lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Jun 2017 17:43:18 -0700
From:   Doug Berger <opendmb@...il.com>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Gregory Fong <gregory.0xf0@...il.com>,
        Angus Clark <angus@...usclark.org>,
        Laura Abbott <labbott@...hat.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Lucas Stach <l.stach@...gutronix.de>,
        Catalin Marinas <catalin.marinas@....com>,
        Shiraz Hashim <shashim@...eaurora.org>,
        Jaewon Kim <jaewon31.kim@...sung.com>,
        "open list:MEMORY MANAGEMENT" <linux-mm@...ck.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] cma: fix calculation of aligned offset

On 06/29/2017 01:48 PM, Andrew Morton wrote:
> On Wed, 28 Jun 2017 10:07:41 -0700 Doug Berger <opendmb@...il.com> wrote:
> 
>> The align_offset parameter is used by bitmap_find_next_zero_area_off()
>> to represent the offset of map's base from the previous alignment
>> boundary; the function ensures that the returned index, plus the
>> align_offset, honors the specified align_mask.
>>
>> The logic introduced by commit b5be83e308f7 ("mm: cma: align to
>> physical address, not CMA region position") has the cma driver
>> calculate the offset to the *next* alignment boundary.  In most cases,
>> the base alignment is greater than that specified when making
>> allocations, resulting in a zero offset whether we align up or down.
>> In the example given with the commit, the base alignment (8MB) was
>> half the requested alignment (16MB) so the math also happened to work
>> since the offset is 8MB in both directions.  However, when requesting
>> allocations with an alignment greater than twice that of the base,
>> the returned index would not be correctly aligned.
>>
>> Also, the align_order arguments of cma_bitmap_aligned_mask() and
>> cma_bitmap_aligned_offset() should not be negative so the argument
>> type was made unsigned.
> 
> The changelog doesn't describe the user-visible effects of the bug.  It
> should do so please, so that others can decide which kernel(s) need the fix.
> 
> Since the bug has been there for three years, I'll assume that -stable
> backporting is not needed.
> 
I'm afraid I'm confused by what you are asking me to do since it appears
that you have already signed-off on this patch.

The direct user-visible effect of the bug is that if the user requests a
CMA allocation that is aligned with a granule that is more than twice
the base alignment of the CMA region she will receive an allocation that
does not have that alignment.

As I indicated to Gregory, the follow-on consequences of the address not
satisfying the required alignment depend on why the alignment was
requested.  In our case it was a system crash, but it could also
manifest as data corruption on a network interface for example.

In general I would expect it to be unusual for anyone to request an
allocation alignment that is larger than the CMA base alignment which is
probably why the bug has been hiding for three years.

Thanks for your support with this and let me know what more you would
like from me.

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ