lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 8 May 2009 20:49:07 +0400
From:	Cyrill Gorcunov <gorcunov@...il.com>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Pekka Enberg <penberg@...helsinki.fi>,
	Christoph Lameter <cl@...ux-foundation.org>,
	akpm@...ux-foundation.org, kosaki.motohiro@...fujitsu.com,
	mel@....ul.ie, riel@...hat.com, linux-kernel@...r.kernel.org,
	mingo@...e.hu, rientjes@...gle.com
Subject: Re: [PATCH 2/2] SLUB: Use GFP_PANIC for early-boot allocations

[Peter Zijlstra - Fri, May 08, 2009 at 06:31:07PM +0200]
| On Fri, 2009-05-08 at 20:15 +0400, Cyrill Gorcunov wrote:
| > [Peter Zijlstra - Fri, May 08, 2009 at 05:50:58PM +0200]
| > | On Fri, 2009-05-08 at 18:45 +0300, Pekka Enberg wrote:
| > | 
| > | > On Fri, 2009-05-08 at 17:42 +0200, Peter Zijlstra wrote:
| > | > > BUG_ON((gfp & __GFP_PANIC) && (system_state != STATE_BOOTING));
| > | > 
| > | > There's no technical reason not to use GFP_PANIC when system_state !=
| > | > STATE_BOOTING so I don't think it's needed. It's just that GFP_PANIC
| > | > (and BUG_ON) is IMHO too harsh for create_unique_id().
| > | 
| > | Shouldn't we handle every allocation failure after booting?
| > 
| > Definitely
| > 
| > | 
| > | I think it _is_ a bug to panic on allocation failures once we're
| > | running.
| > |
| > 
| > But Peter I believe there was no suggestion to use GFP_PANIC everywhere
| > to get rid of error handling. But rather to use it in case if kmalloc is
| > followed by BUG_ON.
| 
| Well, what I'm saying is that that either is a genuine bug we should
| fix, or its boot code, which is exactly what my assertion above tests
| for.

Yes, I agree and didn't argue against actually (but most probably I
was not precise in words). There is no protection of using it wrong
or buggy way (to eliminate error paths but just panic). By adding
STATE_BOOTING we seem to protect ourself from such a case but then
we better rename it to something like GFP_BOOT_PANIC maybe? Since
from plain GFP_PANIC it's not clear, hmm?

| 
| I really believe GFP_PANIC usage outside of system_state ==
| STATE_BOOTING is a bug we should fix. Not create a better syntax for.
| 
| What code outside of booting is allowed to bring down the kernel on an
| allocation failure?
| 

	-- Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ