On Tue, Aug 20, 2024 at 7:33 AM Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Mon, 19 Aug 2024 at 12:23, Barry Song <21cnbao@xxxxxxxxx> wrote: > > > > > > That could be an exploit taking advantage of those improper callers, > > So? > > FIX THE BUGGY CODE. That's definitely in progress, with patch 1/4 addressing vdpa. There's also an RFC to enforce DIRECT_RECLAMATION for __GFP_NOFAIL, which will prevent passing unsupported flags to the memory management system: https://lore.kernel.org/all/20240724085544.299090-6-21cnbao@xxxxxxxxx/ > > Don't make insane and incorrect changes to the MM code and spread > Fear, Uncertainty and Doubt. > > > thus it wouldn’t necessarily result in an immediate oops in callers but > > result in an exploit > > No. Any bug can be an exploit. Don't try to make this something > special by calling it an exploit. > > NULL pointer dereferences are some of the *least* worrisome bugs, > because we don't allow people to mmap the NULL area anyway. > > So just stop spreading FUD. We don't improve the kernel by making > excuses for bugs, we improve it by fixing things. > > And any caller that asks for NOFAIL with bad parameters is buggy. The > MM code should NOT try to fix it up, and dammit, BUG_ON() is not > acceptable as a debugging help. Never was, never will be. Okay, I see your point. However, the discussion originally began with just a simple WARN_ON() to flag improper usage: https://lore.kernel.org/linux-mm/20240717230025.77361-1-21cnbao@xxxxxxxxx/ Now, it seems we've come full circle and are opting to use WARN_ON_ONCE() instead? > > Worry-warts already do "reboot-on-warn". > > Linus Thanks Barry
