| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZQMpCDKsfElXIXI7@alley>
Date: Thu, 14 Sep 2023 17:38:48 +0200
From: Petr Mladek <pmladek@...e.com>
To: John Ogness <john.ogness@...utronix.de>
Cc: Sergey Senozhatsky <senozhatsky@...omium.org>,
Steven Rostedt <rostedt@...dmis.org>,
Thomas Gleixner <tglx@...utronix.de>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH printk v4 5/8] printk: nbcon: Add ownership state
functions
On Fri 2023-09-08 20:56:05, John Ogness wrote:
> From: Thomas Gleixner <tglx@...utronix.de>
>
> Provide functions that are related to the safe handover mechanism
> and allow console drivers to dynamically specify unsafe regions:
>
> - nbcon_context_can_proceed()
>
> Invoked by a console owner to check whether a handover request
> is pending or whether the console has been taken over by another
> context. If a handover request is pending, this function will
> also perform the handover, thus cancelling its own ownership.
>
> - nbcon_context_enter_unsafe()/nbcon_context_exit_unsafe()
>
> Invoked by a console owner to denote that the driver is about
> to enter or leave a critical region where a take over is unsafe.
> These functions are also cancellation points where loss of
> ownership can occur.
The last sentence is not completely clear to me. I would write:
The exit variant is the point where the current owner releases
the lock for a higher priority context which asked for
the friendly handover.
> The unsafe state is stored in the console state and allows a
> new context to make informed decisions whether to attempt a
> takeover of such a console. The unsafe state is also available
> to the driver so that it can make informed decisions about the
> required actions and possibly take a special emergency path.
>
> --- a/kernel/printk/nbcon.c
> +++ b/kernel/printk/nbcon.c
> @@ -492,6 +491,115 @@ static void nbcon_context_release(struct nbcon_context *ctxt)
> ctxt->pbufs = NULL;
> }
>
> +/**
> + * nbcon_context_can_proceed - Check whether ownership can proceed
> + * @ctxt: The nbcon context from nbcon_context_try_acquire()
> + * @cur: The current console state
> + *
> + * Return: True if this context still owns the console. False if
> + * ownership was handed over or taken.
> + *
> + * Must be invoked after the record was dumped into the assigned buffer
> + * and at appropriate safe places in the driver.
I think that is not longer called explicitly in nbcon_emit_next_record().
I would write something like:
* Must be invoked when entering the unsafe state to make sure that it still
* owns the lock. Also must be invoked when exiting the unsafe context
* to eventually free the lock for a higher priority context which asked
* for the friendly handover.
*
* It can be called inside an unsafe section when the console is just
* temporary in safe state instead of exiting and entering the unsafe
* state.
*
* Also it can be called in the safe context before doing an expensive
* safe operation. It does not make sense to do the operation when
* a higher priority context took the lock.
> + *
> + * When this function returns false then the calling context no longer owns
> + * the console and is no longer allowed to go forward. In this case it must
> + * back out immediately and carefully. The buffer content is also no longer
> + * trusted since it no longer belongs to the calling context.
> + */
> +static bool nbcon_context_can_proceed(struct nbcon_context *ctxt, struct nbcon_state *cur)
> +{
> + unsigned int cpu = smp_processor_id();
With the proposed changes:
Reviewed-by: Petr Mladek <pmladek@...e.com>
Best Regards,
Petr
Powered by blists - more mailing lists