Bug 1481047

Summary: blkdev_issue_zeroout on dm-crypt container could cause OOM and kernel panic
Product: [Community] LVM and device-mapper Reporter: Tom Yan <tom.ty89>
Component: device-mapperAssignee: Mikuláš Patočka <mpatocka>
Status: CLOSED UPSTREAM QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: high    
Version: unspecifiedCC: agk, heinzm, jbrassow, msnitzer, prajnoha, zkabelac
Target Milestone: ---Keywords: Triaged
Target Release: ---Flags: rule-engine: lvm-technical-solution?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-22 21:21:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Another test case that shows the problem (1/2)
none
Another test case that shows the problem (2/2) none

Description Tom Yan 2017-08-13 21:07:01 UTC 
Description of problem:
When one attempts to zero out a dm-crypt container with blkdiscard -z, OOM and kernel panic could occur.

Apparently the reason is, when the bio chain of zero pages reaches the dm layer, dm-crypt does not know to split the chain but instead it try to allocate memory for the whole chain/request for encryption/conversion, so if the size of that is larger than the available memory, OOM, and in extreme cases, kernel panic could occur:
https://gitlab.com/cryptsetup/cryptsetup/uploads/207ffdada52f3172f54a014c67159625/DSC_0129.JPG

blkdev_issue_zeroout is the block layer function called:
http://elixir.free-electrons.com/linux/latest/source/block/ioctl.c#L257

This should be the method involved:
http://elixir.free-electrons.com/linux/latest/source/block/blk-lib.c#L308

Version-Release number of selected component (if applicable):
kernel 4.12.3 (Arch Linux core/linux)

Steps to Reproduce:
1. cryptsetup open /dev/(disk/partition) rand --type plain --key-file /dev/random
2. blkdiscard -z /dev/(disk/partition)
Comment 1 Tom Yan 2017-08-13 21:10:42 UTC 
Created attachment 1312799 [details]
Another test case that shows the problem (1/2)

You can see that there are 2713M available and I am making a zero out request of 2560M.
Comment 2 Tom Yan 2017-08-13 21:18:31 UTC 
Created attachment 1312800 [details]
Another test case that shows the problem (2/2)

You can see the available memory can at least go down to as low as 273M (while 2713 - 2560 = 153M). Memory are released bit by bit as the zero pages get converted/encrypted and written to the disk, apparently.
Comment 3 Milan Broz 2017-08-14 06:44:28 UTC 
There is a dm-crypt patch by Mikulas that should fix the issue
https://www.redhat.com/archives/dm-devel/2017-August/msg00164.html
Comment 5 Jonathan Earl Brassow 2021-11-22 21:21:49 UTC 
fixed upstream by kernel commit 5059353df86e2573ccd9d43fd9d9396dcec47ca2