lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 16 Dec 2020 18:36:37 +0530
From:   Vijayanand Jitta <vjitta@...eaurora.org>
To:     Alexander Potapenko <glider@...gle.com>,
        Minchan Kim <minchan@...nel.org>
Cc:     Minchan Kim <minchan@...nel.org>,
        Vincenzo Frascino <vincenzo.frascino@....com>,
        dan.j.williams@...el.com, broonie@...nel.org,
        Masami Hiramatsu <mhiramat@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andrey Konovalov <andreyknvl@...gle.com>, qcai@...hat.com,
        ylal@...eaurora.org, vinmenon@...eaurora.org
Subject: Re: [PATCH v3] lib: stackdepot: Add support to configure
 STACK_HASH_SIZE



On 12/16/2020 1:56 PM, Alexander Potapenko wrote:
> On Wed, Dec 16, 2020 at 4:43 AM Vijayanand Jitta <vjitta@...eaurora.org> wrote:
>>
>>
>>
>> On 12/14/2020 4:02 PM, Vijayanand Jitta wrote:
>>>
>>>
>>> On 12/14/2020 3:04 PM, Alexander Potapenko wrote:
>>>> On Mon, Dec 14, 2020 at 5:02 AM Vijayanand Jitta <vjitta@...eaurora.org> wrote:
>>>>>
>>>>>
>>>>>
>>>>> On 12/11/2020 6:55 PM, Alexander Potapenko wrote:
>>>>>> On Fri, Dec 11, 2020 at 1:45 PM Vijayanand Jitta <vjitta@...eaurora.org> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 12/11/2020 2:06 PM, Alexander Potapenko wrote:
>>>>>>>> On Thu, Dec 10, 2020 at 6:01 AM <vjitta@...eaurora.org> wrote:
>>>>>>>>>
>>>>>>>>> From: Yogesh Lal <ylal@...eaurora.org>
>>>>>>>>>
>>>>>>>>> Add a kernel parameter stack_hash_order to configure STACK_HASH_SIZE.
>>>>>>>>>
>>>>>>>>> Aim is to have configurable value for STACK_HASH_SIZE, so that one
>>>>>>>>> can configure it depending on usecase there by reducing the static
>>>>>>>>> memory overhead.
>>>>>>>>>
>>>>>>>>> One example is of Page Owner, default value of STACK_HASH_SIZE lead
>>>>>>>>> stack depot to consume 8MB of static memory. Making it configurable
>>>>>>>>> and use lower value helps to enable features like CONFIG_PAGE_OWNER
>>>>>>>>> without any significant overhead.
>>>>>>>>
>>>>>>>> Can we go with a static CONFIG_ parameter instead?
>>>>>>>> Guess most users won't bother changing the default anyway, and for
>>>>>>>> CONFIG_PAGE_OWNER users changing the size at boot time is not strictly
>>>>>>>> needed.
>>>>>>>>
>>>>>>> Thanks for review.
>>>>>>>
>>>>>>> One advantage of having run time parameter is we can simply set it to a
>>>>>>> lower value at runtime if page_owner=off thereby reducing the memory
>>>>>>> usage or use default value if we want to use page owner so, we have some
>>>>>>> some flexibility here. This is not possible with static parameter as we
>>>>>>> have to have some predefined value.
>>>>>>
>>>>>> If we are talking about a configuration in which page_owner is the
>>>>>> only stackdepot user in the system, then for page_owner=off it
>>>>>> probably makes more sense to disable stackdepot completely instead of
>>>>>> setting it to a lower value. This is a lot easier to do in terms of
>>>>>> correctness.
>>>>>> But if there are other users (e.g. KASAN), their stackdepot usage may
>>>>>> actually dominate that of page_owner.
>>>>>>
>>>>>>>>> -static struct stack_record *stack_table[STACK_HASH_SIZE] = {
>>>>>>>>> -       [0 ...  STACK_HASH_SIZE - 1] = NULL
>>>>>>>>> +static unsigned int stack_hash_order = 20;
>>>>>>>>
>>>>>>>> Please initialize with MAX_STACK_HASH_ORDER instead.
>>>>>>>>
>>>>>>>
>>>>>>> Sure, will update this.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>>>> +
>>>>>>>>> +static int __init init_stackdepot(void)
>>>>>>>>> +{
>>>>>>>>> +       size_t size = (STACK_HASH_SIZE * sizeof(struct stack_record *));
>>>>>>>>> +
>>>>>>>>> +       stack_table = vmalloc(size);
>>>>>>>>> +       memcpy(stack_table, stack_table_def, size);
>>>>>>>>
>>>>>>>> Looks like you are assuming stack_table_def already contains some data
>>>>>>>> by this point.
>>>>>>>> But if STACK_HASH_SIZE shrinks this memcpy() above will just copy some
>>>>>>>> part of the table, whereas the rest will be lost.
>>>>>>>> We'll need to:
>>>>>>>> - either explicitly decide we can afford losing this data (no idea how
>>>>>>>> bad this can potentially be),
>>>>>>>> - or disallow storing anything prior to full stackdepot initialization
>>>>>>>> (then we don't need stack_table_def),
>>>>>>>> - or carefully move all entries to the first part of the table.
>>>>>>>>
>>>>>>>> Alex
>>>>>>>>
>>>>>>>
>>>>>>> The hash for stack_table_def is computed using the run time parameter
>>>>>>> stack_hash_order, though stack_table_def is a bigger array it will only
>>>>>>> use the entries that are with in the run time configured STACK_HASH_SIZE
>>>>>>> range. so, there will be no data loss during copy.
>>>>>>
>>>>>> Do we expect any data to be stored into stack_table_def before
>>>>>> setup_stack_hash_order() is called?
>>>>>> If the answer is no, then we could probably drop stack_table_def and
>>>>>> allocate the table right in setup_stack_hash_order()?
>>>>>>
>>>>>
>>>>> Yes, we do see an allocation from stack depot even before init is called
>>>>> from kasan, thats the reason for having stack_table_def.
>>>>> This is the issue reported due to that on v2, so i added stack_table_def.
>>>>> https://lkml.org/lkml/2020/12/3/839
>>>>
>>>> But at that point STACK_HASH_SIZE is still equal to 1L <<
>>>> MAX_STACK_HASH_ORDER, isn't it?
>>>> Then we still need to take care of the records that fit into the
>>>> bigger array, but not the smaller one.
>>>>
>>>
>>> At this point early_param is already called which sets stack_hash_order.
>>> So, STACK_HASH_SIZE will be set to this updated value and not
>>> MAX_STACK_HASH_SIZE.So, no additional entires in the bigger array.
>>>
>>> Thanks,
>>> Vijay
>>>
>>
>> Let me know if there are any other concerns.
> 
> I still think there are implicit assumptions that should at least be
> written down in the comments.

Sure, will add the comments.

> As far as I understand the code, here is what happens here:
> 
> 0. No stacks are recorded.
> 1. early_param is called to set stack_hash_order to a value
> potentially smaller than MAX_STACK_HASH_SIZE.
> 2. KASAN (or other users) records some stacks into stack_table_def
> (capped at new STACK_HASH_SIZE)
> 3. init_stackdepot() allocates a new stack_table and copies the
> contents of stack_table_def into it
> 4. Further stacks are recorded into the new stack_table
> 
> If this is how the things work, I agree we don't need to account for
> the part of stack_table_def past STACK_HASH_SIZE.
> Not allocating stack_table when setting stack_hash_order is probably
> also justified, as we don't have SLAB or vmalloc at that point.
> 

That's Right.

> But I am still curious if a runtime parameter that disables the
> stackdepot completely will solve your problem.
> Allocating a small amount of memory when you actually don't want to
> allocate any sounds suboptimal.
> 

I think disabling stack depot completely should be fine, we can make
STACK_HASH_SIZE as runtime parameter instead of stack_hash_order and set
stack_hash_size to 0 to disable stack depot completely.

Minchan,
This should be fine right ? Do you see any issue with disabling
stack depot completely ?

Thanks,
Vijay

>> Thanks,
>> Vijay
>>
>>>>> Thanks,
>>>>> Vijay
>>>>>
>>>>>>> Thanks,
>>>>>>> Vijay
>>>>>>>
>>>>>>> --
>>>>>>> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
>>>>>>> member of Code Aurora Forum, hosted by The Linux Foundation
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
>>>>> member of Code Aurora Forum, hosted by The Linux Foundation
>>>>
>>>>
>>>>
>>>
>>
>> --
>> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
>> member of Code Aurora Forum, hosted by The Linux Foundation
> 
> 
> 

-- 
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
member of Code Aurora Forum, hosted by The Linux Foundation

Powered by blists - more mailing lists