lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Nov 2022 13:44:24 -0600
From:   Bjorn Helgaas <helgaas@...nel.org>
To:     ira.weiny@...el.com
Cc:     Dan Williams <dan.j.williams@...el.com>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        Gregory Price <gregory.price@...verge.com>,
        Jonathan Cameron <Jonathan.Cameron@...wei.com>,
        Alison Schofield <alison.schofield@...el.com>,
        Vishal Verma <vishal.l.verma@...el.com>,
        Ben Widawsky <bwidawsk@...nel.org>, linux-cxl@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org
Subject: Re: [PATCH] PCI/doe: Fix work struct declaration

Hi Ira,

Can you fix the subject to follow capitalization convention (use "git
log --oneline") and say something more specific than "fix struct"?

On Mon, Nov 14, 2022 at 05:19:43PM -0800, ira.weiny@...el.com wrote:
> From: Ira Weiny <ira.weiny@...el.com>
> 
> The callers of pci_doe_submit_task() allocate the pci_doe_task on the
> stack.  This causes the work structure to be allocated on the stack
> without pci_doe_submit_task() knowing.  Work item initialization needs
> to be done with either INIT_WORK_ONSTACK() or INIT_WORK() depending on
> how the work item is allocated.
> 
> Jonathan suggested creating doe task allocation macros such as
> DECLARE_CDAT_DOE_TASK_ONSTACK().[1]  The issue with this is the work
> function is not known to the callers and must be initialized correctly.
> 
> A follow up suggestion was to have an internal 'pci_doe_work' item
> allocated by pci_doe_submit_task().[2]  This requires an allocation which
> could restrict the context where tasks are used.
> 
> Compromise with an intermediate step to initialize the task struct with
> a new call pci_doe_init_task() which must be called prior to submit
> task.

I'm not really a fan of passing a parameter to say "this struct is on
the stack" because that seems kind of error-prone and I don't know
what the consequence of getting it wrong would be.  Sounds like it
*could* be some memory corruption or reading garbage data that would
be hard to debug.

Do we have cases today where pci_doe_submit_task() can't do the
kzalloc() as in your patch at [3]?  If the current use cases allow a
kzalloc(), why not do that now and defer this until it becomes an
issue?

Bjorn

> [1] https://lore.kernel.org/linux-cxl/20221014151045.24781-1-Jonathan.Cameron@huawei.com/T/#m88a7f50dcce52f30c8bf5c3dcc06fa9843b54a2d
> [2] https://lore.kernel.org/linux-cxl/20221014151045.24781-1-Jonathan.Cameron@huawei.com/T/#m63c636c5135f304480370924f4d03c00357be667

[3] https://lore.kernel.org/linux-cxl/Y2AnKB88ALYm9c5L@iweiny-desk3/

> Cc: Bjorn Helgaas <helgaas@...nel.org>
> Reported-by: Gregory Price <gregory.price@...verge.com>
> Reported-by: Jonathan Cameron <Jonathan.Cameron@...wei.com>
> Suggested-by: Dan Williams <dan.j.williams@...el.com>
> Signed-off-by: Ira Weiny <ira.weiny@...el.com>
> ---
>  drivers/cxl/core/pci.c  |  2 ++
>  drivers/pci/doe.c       | 14 ++++++++++++--
>  include/linux/pci-doe.h |  8 +++++---
>  3 files changed, 19 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/cxl/core/pci.c b/drivers/cxl/core/pci.c
> index 9240df53ed87..a19c1fa0e2f4 100644
> --- a/drivers/cxl/core/pci.c
> +++ b/drivers/cxl/core/pci.c
> @@ -525,6 +525,7 @@ static int cxl_cdat_get_length(struct device *dev,
>  	DECLARE_CDAT_DOE_TASK(CDAT_DOE_REQ(0), t);
>  	int rc;
>  
> +	pci_doe_init_task(cdat_doe, &t.task, true);
>  	rc = pci_doe_submit_task(cdat_doe, &t.task);
>  	if (rc < 0) {
>  		dev_err(dev, "DOE submit failed: %d", rc);
> @@ -554,6 +555,7 @@ static int cxl_cdat_read_table(struct device *dev,
>  		u32 *entry;
>  		int rc;
>  
> +		pci_doe_init_task(cdat_doe, &t.task, true);
>  		rc = pci_doe_submit_task(cdat_doe, &t.task);
>  		if (rc < 0) {
>  			dev_err(dev, "DOE submit failed: %d", rc);
> diff --git a/drivers/pci/doe.c b/drivers/pci/doe.c
> index e402f05068a5..cabeae4ae955 100644
> --- a/drivers/pci/doe.c
> +++ b/drivers/pci/doe.c
> @@ -319,6 +319,7 @@ static int pci_doe_discovery(struct pci_doe_mb *doe_mb, u8 *index, u16 *vid,
>  	};
>  	int rc;
>  
> +	pci_doe_init_task(doe_mb, &task, true);
>  	rc = pci_doe_submit_task(doe_mb, &task);
>  	if (rc < 0)
>  		return rc;
> @@ -495,6 +496,14 @@ bool pci_doe_supports_prot(struct pci_doe_mb *doe_mb, u16 vid, u8 type)
>  }
>  EXPORT_SYMBOL_GPL(pci_doe_supports_prot);
>  
> +void pci_doe_init_task(struct pci_doe_mb *doe_mb, struct pci_doe_task *task,
> +		       bool onstack)
> +{
> +	task->doe_mb = doe_mb;
> +	__INIT_WORK(&task->work, doe_statemachine_work, onstack);
> +}
> +EXPORT_SYMBOL_GPL(pci_doe_init_task);
> +
>  /**
>   * pci_doe_submit_task() - Submit a task to be processed by the state machine
>   *
> @@ -517,6 +526,9 @@ int pci_doe_submit_task(struct pci_doe_mb *doe_mb, struct pci_doe_task *task)
>  	if (!pci_doe_supports_prot(doe_mb, task->prot.vid, task->prot.type))
>  		return -EINVAL;
>  
> +	if (WARN_ON_ONCE(task->work.func != doe_statemachine_work))
> +		return -EINVAL;
> +
>  	/*
>  	 * DOE requests must be a whole number of DW and the response needs to
>  	 * be big enough for at least 1 DW
> @@ -528,8 +540,6 @@ int pci_doe_submit_task(struct pci_doe_mb *doe_mb, struct pci_doe_task *task)
>  	if (test_bit(PCI_DOE_FLAG_DEAD, &doe_mb->flags))
>  		return -EIO;
>  
> -	task->doe_mb = doe_mb;
> -	INIT_WORK(&task->work, doe_statemachine_work);
>  	queue_work(doe_mb->work_queue, &task->work);
>  	return 0;
>  }
> diff --git a/include/linux/pci-doe.h b/include/linux/pci-doe.h
> index ed9b4df792b8..457fc0e53d64 100644
> --- a/include/linux/pci-doe.h
> +++ b/include/linux/pci-doe.h
> @@ -31,8 +31,8 @@ struct pci_doe_mb;
>   * @rv: Return value.  Length of received response or error (bytes)
>   * @complete: Called when task is complete
>   * @private: Private data for the consumer
> - * @work: Used internally by the mailbox
> - * @doe_mb: Used internally by the mailbox
> + * @work: Used internally by the mailbox [see pci_doe_init_task()]
> + * @doe_mb: Used internally by the mailbox [see pci_doe_init_task()]
>   *
>   * The payload sizes and rv are specified in bytes with the following
>   * restrictions concerning the protocol.
> @@ -53,7 +53,7 @@ struct pci_doe_task {
>  	void (*complete)(struct pci_doe_task *task);
>  	void *private;
>  
> -	/* No need for the user to initialize these fields */
> +	/* Call pci_doe_init_task() for these */
>  	struct work_struct work;
>  	struct pci_doe_mb *doe_mb;
>  };
> @@ -72,6 +72,8 @@ struct pci_doe_task {
>  
>  struct pci_doe_mb *pcim_doe_create_mb(struct pci_dev *pdev, u16 cap_offset);
>  bool pci_doe_supports_prot(struct pci_doe_mb *doe_mb, u16 vid, u8 type);
> +void pci_doe_init_task(struct pci_doe_mb *doe_mb, struct pci_doe_task *task,
> +		       bool onstack);
>  int pci_doe_submit_task(struct pci_doe_mb *doe_mb, struct pci_doe_task *task);
>  
>  #endif
> 
> base-commit: 30a0b95b1335e12efef89dd78518ed3e4a71a763
> -- 
> 2.37.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ