| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFgQCTtaP24gXUs_dh4h8qCsA-TKHc5A-vs5oiezfwuR_qjQvA@mail.gmail.com>
Date: Fri, 19 Apr 2019 22:45:35 +0800
From: Pingfan Liu <kernelfans@...il.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: LKML <linux-kernel@...r.kernel.org>,
Russell King <linux@...linux.org.uk>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Tony Luck <tony.luck@...el.com>,
Fenghua Yu <fenghua.yu@...el.com>,
Ralf Baechle <ralf@...ux-mips.org>,
Paul Burton <paul.burton@...s.com>,
James Hogan <jhogan@...nel.org>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>,
Martin Schwidefsky <schwidefsky@...ibm.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Yoshinori Sato <ysato@...rs.sourceforge.jp>,
Rich Felker <dalias@...c.org>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Julien Thierry <julien.thierry@....com>,
Palmer Dabbelt <palmer@...ive.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Florian Fainelli <f.fainelli@...il.com>,
Logan Gunthorpe <logang@...tatee.com>,
Robin Murphy <robin.murphy@....com>,
Greg Hackmann <ghackmann@...roid.com>,
Stefan Agner <stefan@...er.ch>,
Johannes Weiner <hannes@...xchg.org>,
David Hildenbrand <david@...hat.com>,
Jens Axboe <axboe@...nel.dk>,
Thomas Bogendoerfer <tbogendoerfer@...e.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Hari Bathini <hbathini@...ux.ibm.com>,
Ananth N Mavinakayanahalli <ananth@...ux.vnet.ibm.com>,
Yangtao Li <tiny.windzz@...il.com>,
Dave Young <dyoung@...hat.com>, Baoquan He <bhe@...hat.com>,
x86@...nel.org, linux-arm-kernel@...ts.infradead.org,
linux-ia64@...r.kernel.org, linux-mips@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
linux-sh@...r.kernel.org
Subject: Re: [PATCH] kernel/crash: make parse_crashkernel()'s return value
more indicant
On Fri, Apr 19, 2019 at 4:19 PM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> On Fri, 19 Apr 2019, Pingfan Liu wrote:
>
> > At present, both return and crash_size should be checked to guarantee the
> > success of parse_crashkernel().
> > Simplify the way by returning negative if fail, positive if success. In
> > case of failure, -EINVAL for bad syntax, -1 for the parsing results in
> > crash_size=0.
>
> I'm not entirely sure what you are trying to say here, but '-1' is not an
> improvement at all. We surely are not short of proper error codes, right?
>
The different negative return values are only used by x86. The option
"crashkernel=X,high", which is only used on x86, causes parse_kernel()
to return -EINVAL, then let parse_crashkernel_high() have a try.
When parsing crashkernel=size@...set and crashkernel=range1:size1,
there are other cases of failure, which is not worth to call
parse_crashkernel_high() to have a try. That is "-1" aiming for.
First, in parse_crashkernel_mem(), if demanded size is bigger than
system ram, this one looks like -ENOMEM, but -ENOMEM normally is used
for allocation. Second, in parse_crashkernel_mem(), if system ram is
not inside the range listed by "crashkernel=". Third, crashkernel=0MB
is given in the option (not in practice, but can not forbid user to do
so).
All of these cases can be treated as -EINVAL, but hard to define the
error codes.
> Also I don't see any positive return value > 0. So what is this about:
>
Yes. 0 is enough for success. I had thought about returning 1 if
@offset is specified in crashkernel. But at present, no use case for
it.
> > --- a/arch/ia64/kernel/setup.c
> > +++ b/arch/ia64/kernel/setup.c
> > @@ -277,7 +277,7 @@ static void __init setup_crashkernel(unsigned long total, int *n)
> >
> > ret = parse_crashkernel(boot_command_line, total,
> > &size, &base);
> > - if (ret == 0 && size > 0) {
> > + if (ret >= 0) {
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^ ????
>
> > if (!memory_region_available(crash_base, crash_size)) {
> > diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
> > index 45a8d0b..0b626e2 100644
> > --- a/arch/powerpc/kernel/fadump.c
> > +++ b/arch/powerpc/kernel/fadump.c
> > @@ -376,7 +376,7 @@ static inline unsigned long fadump_calculate_reserve_size(void)
> > */
> > ret = parse_crashkernel(boot_command_line, memblock_phys_mem_size(),
> > &size, &base);
> > - if (ret == 0 && size > 0) {
> > + if (ret >= 0) {
>
> and this ?
>
> > unsigned long max_size;
> >
> > if (fw_dump.reserve_bootvar)
> > diff --git a/arch/powerpc/kernel/machine_kexec.c b/arch/powerpc/kernel/machine_kexec.c
> > index 63f5a93..9f3e61a 100644
> > --- a/arch/powerpc/kernel/machine_kexec.c
> > +++ b/arch/powerpc/kernel/machine_kexec.c
> > @@ -122,7 +122,7 @@ void __init reserve_crashkernel(void)
> > /* use common parsing */
> > ret = parse_crashkernel(boot_command_line, memblock_phys_mem_size(),
> > &crash_size, &crash_base);
> > - if (ret == 0 && crash_size > 0) {
> > + if (ret >= 0) {
>
> Again.
>
> > crashk_res.start = crash_base;
> > crashk_res.end = crash_base + crash_size - 1;
> > }
> > --- a/arch/sh/kernel/machine_kexec.c
> > +++ b/arch/sh/kernel/machine_kexec.c
> > @@ -157,7 +157,7 @@ void __init reserve_crashkernel(void)
> >
> > ret = parse_crashkernel(boot_command_line, memblock_phys_mem_size(),
> > &crash_size, &crash_base);
> > - if (ret == 0 && crash_size > 0) {
> > + if (ret >= 0) {
>
> And some more.
>
> > crashk_res.start = crash_base;
> > crashk_res.end = crash_base + crash_size - 1;
> > }
> > diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
> > index 3d872a5..62d07d4 100644
> > --- a/arch/x86/kernel/setup.c
> > +++ b/arch/x86/kernel/setup.c
> > @@ -526,11 +526,11 @@ static void __init reserve_crashkernel(void)
> >
> > /* crashkernel=XM */
> > ret = parse_crashkernel(boot_command_line, total_mem, &crash_size, &crash_base);
> > - if (ret != 0 || crash_size <= 0) {
> > + if (ret == -EINVAL) {
>
> Without an explanation why this proceedes on error codes other than EINVAL
> this is uncomprehensible. Comments exist for a reason.
>
As explained above, deciding whether to let parse_crashkernel_high() try.
> > /* crashkernel=X,high */
> > ret = parse_crashkernel_high(boot_command_line, total_mem,
> > &crash_size, &crash_base);
> > - if (ret != 0 || crash_size <= 0)
> > + if (ret < 0)
> > return;
> > high = true;
>
> > @@ -87,7 +87,7 @@ static int __init parse_crashkernel_mem(char *cmdline,
> > cur = tmp;
> > if (size >= system_ram) {
> > pr_warn("crashkernel: invalid size\n");
> > - return -EINVAL;
> > + return -1;
>
> Well, this is incomprehensible as well. The pr_warn() says invalid and then
> you change the error code to something magic.
>
As explained above, want to know whether worth to let
parse_crashkernel_high() try.
What about the following alternative method? Treating crash_size=0 as
-EINVAL. Then on x86, just call parse_crashkernel_high() blindly to
have a try. Thanks for your review.
Regards,
Pingfan
Powered by blists - more mailing lists