From: Konstantin Khorenko <[email protected]> In do_ip_setsockopt() IP_MSFILTER and MCAST_MSFILTER cases allocates memory size which depends on userspace but not greater than sysctl_optmem_max (net.core.optmem_max which is 20480 by default) => 3rd order page allocations are possible here =>
substitute kmalloc() with kvmalloc() here. WARNING: CPU: 2 PID: 34605 at mm/page_alloc.c:3197 __alloc_pages_nodemask+0x2e4/0x590 order 3 >= 3, gfp 0x40d0 Modules linked in: <skipped> CPU: 2 PID: 34605 Comm: trinity-main ve: d7d30d09-1585-4ef1-99b9-893b4fb06cec Not tainted 3.10.0-693.17.1.vz7.45.8 #1 45.8 Hardware name: Virtuozzo KVM, BIOS 1.10.2-3.1.vz7.2 04/01/2014 Call Trace: [<ffffffff816d6d81>] dump_stack+0x19/0x1b [<ffffffff8108a8d8>] __warn+0xd8/0x100 [<ffffffff8108a95f>] warn_slowpath_fmt+0x5f/0x80 [<ffffffff811a12c4>] __alloc_pages_nodemask+0x2e4/0x590 [<ffffffff811ea978>] alloc_pages_current+0x98/0x110 [<ffffffff811bd498>] kmalloc_order+0x18/0x40 [<ffffffff811bd4e6>] kmalloc_order_trace+0x26/0xa0 [<ffffffff811f9399>] __kmalloc+0x279/0x290 [<ffffffff81604277>] do_ip_setsockopt.isra.15+0x507/0xeb0 [<ffffffff81604c50>] ip_setsockopt+0x30/0xd0 [<ffffffff8162b9fb>] udp_setsockopt+0x1b/0x40 [<ffffffff8168bee6>] ipv6_setsockopt+0x46/0xd0 [<ffffffff81690d7b>] udpv6_setsockopt+0x1b/0x40 [<ffffffff8159d204>] sock_common_setsockopt+0x14/0x20 [<ffffffff8159c390>] SyS_setsockopt+0x80/0xf0 [<ffffffff816e9a7d>] system_call_fastpath+0x16/0x1b ---[ end trace 5b208f01e4177b5b ]--- https://jira.sw.ru/browse/PSBM-82646 Signed-off-by: Konstantin Khorenko <[email protected]> (cherry picked from commit ce5cdfafdb374370974020b3bca1a98198deff27) See also a2c841d94 ("do_ip_setsockopt(): don't open-code memdup_user()") memdup_user -> vmemdup_user VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127798 Signed-off-by: Alexander Mikhalitsyn <[email protected]> --- net/ipv4/ip_sockglue.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index b7a26120d552..18bbeda2bf27 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -937,7 +937,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, err = -ENOBUFS; break; } - msf = memdup_user(optval, optlen); + msf = vmemdup_user(optval, optlen); if (IS_ERR(msf)) { err = PTR_ERR(msf); break; @@ -945,17 +945,17 @@ static int do_ip_setsockopt(struct sock *sk, int level, /* numsrc >= (1G-4) overflow in 32 bits */ if (msf->imsf_numsrc >= 0x3ffffffcU || msf->imsf_numsrc > net->ipv4.sysctl_igmp_max_msf) { - kfree(msf); + kvfree(msf); err = -ENOBUFS; break; } if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) { - kfree(msf); + kvfree(msf); err = -EINVAL; break; } err = ip_mc_msfilter(sk, msf, 0); - kfree(msf); + kvfree(msf); break; } case IP_BLOCK_SOURCE: @@ -1088,7 +1088,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, err = -ENOBUFS; break; } - gsf = memdup_user(optval, optlen); + gsf = vmemdup_user(optval, optlen); if (IS_ERR(gsf)) { err = PTR_ERR(gsf); break; @@ -1105,7 +1105,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, goto mc_msf_out; } msize = IP_MSFILTER_SIZE(gsf->gf_numsrc); - msf = kmalloc(msize, GFP_KERNEL); + msf = kvmalloc(msize, GFP_KERNEL); if (!msf) { err = -ENOBUFS; goto mc_msf_out; @@ -1128,13 +1128,13 @@ static int do_ip_setsockopt(struct sock *sk, int level, goto mc_msf_out; msf->imsf_slist[i] = psin->sin_addr.s_addr; } - kfree(gsf); + kvfree(gsf); gsf = NULL; err = ip_mc_msfilter(sk, msf, ifindex); mc_msf_out: - kfree(msf); - kfree(gsf); + kvfree(msf); + kvfree(gsf); break; } case IP_MULTICAST_ALL: -- 2.28.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
