lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 30 Nov 2018 00:09:30 -0800
From:   Stephen Boyd <sboyd@...nel.org>
To:     Nicholas Mc Guire <der.herr@...r.at>
Cc:     Michael Turquette <mturquette@...libre.com>,
        Nicholas Mc Guire <hofrat@...dl.org>,
        Michal Simek <michal.simek@...inx.com>,
        Rob Herring <robh@...nel.org>, linux-clk@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] clk: zynq: do not allow kmalloc failure

Quoting Nicholas Mc Guire (2018-11-29 23:54:53)
> On Thu, Nov 29, 2018 at 03:45:23PM -0800, Stephen Boyd wrote:
> > Quoting Nicholas Mc Guire (2018-11-21 04:28:30)
> > > The kmalloc here is small (< 16 bytes) and occurs during initialization
> > > during system startup here (can not be built as module) thus if this
> > > kmalloc failed it is an indication of something more serious going on
> > > and it is fine to hang the system here rather than cause some harder
> > > to understand error by dereferencing NULL.
> > > 
> > > Explicitly checking would not make that much sense here as the only
> > > possible reaction would be would BUG() here anyway.
> > > 
> > > Signed-off-by: Nicholas Mc Guire <hofrat@...dl.org>
> > > Fixes: 0ee52b157b8e ("clk: zynq: Add clock controller driver")
> > > Acked-by: Michal Simek <michal.simek@...inx.com>
> > > ---
> > 
> > Nak. We don't have any __GFP_NOFAIL in drivers/clk and I don't see a
> > reason why we would want it here either. Just handle the failure, or
> > don't care if this is so critical to system boot.
> >
> It was not motivated by the criticality but by the low probability
> and cluttering the code for this case did not seem good to me.
> Effectively handling it here means BUG() - so more or less
> the same result that hanging it on __GFP_NOFAIL if allocation
> was not possible would cause.
> 
> Not clear what the objection to __GFP_NOFAIL here is - my understanding
> was that it is intended precisely for cases like this - but
> I´ll send a V2 handling it with BUG_ON(!clk_name) if that is prefered.
> 

Or just WARN() and return. Maybe something else can get far enough to be
helpful.

I would also appreciate if this sort of problem could be caught earlier
in code review and/or with some automated scripting. Debating BUG_ON()
and allocation failures is not what I look forward to doing so please
try to make this exact sort of patch never make it to the list in the
first place.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ