lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 22 Aug 2022 13:32:32 +0100
From:   Robin Murphy <robin.murphy@....com>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     Yu Zhao <yuzhao@...gle.com>, dongli.zhang@...cle.com,
        ak@...ux.intel.com, akpm@...ux-foundation.org,
        alexander.sverdlin@...ia.com, andi.kleen@...el.com, bp@...en8.de,
        bp@...e.de, cminyard@...sta.com, corbet@....net,
        damien.lemoal@...nsource.wdc.com, dave.hansen@...ux.intel.com,
        iommu@...ts.linux-foundation.org, joe.jin@...cle.com,
        joe@...ches.com, keescook@...omium.org, kirill.shutemov@...el.com,
        kys@...rosoft.com, linux-doc@...r.kernel.org,
        linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mips@...r.kernel.org, ltykernel@...il.com,
        michael.h.kelley@...rosoft.com, mingo@...hat.com,
        m.szyprowski@...sung.com, parri.andrea@...il.com,
        paulmck@...nel.org, pmladek@...e.com, rdunlap@...radead.org,
        tglx@...utronix.de, thomas.lendacky@....com,
        Tianyu.Lan@...rosoft.com, tsbogend@...ha.franken.de,
        vkuznets@...hat.com, wei.liu@...nel.org, x86@...nel.org
Subject: Re: [PATCH v1 4/4] swiotlb: panic if nslabs is too small

On 2022-08-22 12:26, Christoph Hellwig wrote:
> On Mon, Aug 22, 2022 at 10:49:09AM +0100, Robin Murphy wrote:
>> Hmm, it's possible this might be quietly fixed by 20347fca71a3, but either
>> way I'm not sure why we would need to panic *before* we've even tried to
>> allocate anything, when we could simply return with no harm done? If we've
>> ended up calculating (or being told) a buffer size which is too small to be
>> usable, that should be no different to disabling SWIOTLB entirely.
> 
> Hmm.  I think this might be a philosophical question, but I think
> failing the boot with a clear error report for a configuration that is
> supposed to work but can't is way better than just panicing later on.

Depends which context of "supposed to work" you mean there. The most 
logical reason to end up with a tiny SWIOTLB size is because you don't 
expect to need SWIOTLB, therefore if there's now a functional minimum 
size limit, failing gracefully such that the system keeps working as 
before is correct in that context. Even if we assume the expectation 
goes the other way, then it should be on SWIOTLB to adjust the initial 
allocation size to whatever minimum it now needs, which as I say it 
looks like 20347fca71a3 might do anyway. Creating new breakage by 
panicking instead of making a decision one way or the other was never 
the right answer.

>> Historically, passing "swiotlb=1" on the command line has been used to save
>> memory when the user knows SWIOTLB isn't needed. That should definitely not
>> be allowed to start panicking.
> 
> I've never seen swiotlb=1 advertized as a way to disable swiotlb.
> That's always been swiotlb=noforce, which cleanly disables it.

No, it's probably not been advertised as such, but it's what clearly 
fell out of the available options before "noforce" was added (which was 
considerably more recently than "always"), and the fact is that people 
*are* still using it even today (presumably copy-pasted through Android 
BSPs since before 4.10).

Thanks,
Robin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ