The patch titled Subject: ipc sem: use kvmalloc for sem_undo allocation has been added to the -mm tree. Its filename is ipc-sem-use-kvmalloc-for-sem_undo-allocation.patch This patch should soon appear at https://ozlabs.org/~akpm/mmots/broken-out/ipc-sem-use-kvmalloc-for-sem_undo-allocation.patch and later at https://ozlabs.org/~akpm/mmotm/broken-out/ipc-sem-use-kvmalloc-for-sem_undo-allocation.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vasily Averin <vvs@xxxxxxxxxxxxx> Subject: ipc sem: use kvmalloc for sem_undo allocation Patch series "ipc: allocations cleanup", v2. Some ipc objects use the wrong allocation functions: small objects can use kmalloc(), and vice versa, potentially large objects can use kmalloc(). This patch (of 2): Size of sem_undo can exceed one page and with the maximum possible nsems = 32000 it can grow up to 64Kb. Let's switch its allocation to kvmalloc to avoid user-triggered disruptive actions like OOM killer in case of high-order memory shortage. User triggerable high order allocations are quite a problem on heavily fragmented systems. They can be a DoS vector. Link: https://lkml.kernel.org/r/ebc3ac79-3190-520d-81ce-22ad194986ec@xxxxxxxxxxxxx Link: https://lkml.kernel.org/r/a6354fd9-2d55-2e63-dd4d-fa7dc1d11134@xxxxxxxxxxxxx Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx> Acked-by: Michal Hocko <mhocko@xxxxxxxx> Reviewed-by: Shakeel Butt <shakeelb@xxxxxxxxxx> Acked-by: Roman Gushchin <guro@xxxxxx> Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx> Cc: Davidlohr Bueso <dave@xxxxxxxxxxxx> Cc: Dmitry Safonov <0x7f454c46@xxxxxxxxx> Cc: Johannes Weiner <hannes@xxxxxxxxxxx> Cc: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx> Cc: Vladimir Davydov <vdavydov.dev@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- ipc/sem.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/ipc/sem.c~ipc-sem-use-kvmalloc-for-sem_undo-allocation +++ a/ipc/sem.c @@ -1152,7 +1152,7 @@ static void freeary(struct ipc_namespace un->semid = -1; list_del_rcu(&un->list_proc); spin_unlock(&un->ulp->lock); - kfree_rcu(un, rcu); + kvfree_rcu(un, rcu); } /* Wake up all pending processes and let them fail with EIDRM. */ @@ -1935,7 +1935,8 @@ static struct sem_undo *find_alloc_undo( rcu_read_unlock(); /* step 2: allocate new undo structure */ - new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL); + new = kvzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, + GFP_KERNEL); if (!new) { ipc_rcu_putref(&sma->sem_perm, sem_rcu_free); return ERR_PTR(-ENOMEM); @@ -1947,7 +1948,7 @@ static struct sem_undo *find_alloc_undo( if (!ipc_valid_object(&sma->sem_perm)) { sem_unlock(sma, -1); rcu_read_unlock(); - kfree(new); + kvfree(new); un = ERR_PTR(-EIDRM); goto out; } @@ -1958,7 +1959,7 @@ static struct sem_undo *find_alloc_undo( */ un = lookup_undo(ulp, semid); if (un) { - kfree(new); + kvfree(new); goto success; } /* step 5: initialize & link new undo structure */ @@ -2418,7 +2419,7 @@ void exit_sem(struct task_struct *tsk) rcu_read_unlock(); wake_up_q(&wake_q); - kfree_rcu(un, rcu); + kvfree_rcu(un, rcu); } kfree(ulp); } _ Patches currently in -mm which might be from vvs@xxxxxxxxxxxxx are ipc-sem-use-kvmalloc-for-sem_undo-allocation.patch ipc-use-kmalloc-for-msg_queue-and-shmid_kernel.patch