| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Sep 2019 13:46:51 +0800
From: Yunsheng Lin <linyunsheng@...wei.com>
To: Peter Zijlstra <peterz@...radead.org>
CC: <dalias@...c.org>, <linux-sh@...r.kernel.org>,
<catalin.marinas@....com>, <dave.hansen@...ux.intel.com>,
<heiko.carstens@...ibm.com>, <linuxarm@...wei.com>,
<jiaxun.yang@...goat.com>, <linux-mips@...r.kernel.org>,
<mwb@...ux.vnet.ibm.com>, <paulus@...ba.org>, <hpa@...or.com>,
<sparclinux@...r.kernel.org>, <chenhc@...ote.com>,
<will@...nel.org>, <cai@....pw>, <linux-s390@...r.kernel.org>,
<ysato@...rs.sourceforge.jp>, <mpe@...erman.id.au>,
<x86@...nel.org>, <rppt@...ux.ibm.com>, <borntraeger@...ibm.com>,
<dledford@...hat.com>, <mingo@...hat.com>,
<jeffrey.t.kirsher@...el.com>, <benh@...nel.crashing.org>,
<jhogan@...nel.org>, <nfont@...ux.vnet.ibm.com>,
<mattst88@...il.com>, <len.brown@...el.com>, <gor@...ux.ibm.com>,
<anshuman.khandual@....com>, <bp@...en8.de>, <luto@...nel.org>,
<tglx@...utronix.de>, <naveen.n.rao@...ux.vnet.ibm.com>,
<linux-arm-kernel@...ts.infradead.org>, <rth@...ddle.net>,
<axboe@...nel.dk>, <linuxppc-dev@...ts.ozlabs.org>,
<linux-kernel@...r.kernel.org>, <ralf@...ux-mips.org>,
<tbogendoerfer@...e.de>, <paul.burton@...s.com>,
<linux-alpha@...r.kernel.org>, <ink@...assic.park.msu.ru>,
<akpm@...ux-foundation.org>, <robin.murphy@....com>,
<davem@...emloft.net>
Subject: Re: [PATCH v2 2/9] x86: numa: check the node id consistently for x86
On 2019/9/1 0:12, Peter Zijlstra wrote:
> On Sat, Aug 31, 2019 at 06:09:39PM +0800, Yunsheng Lin wrote:
>>
>>
>> On 2019/8/31 16:55, Peter Zijlstra wrote:
>>> On Sat, Aug 31, 2019 at 01:58:16PM +0800, Yunsheng Lin wrote:
>>>> According to Section 6.2.14 from ACPI spec 6.3 [1], the setting
>>>> of proximity domain is optional, as below:
>>>>
>>>> This optional object is used to describe proximity domain
>>>> associations within a machine. _PXM evaluates to an integer
>>>> that identifies a device as belonging to a Proximity Domain
>>>> defined in the System Resource Affinity Table (SRAT).
>>>
>>> That's just words.. what does it actually mean?
>>
>> It means the dev_to_node(dev) may return -1 if the bios does not
>> implement the proximity domain feature, user may use that value
>> to call cpumask_of_node and cpumask_of_node does not protect itself
>> from node id being -1, which causes out of bound access.
>
>>>> @@ -69,6 +69,12 @@ extern const struct cpumask *cpumask_of_node(int node);
>>>> /* Returns a pointer to the cpumask of CPUs on Node 'node'. */
>>>> static inline const struct cpumask *cpumask_of_node(int node)
>>>> {
>>>> + if (node >= nr_node_ids)
>>>> + return cpu_none_mask;
>>>> +
>>>> + if (node < 0 || !node_to_cpumask_map[node])
>>>> + return cpu_online_mask;
>>>> +
>>>> return node_to_cpumask_map[node];
>>>> }
>>>> #endif
>>>
>>> I _reallly_ hate this. Users are expected to use valid numa ids. Now
>>> we're adding all this checking to all users. Why do we want to do that?
>>
>> As above, the dev_to_node(dev) may return -1.
>>
>>>
>>> Using '(unsigned)node >= nr_nods_ids' is an error.
>>
>> 'node >= nr_node_ids' can be dropped if all user is expected to not call
>> cpumask_of_node with node id greater or equal to nr_nods_ids.
>
> you copied my typo :-)
I did note the typo, corrected the first one, but missed the second one :)
>
>> From what I can see, the problem can be fixed in three place:
>> 1. Make user dev_to_node return a valid node id even when proximity
>> domain is not set by bios(or node id set by buggy bios is not valid),
>> which may need info from the numa system to make sure it will return
>> a valid node.
>>
>> 2. User that call cpumask_of_node should ensure the node id is valid
>> before calling cpumask_of_node, and user also need some info to
>> make ensure node id is valid.
>>
>> 3. Make sure cpumask_of_node deal with invalid node id as this patchset.
>>
>> Which one do you prefer to make sure node id is valid, or do you
>> have any better idea?
>>
>> Any detail advice and suggestion will be very helpful, thanks.
>
> 1) because even it is not set, the device really does belong to a node.
> It is impossible a device will have magic uniform access to memory when
> CPUs cannot.
So it means dev_to_node() will return either NUMA_NO_NODE or a
valid node id?
>
> 2) is already true today, cpumask_of_node() requires a valid node_id.
Ok, most of the user does check node_id before calling
cpumask_of_node(), but does a little different type of checking:
1) some does " < 0" check;
2) some does "== NUMA_NO_NODE" check;
3) some does ">= MAX_NUMNODES" check;
4) some does "< 0 || >= MAX_NUMNODES || !node_online(node)" check.
>
> 3) is just wrong and increases overhead for everyone.
Ok, cpumask_of_node() is also used in some critical path such
as scheduling, which may not need those checking, the overhead
is unnecessary.
But for non-critical path such as setup or configuration path,
it better to have consistent checking, and also simplify the
user code that calls cpumask_of_node().
Do you think it is worth the trouble to add a new function
such as cpumask_of_node_check(maybe some other name) to do
consistent checking?
Or caller just simply check if dev_to_node()'s return value is
NUMA_NO_NODE before calling cpumask_of_node()?
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
> .
>
Powered by blists - more mailing lists