On 2021/01/22 10:35, Andrew Morton wrote:
> On Wed, 20 Jan 2021 19:34:36 +0900 Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:
>
>> syzbot is reporting that memdup_user_nul() which receives user-controlled
>> size (which can be up to (INT_MAX & PAGE_MASK)) via vfs_write() will hit
>> order >= MAX_ORDER path [1].
>>
>> Let's add __GFP_NOWARN to memdup_user_nul() as with commit 6c8fcc096be9d02f
>> ("mm: don't let userspace spam allocations warnings"). Also use GFP_USER as
>> with commit 6c2c97a24f096e32 ("memdup_user(): switch to GFP_USER").
>
> That commit failed to explain why a switch to GFP_USER was performed,
> so that commit isn't a good substitute for an explanation of this
> change.
For example, commit 2f77d107050abc14 ("Fix incorrect user space access locking
in mincore()") silently converted GFP_KERNEL to GFP_USER.
#define GFP_KERNEL (__GFP_RECLAIM | __GFP_IO | __GFP_FS)
#define GFP_USER (__GFP_RECLAIM | __GFP_IO | __GFP_FS | __GFP_HARDWALL)
* %GFP_KERNEL is typical for kernel-internal allocations. The caller requires
* %ZONE_NORMAL or a lower zone for direct access but can direct reclaim.
* %GFP_USER is for userspace allocations that also need to be directly
* accessibly by the kernel or hardware. It is typically used by hardware
* for buffers that are mapped to userspace (e.g. graphics) that hardware
* still must DMA to. cpuset limits are enforced for these allocations.
* %__GFP_HARDWALL enforces the cpuset memory allocation policy.
>
> So... please fully describe the reason for this change right here in
> this patch's changelog.
I guess that GFP_USER is chosen by cautious developers when memory is
allocated by userspace request. Is there a guideline for when to use GFP_USER ?
