lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Mar 2017 19:17:14 +0100 From: Mark Rutland <mark.rutland@....com> To: Doug Berger <opendmb@...il.com> Cc: robh+dt@...nel.org, catalin.marinas@....com, will.deacon@....com, computersforpeace@...il.com, gregory.0xf0@...il.com, f.fainelli@...il.com, bcm-kernel-feedback-list@...adcom.com, wangkefeng.wang@...wei.com, james.morse@....com, mingo@...nel.org, sandeepa.s.prabhu@...il.com, shijie.huang@....com, linus.walleij@...aro.org, treding@...dia.com, jonathanh@...dia.com, olof@...om.net, mirza.krak@...il.com, suzuki.poulose@....com, bgolaszewski@...libre.com, devicetree@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org Subject: Re: [PATCH v2 7/8] bus: brcmstb_gisb: add notifier handling On Wed, Mar 29, 2017 at 10:39:11AM -0700, Doug Berger wrote: > On 03/29/2017 03:13 AM, Mark Rutland wrote: > >> +static int dump_gisb_error(struct notifier_block *self, unsigned long v, > >> + void *p) > >> + return 0; > > > > I think this should be NOTIFY_OK. > > > I used dump_mem_limit() as a template and didn't catch this (work to > do...). Upon review I think I would prefer NOTIFY_DONE since this call > is opportunistic (i.e. it is taking the opportunity to check whether > additional diagnostic data is available to display) and has no interest > in affecting the overall handling of the event. That's fine by me. Does the distinction matter here? Most notifer users treat NOTIFY_OK and NOTIFY_DONE as equivalent, and notifier_call_chain only terminates when it sees NOTIFY_STOP_MASK. [...] > >> + if (list_is_singular(&brcmstb_gisb_arb_device_list)) { > >> + register_die_notifier(&gisb_error_notifier); > >> + atomic_notifier_chain_register(&panic_notifier_list, > >> + &gisb_error_notifier); > > > > I don't think this is quite right. A notifier_block can only be > > registered to one notifier chain at a time, and this has the potential > > to corrupt both chains. > > > A VERY good point thanks for pointing this out. > > > I also think you only need to register the panic notifier. An SError > > should always result in a panic. > > > That was my initial thought as well. However, testing revealed that the > bad mode Oops actually exits the user space process and doesn't reach > the panic so there was no helpful diagnostic message. This may be in > line with your comments about insufficient fatality of failures in PATCH > v2 6/8, but it actually is more in line with our desired behavior for > the aborted write. Setting the notify on die gave us the result we are > looking for, but as noted above I should have created a separate notifier. > > I had hoped that the same approach (i.e. die notifier) would remove the > need for PATCH v2 6/8 as well, but I found that the Unhandled fault > error didn't actually die from user mode. In my mind it's a bug that we don't treat those errors more fatally. I'll try to dig into that. Thanks, Mark.
Powered by blists - more mailing lists