On Thu, May 09, 2024 at 09:30:59AM +0800, Hailong Liu wrote: > I’m not suggesting that erofs would cause a memleak. What I mean is > that if kvmalloc is invoked with __GFP_NOFAIL, it must ensure a non-NULL > return, even in scenarios where memory leaks caused by other processes > result in the inability to allocate a page. In such a situation, it > should result in “Kernel panic - not syncing: System is deadlocked > on memory”. Yes. __GFP_NOFAIL is a contract that says never ever return NULL. The callers will generally not handle a NULL return and blindly dereference it, leading to all kinds of nasty security issues. Note that deadlocking would be nice, but at least it is just a denial of service and not a possible privilege escalation.
