1. Forum
  2. Usenet
  3. LINUX.KERNEL

  • [alsa-devel] usb/sound/usx2y: warning in usb_stream_new/__alloc_pag

    From Takashi Iwai@21:1/5 to Takashi Iwai on Mon Oct 2 14:20:02 2017
    On Fri, 22 Sep 2017 11:35:49 +0200,
    Takashi Iwai wrote:

    On Thu, 21 Sep 2017 17:38:53 +0200,
    Andrey Konovalov wrote:

    Hi!

    I've got the following report while fuzzing the kernel with syzkaller.

    On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).

    ------------[ cut here ]------------
    WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883 __alloc_pages_slowpath+0x1ef2/0x2d70
    Modules linked in:
    CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted 4.14.0-rc1-42251-gebb2c2437d80 #215
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
    Workqueue: usb_hub_wq hub_event
    task: ffff8800643c18c0 task.stack: ffff88006b658000
    RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
    RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
    RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
    RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
    RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
    RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
    R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
    R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
    FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
    Call Trace:
    __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
    alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
    alloc_pages ./include/linux/gfp.h:505
    __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
    usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214

    The warning itself should be harmless, indicating only that the driver
    tries to allocate too high-order memory pages. The error path handles
    the allocation error gracefully, so basically we can suppress the
    warning by adding __GFP_NOWARN, in addition to a sanity check in the
    caller side.

    I've been traveling and will be traveling again in the next week, so
    I'll cook up once after back to work again.

    Andrey, could you check the patch below? It should suppress the
    spurious warnings.


    thanks,

    Takashi

    -- 8< --
    From: Takashi Iwai <tiwai@suse.de>
    Subject: [PATCH] ALSA: usx2y: Suppress kernel warning at page allocation
    failures

    The usx2y driver allocates the stream read/write buffers in continuous
    pages depending on the stream setup, and this may spew the kernel
    warning messages with a stack trace like:
    WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
    __alloc_pages_slowpath+0x1ef2/0x2d70
    Modules linked in:
    CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
    ....

    It may confuse user as if it were any serious error, although this is
    no fatal error and the driver handles the error case gracefully.
    Since the driver has already some sanity check of the given size (128
    and 256 pages), it can't pass any crazy value. So it's merely page fragmentation.

    This patch adds __GFP_NOWARN to each caller for suppressing such
    kernel warnings. The original issue was spotted by syzkaller.

    Reported-by: Andrey Konovalov <andreyknvl@google.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    ---
    sound/usb/usx2y/usb_stream.c | 6 ++++--
    1 file changed, 4 insertions(+), 2 deletions(-)

    diff --git a/sound/usb/usx2y/usb_stream.c b/sound/usb/usx2y/usb_stream.c
    index 4dab49080700..e229abd21652 100644
    --- a/sound/usb/usx2y/usb_stream.c
    +++ b/sound/usb/usx2y/usb_stream.c
    @@ -191,7 +191,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
    }

    pg = get_order(read_size);
    - sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg);
    + sk->s = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
    + __GFP_NOWARN, pg);
    if (!sk->s) {
    snd_printk(KERN_WARNING "couldn't __get_free_pages()\n");
    goto out;
    @@ -211,7 +212,8 @@ struct usb_stream *usb_stream_new(struct usb_stream_kernel *sk,
    pg = get_order(write_size);

    sk->write_page =
    - (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO, pg); + (void *)__get_free_pages(GFP_KERNEL|__GFP_COMP|__GFP_ZERO|
    + __GFP_NOWARN, pg);
    if (!sk->write_page) {
    snd_printk(KERN_WARNING
  • From Takashi Iwai@21:1/5 to Andrey Konovalov on Mon Oct 2 22:50:16 2017
    On Mon, 02 Oct 2017 16:34:57 +0200,
    Andrey Konovalov wrote:

    On Mon, Oct 2, 2017 at 2:14 PM, Takashi Iwai <tiwai@suse.de> wrote:
    On Fri, 22 Sep 2017 11:35:49 +0200,
    Takashi Iwai wrote:

    On Thu, 21 Sep 2017 17:38:53 +0200,
    Andrey Konovalov wrote:

    Hi!

    I've got the following report while fuzzing the kernel with syzkaller. >> >
    On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).

    ------------[ cut here ]------------
    WARNING: CPU: 1 PID: 1846 at mm/page_alloc.c:3883
    __alloc_pages_slowpath+0x1ef2/0x2d70
    Modules linked in:
    CPU: 1 PID: 1846 Comm: kworker/1:2 Not tainted
    4.14.0-rc1-42251-gebb2c2437d80 #215
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
    Workqueue: usb_hub_wq hub_event
    task: ffff8800643c18c0 task.stack: ffff88006b658000
    RIP: 0010:trace_reclaim_retry_zone ./include/trace/events/oom.h:31
    RIP: 0010:should_reclaim_retry mm/page_alloc.c:3783
    RIP: 0010:__alloc_pages_slowpath+0x1ef2/0x2d70 mm/page_alloc.c:4039
    RSP: 0018:ffff88006b65d938 EFLAGS: 00010246
    RAX: 00000000ffffa666 RBX: 00000000014000c0 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000034 RDI: 000000000140c0c0
    RBP: ffff88006b65e088 R08: 0000000000000000 R09: fffffffffff00f88
    R10: 0000000000000000 R11: 0000000000000085 R12: ffff88006b65e130
    R13: ffff88006b65e270 R14: ffff88006b65e0f0 R15: 000000000140c0c0
    FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000020829000 CR3: 0000000063cce000 CR4: 00000000000006e0
    Call Trace:
    __alloc_pages_nodemask+0x921/0xf70 mm/page_alloc.c:4217
    alloc_pages_current+0xbb/0x1f0 mm/mempolicy.c:2035
    alloc_pages ./include/linux/gfp.h:505
    __get_free_pages+0x14/0x50 mm/page_alloc.c:4248
    usb_stream_new+0x50f/0x9f0 sound/usb/usx2y/usb_stream.c:214

    The warning itself should be harmless, indicating only that the driver
    tries to allocate too high-order memory pages. The error path handles
    the allocation error gracefully, so basically we can suppress the
    warning by adding __GFP_NOWARN, in addition to a sanity check in the
    caller side.

    I've been traveling and will be traveling again in the next week, so
    I'll cook up once after back to work again.

    Andrey, could you check the patch below? It should suppress the
    spurious warnings.

    Hi Takashi,

    Your patch fixes the report triggered by my reproducer.

    Thanks!

    Tested-by: Andrey Konovalov <andreyknvl@google.com>

    Great, queued to for-linus branch now.
    Thanks!


    Takashi

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)