.) -Chris _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
