lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wiAxtKyxs6BPEzirrXw1kXJ-7ZyGpgOrbzhmC=ud-6jBA@mail.gmail.com>
Date:   Mon, 6 Mar 2023 11:19:12 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Linux-Renesas <linux-renesas-soc@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: cpumask: re-introduce constant-sized cpumask optimizations

On Mon, Mar 6, 2023 at 3:20 AM Geert Uytterhoeven <geert@...ux-m68k.org> wrote:
>
> Your final commit 596ff4a09b898179 ("cpumask: re-introduce
> constant-sized cpumask optimizations") in v6.3-rc1 introduced a
> regression.  During Debian userspace startup, the kernel crashes with:

I'm pretty sure the attached patch should fix it. If you can confirm,
that would be lovely.

The only relevant part is actually just the oneliner to
drivers/char/random.c - the others are fixing the exact same problem
elsewhere, but that's not the case you're actually hitting.

> Presumably using small_cpumask_bits instead of nr_cpu_ids accesses
> some uninitialized array members?

No, it's actually the other way around - some drivers end up using
that "nr_cpumask_bits" in invalid ways, and the small_cpumask_bits
optimization then made that just _very_ obvious.

The bug was pre-existing, it's just that you couldn't trigger it before.

> A similar kernel on an arm64 system that does have 8 CPU cores works fine.
> On an arm64 system with 2 CPU cores, it crashes in a similar way.

Yeah, it's rather machine-specific, and that's why I never saw it in
my local testing either.

So on my machine I always either filled up the cpumask entirely
(because I did my testing on my beefy desktop), or NR_CPUS was so
large that the problem case never happened in the first place because
nr_cpumask_bits was the same as small_cpumask_bits.

I thought I had tested the interesting cases, but in this case, the
case that fails is actually the really trivial case. It's just that my
big machine would never trigger it, because it has so many cores.

               Linus

View attachment "patch.diff" of type "text/x-patch" (4183 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ