| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d5e4ff5b-d33a-e641-8159-d4f83bc28d0b@c-s.fr>
Date: Thu, 31 Jan 2019 08:07:29 +0100
From: Christophe Leroy <christophe.leroy@....fr>
To: Mike Rapoport <rppt@...ux.ibm.com>
Cc: linux-mm@...ck.org, Rich Felker <dalias@...c.org>,
linux-ia64@...r.kernel.org, devicetree@...r.kernel.org,
Catalin Marinas <catalin.marinas@....com>,
Heiko Carstens <heiko.carstens@...ibm.com>, x86@...nel.org,
linux-mips@...r.kernel.org, Max Filippov <jcmvbkbc@...il.com>,
Guo Ren <guoren@...nel.org>, sparclinux@...r.kernel.org,
Christoph Hellwig <hch@....de>, linux-s390@...r.kernel.org,
linux-c6x-dev@...ux-c6x.org,
Yoshinori Sato <ysato@...rs.sourceforge.jp>,
Richard Weinberger <richard@....at>, linux-sh@...r.kernel.org,
Russell King <linux@...linux.org.uk>,
kasan-dev@...glegroups.com,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Mark Salter <msalter@...hat.com>,
Dennis Zhou <dennis@...nel.org>,
Matt Turner <mattst88@...il.com>,
linux-snps-arc@...ts.infradead.org,
uclinux-h8-devel@...ts.sourceforge.jp,
Petr Mladek <pmladek@...e.com>, linux-xtensa@...ux-xtensa.org,
linux-alpha@...r.kernel.org, linux-um@...ts.infradead.org,
linux-m68k@...ts.linux-m68k.org, Rob Herring <robh+dt@...nel.org>,
Greentime Hu <green.hu@...il.com>,
xen-devel@...ts.xenproject.org, Stafford Horne <shorne@...il.com>,
Guan Xuetao <gxt@....edu.cn>,
linux-arm-kernel@...ts.infradead.org,
Michal Simek <monstr@...str.eu>,
Tony Luck <tony.luck@...el.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
Paul Burton <paul.burton@...s.com>,
Vineet Gupta <vgupta@...opsys.com>,
Andrew Morton <akpm@...ux-foundation.org>,
linuxppc-dev@...ts.ozlabs.org,
"David S. Miller" <davem@...emloft.net>,
openrisc@...ts.librecores.org,
Stephen Rothwell <sfr@...b.auug.org.au>
Subject: Re: [PATCH v2 19/21] treewide: add checks for the return value of
memblock_alloc*()
Le 31/01/2019 à 07:44, Christophe Leroy a écrit :
>
>
> Le 31/01/2019 à 07:41, Mike Rapoport a écrit :
>> On Thu, Jan 31, 2019 at 07:07:46AM +0100, Christophe Leroy wrote:
>>>
>>>
>>> Le 21/01/2019 à 09:04, Mike Rapoport a écrit :
>>>> Add check for the return value of memblock_alloc*() functions and call
>>>> panic() in case of error.
>>>> The panic message repeats the one used by panicing memblock
>>>> allocators with
>>>> adjustment of parameters to include only relevant ones.
>>>>
>>>> The replacement was mostly automated with semantic patches like the one
>>>> below with manual massaging of format strings.
>>>>
>>>> @@
>>>> expression ptr, size, align;
>>>> @@
>>>> ptr = memblock_alloc(size, align);
>>>> + if (!ptr)
>>>> + panic("%s: Failed to allocate %lu bytes align=0x%lx\n", __func__,
>>>> size, align);
>>>>
>>>> Signed-off-by: Mike Rapoport <rppt@...ux.ibm.com>
>>>> Reviewed-by: Guo Ren <ren_guo@...ky.com> # c-sky
>>>> Acked-by: Paul Burton <paul.burton@...s.com> # MIPS
>>>> Acked-by: Heiko Carstens <heiko.carstens@...ibm.com> # s390
>>>> Reviewed-by: Juergen Gross <jgross@...e.com> # Xen
>>>> ---
>>>
>>> [...]
>>>
>>>> diff --git a/mm/sparse.c b/mm/sparse.c
>>>> index 7ea5dc6..ad94242 100644
>>>> --- a/mm/sparse.c
>>>> +++ b/mm/sparse.c
>>>
>>> [...]
>>>
>>>> @@ -425,6 +436,10 @@ static void __init sparse_buffer_init(unsigned
>>>> long size, int nid)
>>>> memblock_alloc_try_nid_raw(size, PAGE_SIZE,
>>>> __pa(MAX_DMA_ADDRESS),
>>>> MEMBLOCK_ALLOC_ACCESSIBLE, nid);
>>>> + if (!sparsemap_buf)
>>>> + panic("%s: Failed to allocate %lu bytes align=0x%lx nid=%d
>>>> from=%lx\n",
>>>> + __func__, size, PAGE_SIZE, nid, __pa(MAX_DMA_ADDRESS));
>>>> +
>>>
>>> memblock_alloc_try_nid_raw() does not panic (help explicitly says:
>>> Does not
>>> zero allocated memory, does not panic if request cannot be satisfied.).
>>
>> "Does not panic" does not mean it always succeeds.
>
> I agree, but at least here you are changing the behaviour by making it
> panic explicitly. Are we sure there are not cases where the system could
> just continue functionning ? Maybe a WARN_ON() would be enough there ?
Looking more in details, it looks like everything is done to live with
sparsemap_buf NULL, all functions using it check it so having it NULL
shouldn't imply a panic I believe, see code below.
static void *sparsemap_buf __meminitdata;
static void *sparsemap_buf_end __meminitdata;
static void __init sparse_buffer_init(unsigned long size, int nid)
{
WARN_ON(sparsemap_buf); /* forgot to call sparse_buffer_fini()? */
sparsemap_buf =
memblock_alloc_try_nid_raw(size, PAGE_SIZE,
__pa(MAX_DMA_ADDRESS),
MEMBLOCK_ALLOC_ACCESSIBLE, nid);
sparsemap_buf_end = sparsemap_buf + size;
}
static void __init sparse_buffer_fini(void)
{
unsigned long size = sparsemap_buf_end - sparsemap_buf;
if (sparsemap_buf && size > 0)
memblock_free_early(__pa(sparsemap_buf), size);
sparsemap_buf = NULL;
}
void * __meminit sparse_buffer_alloc(unsigned long size)
{
void *ptr = NULL;
if (sparsemap_buf) {
ptr = PTR_ALIGN(sparsemap_buf, size);
if (ptr + size > sparsemap_buf_end)
ptr = NULL;
else
sparsemap_buf = ptr + size;
}
return ptr;
}
Christophe
Powered by blists - more mailing lists