| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Apr 2024 15:16:24 +0100 From: Mark Rutland <mark.rutland@....com> To: Dawei Li <dawei.li@...ngroup.cn> Cc: will@...nel.org, yury.norov@...il.com, linux@...musvillemoes.dk, xueshuai@...ux.alibaba.com, renyu.zj@...ux.alibaba.com, yangyicong@...ilicon.com, jonathan.cameron@...wei.com, andersson@...nel.org, konrad.dybcio@...aro.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org Subject: Re: [PATCH v2 02/10] perf/alibaba_uncore_drw: Avoid placing cpumask var on stack On Wed, Apr 03, 2024 at 08:51:01PM +0800, Dawei Li wrote: > For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask > variable on stack is not recommended since it can cause potential stack > overflow. > > Instead, kernel code should always use *cpumask_var API(s) to allocate > cpumask var in config-neutral way, leaving allocation strategy to > CONFIG_CPUMASK_OFFSTACK. > > But dynamic allocation in cpuhp's teardown callback is somewhat problematic > for if allocation fails(which is unlikely but still possible): > - If -ENOMEM is returned to caller, kernel crashes for non-bringup > teardown; > - If callback pretends nothing happened and returns 0 to caller, it may > trap system into an in-consisitent/compromised state; > > Use newly-introduced cpumask_any_and_but() to address all issues above. > It eliminates usage of temporary cpumask var in generic way, no matter how > the cpumask var is allocated. > > Suggested-by: Mark Rutland <mark.rutland@....com> > Signed-off-by: Dawei Li <dawei.li@...ngroup.cn> I don't think we need to explain all the pitfalls of the approach we haven't taken. Could we please simplify this down to: Could we please get rid of the bit that says we should "always use the *cpumask_var API(s)", and simplify the commit message down to: | perf/alibaba_uncore_drw: Avoid placing cpumask on the stack | | In general it's preferable to avoid placing cpumasks on the stack, as | for large values of NR_CPUS these can consume significant amounts of | stack space and make stack overflows more likely. | | Use cpumask_any_and_but() to avoid the need for a temporary cpumask on | the stack. The logic looks good to me, so with that commit message: Reviewed-by: Mark Rutland <mark.rutland@....com> Mark. > --- > drivers/perf/alibaba_uncore_drw_pmu.c | 10 +++------- > 1 file changed, 3 insertions(+), 7 deletions(-) > > diff --git a/drivers/perf/alibaba_uncore_drw_pmu.c b/drivers/perf/alibaba_uncore_drw_pmu.c > index a9277dcf90ce..d4d14b65c4a5 100644 > --- a/drivers/perf/alibaba_uncore_drw_pmu.c > +++ b/drivers/perf/alibaba_uncore_drw_pmu.c > @@ -746,18 +746,14 @@ static int ali_drw_pmu_offline_cpu(unsigned int cpu, struct hlist_node *node) > struct ali_drw_pmu_irq *irq; > struct ali_drw_pmu *drw_pmu; > unsigned int target; > - int ret; > - cpumask_t node_online_cpus; > > irq = hlist_entry_safe(node, struct ali_drw_pmu_irq, node); > if (cpu != irq->cpu) > return 0; > > - ret = cpumask_and(&node_online_cpus, > - cpumask_of_node(cpu_to_node(cpu)), cpu_online_mask); > - if (ret) > - target = cpumask_any_but(&node_online_cpus, cpu); > - else > + target = cpumask_any_and_but(cpumask_of_node(cpu_to_node(cpu)), > + cpu_online_mask, cpu); > + if (target >= nr_cpu_ids) > target = cpumask_any_but(cpu_online_mask, cpu); > > if (target >= nr_cpu_ids) > -- > 2.27.0 >
Powered by blists - more mailing lists