lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Jan 2021 15:17:24 +0000
From:   Vincent Donnefort <vincent.donnefort@....com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     tglx@...utronix.de, linux-kernel@...r.kernel.org,
        valentin.schneider@....com
Subject: Re: [PATCH 2/4] cpu/hotplug: CPUHP_BRINGUP_CPU exception in fail
 injection

On Wed, Jan 20, 2021 at 01:58:35PM +0100, Peter Zijlstra wrote:
> On Mon, Jan 11, 2021 at 05:10:45PM +0000, vincent.donnefort@....com wrote:
> > From: Vincent Donnefort <vincent.donnefort@....com>
> > 
> > The atomic states (between CPUHP_AP_IDLE_DEAD and CPUHP_AP_ONLINE) are
> > triggered by the CPUHP_BRINGUP_CPU step. If the latter doesn't run, none
> > of the atomic can. Hence, rollback is not possible after a hotunplug
> > CPUHP_BRINGUP_CPU step failure and the "fail" interface shouldn't allow
> > it. Moreover, the current CPUHP_BRINGUP_CPU teardown callback
> > (finish_cpu()) cannot fail anyway.
> > 
> > Signed-off-by: Vincent Donnefort <vincent.donnefort@....com>
> > ---
> >  kernel/cpu.c | 9 +++++++--
> >  1 file changed, 7 insertions(+), 2 deletions(-)
> > 
> > diff --git a/kernel/cpu.c b/kernel/cpu.c
> > index 9121edf..bcd7b2a 100644
> > --- a/kernel/cpu.c
> > +++ b/kernel/cpu.c
> > @@ -2216,9 +2216,14 @@ static ssize_t write_cpuhp_fail(struct device *dev,
> >  		return -EINVAL;
> >  
> >  	/*
> > -	 * Cannot fail STARTING/DYING callbacks.
> > +	 * Cannot fail STARTING/DYING callbacks. Also, those callbacks are
> > +	 * triggered by BRINGUP_CPU bringup callback. Therefore, the latter
> > +	 * can't fail during hotunplug, as it would mean we have no way of
> > +	 * rolling back the atomic states that have been previously teared
> > +	 * down.
> >  	 */
> > -	if (cpuhp_is_atomic_state(fail))
> > +	if (cpuhp_is_atomic_state(fail) ||
> > +	    (fail == CPUHP_BRINGUP_CPU && st->state > CPUHP_BRINGUP_CPU))
> >  		return -EINVAL;
> 
> Should we instead disallow failing any state that has .cant_stop ?

We would reduce the scope of what can be tested: bringup_cpu() and
takedown_cpu() are both marked as "cant_stop". Still, those callbacks are
allowed to fail.

Checking for cant_stop, made me also see that write_cpuhp_target() is probably
missing a check for cpuhp_is_atomic_state(). For the same reason as this patch,
when doing cpu_down(), we can't stop in one of these states.

-- 
Vincent

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ