On Mon, 2019-02-11 at 15:19 +0100, Greg Kroah-Hartman wrote: > 4.14-stable review patch. If anyone has any objections, please let > me know. > > ------------------ > > From: Mark Rutland <mark.rutland@xxxxxxx> > > commit 9dff0aa95a324e262ffb03f425d00e4751f3294e upstream. > > The perf tool uses /proc/sys/kernel/perf_event_mlock_kb to determine > how > large its ringbuffer mmap should be. This can be configured to > arbitrary > values, which can be larger than the maximum possible allocation from > kmalloc. > > When this is configured to a suitably large value (e.g. thanks to the > perf fuzzer), attempting to use perf record triggers a WARN_ON_ONCE() > in > __alloc_pages_nodemask(): > > WARNING: CPU: 2 PID: 5666 at mm/page_alloc.c:4511 > __alloc_pages_nodemask+0x3f8/0xbc8 > > Let's avoid this by checking that the requested allocation is > possible > before calling kzalloc. Hi, Perf tool is broken for me in 4.14.99 (running in x86_64 VM), bisection points to this patch. # perf top Error: Failed to mmap with 12 (Cannot allocate memory) # perf trace Cannot allocate memory # strace -T -tt -f -y perf top [...] 14:22:09.829544 openat(AT_FDCWD, "/proc/sys/kernel/perf_event_mlock_kb", O_RDONLY) = 18</proc/sys/kernel/perf_event_mlock_kb> <0.000015> 14:22:09.829612 read(18</proc/sys/kernel/perf_event_mlock_kb>, "516\n", 64) = 4 <0.000011> 14:22:09.829655 close(18</proc/sys/kernel/perf_event_mlock_kb>) = 0 <0.000008> 14:22:09.829702 mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_SHARED, 3<anon_inode:[perf_event]>, 0) = -1 ENOMEM (Cannot allocate memory) <0.000015> 14:22:09.829763 write(2</dev/pts/0>, "Error:\n", 7) = 7 <0.000009> 14:22:09.829810 write(2</dev/pts/0>, "Failed to mmap with 12 (Cannot a"..., 48) = 48 <0.000008> Changing the patch like this fixes it... - if (order_base_2(size) >= MAX_ORDER) + if (order_base_2(size) > MAX_ORDER) -Tommi > Reported-by: Julien Thierry <julien.thierry@xxxxxxx> > Signed-off-by: Mark Rutland <mark.rutland@xxxxxxx> > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> > Reviewed-by: Julien Thierry <julien.thierry@xxxxxxx> > Cc: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx> > Cc: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> > Cc: Jiri Olsa <jolsa@xxxxxxxxxx> > Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Cc: Namhyung Kim <namhyung@xxxxxxxxxx> > Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> > Link: > https://lkml.kernel.org/r/20190110142745.25495-1-mark.rutland@xxxxxxx > Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > --- > kernel/events/ring_buffer.c | 3 +++ > 1 file changed, 3 insertions(+) > > --- a/kernel/events/ring_buffer.c > +++ b/kernel/events/ring_buffer.c > @@ -719,6 +719,9 @@ struct ring_buffer *rb_alloc(int nr_page > size = sizeof(struct ring_buffer); > size += nr_pages * sizeof(void *); > > + if (order_base_2(size) >= MAX_ORDER) > + goto fail; > + > rb = kzalloc(size, GFP_KERNEL); > if (!rb) > goto fail; > >
