| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Jan 2019 09:14:59 +0200
From: Mike Rapoport <rppt@...ux.ibm.com>
To: Christophe Leroy <christophe.leroy@....fr>
Cc: linux-mm@...ck.org, Rich Felker <dalias@...c.org>,
linux-ia64@...r.kernel.org, devicetree@...r.kernel.org,
Catalin Marinas <catalin.marinas@....com>,
Heiko Carstens <heiko.carstens@...ibm.com>, x86@...nel.org,
linux-mips@...r.kernel.org, Max Filippov <jcmvbkbc@...il.com>,
Guo Ren <guoren@...nel.org>, sparclinux@...r.kernel.org,
Christoph Hellwig <hch@....de>, linux-s390@...r.kernel.org,
linux-c6x-dev@...ux-c6x.org,
Yoshinori Sato <ysato@...rs.sourceforge.jp>,
Richard Weinberger <richard@....at>, linux-sh@...r.kernel.org,
Russell King <linux@...linux.org.uk>,
kasan-dev@...glegroups.com,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Mark Salter <msalter@...hat.com>,
Dennis Zhou <dennis@...nel.org>,
Matt Turner <mattst88@...il.com>,
linux-snps-arc@...ts.infradead.org,
uclinux-h8-devel@...ts.sourceforge.jp,
Petr Mladek <pmladek@...e.com>, linux-xtensa@...ux-xtensa.org,
linux-alpha@...r.kernel.org, linux-um@...ts.infradead.org,
linux-m68k@...ts.linux-m68k.org, Rob Herring <robh+dt@...nel.org>,
Greentime Hu <green.hu@...il.com>,
xen-devel@...ts.xenproject.org, Stafford Horne <shorne@...il.com>,
Guan Xuetao <gxt@....edu.cn>,
linux-arm-kernel@...ts.infradead.org,
Michal Simek <monstr@...str.eu>,
Tony Luck <tony.luck@...el.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
Paul Burton <paul.burton@...s.com>,
Vineet Gupta <vgupta@...opsys.com>,
Andrew Morton <akpm@...ux-foundation.org>,
linuxppc-dev@...ts.ozlabs.org,
"David S. Miller" <davem@...emloft.net>,
openrisc@...ts.librecores.org,
Stephen Rothwell <sfr@...b.auug.org.au>
Subject: Re: [PATCH v2 19/21] treewide: add checks for the return value of
memblock_alloc*()
On Thu, Jan 31, 2019 at 08:07:29AM +0100, Christophe Leroy wrote:
>
>
> Le 31/01/2019 à 07:44, Christophe Leroy a écrit :
> >
> >
> >Le 31/01/2019 à 07:41, Mike Rapoport a écrit :
> >>On Thu, Jan 31, 2019 at 07:07:46AM +0100, Christophe Leroy wrote:
> >>>
> >>>
> >>>Le 21/01/2019 à 09:04, Mike Rapoport a écrit :
> >>>>Add check for the return value of memblock_alloc*() functions and call
> >>>>panic() in case of error.
> >>>>The panic message repeats the one used by panicing memblock
> >>>>allocators with
> >>>>adjustment of parameters to include only relevant ones.
> >>>>
> >>>>The replacement was mostly automated with semantic patches like the one
> >>>>below with manual massaging of format strings.
> >>>>
> >>>>@@
> >>>>expression ptr, size, align;
> >>>>@@
> >>>>ptr = memblock_alloc(size, align);
> >>>>+ if (!ptr)
> >>>>+ panic("%s: Failed to allocate %lu bytes align=0x%lx\n", __func__,
> >>>>size, align);
> >>>>
> >>>>Signed-off-by: Mike Rapoport <rppt@...ux.ibm.com>
> >>>>Reviewed-by: Guo Ren <ren_guo@...ky.com> # c-sky
> >>>>Acked-by: Paul Burton <paul.burton@...s.com> # MIPS
> >>>>Acked-by: Heiko Carstens <heiko.carstens@...ibm.com> # s390
> >>>>Reviewed-by: Juergen Gross <jgross@...e.com> # Xen
> >>>>---
> >>>
> >>>[...]
> >>>
> >>>>diff --git a/mm/sparse.c b/mm/sparse.c
> >>>>index 7ea5dc6..ad94242 100644
> >>>>--- a/mm/sparse.c
> >>>>+++ b/mm/sparse.c
> >>>
> >>>[...]
> >>>
> >>>>@@ -425,6 +436,10 @@ static void __init sparse_buffer_init(unsigned
> >>>>long size, int nid)
> >>>> memblock_alloc_try_nid_raw(size, PAGE_SIZE,
> >>>> __pa(MAX_DMA_ADDRESS),
> >>>> MEMBLOCK_ALLOC_ACCESSIBLE, nid);
> >>>>+ if (!sparsemap_buf)
> >>>>+ panic("%s: Failed to allocate %lu bytes align=0x%lx nid=%d
> >>>>from=%lx\n",
> >>>>+ __func__, size, PAGE_SIZE, nid, __pa(MAX_DMA_ADDRESS));
> >>>>+
> >>>
> >>>memblock_alloc_try_nid_raw() does not panic (help explicitly says:
> >>>Does not
> >>>zero allocated memory, does not panic if request cannot be satisfied.).
> >>
> >>"Does not panic" does not mean it always succeeds.
> >
> >I agree, but at least here you are changing the behaviour by making it
> >panic explicitly. Are we sure there are not cases where the system could
> >just continue functionning ? Maybe a WARN_ON() would be enough there ?
>
> Looking more in details, it looks like everything is done to live with
> sparsemap_buf NULL, all functions using it check it so having it NULL
> shouldn't imply a panic I believe, see code below.
You are right, I'm preparing the fix right now.
> static void *sparsemap_buf __meminitdata;
> static void *sparsemap_buf_end __meminitdata;
>
> static void __init sparse_buffer_init(unsigned long size, int nid)
> {
> WARN_ON(sparsemap_buf); /* forgot to call sparse_buffer_fini()? */
> sparsemap_buf =
> memblock_alloc_try_nid_raw(size, PAGE_SIZE,
> __pa(MAX_DMA_ADDRESS),
> MEMBLOCK_ALLOC_ACCESSIBLE, nid);
> sparsemap_buf_end = sparsemap_buf + size;
> }
>
> static void __init sparse_buffer_fini(void)
> {
> unsigned long size = sparsemap_buf_end - sparsemap_buf;
>
> if (sparsemap_buf && size > 0)
> memblock_free_early(__pa(sparsemap_buf), size);
> sparsemap_buf = NULL;
> }
>
> void * __meminit sparse_buffer_alloc(unsigned long size)
> {
> void *ptr = NULL;
>
> if (sparsemap_buf) {
> ptr = PTR_ALIGN(sparsemap_buf, size);
> if (ptr + size > sparsemap_buf_end)
> ptr = NULL;
> else
> sparsemap_buf = ptr + size;
> }
> return ptr;
> }
>
>
> Christophe
>
--
Sincerely yours,
Mike.
Powered by blists - more mailing lists