| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZhaUZFY5MUyy6hWK@gmail.com>
Date: Wed, 10 Apr 2024 15:30:12 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Nikita Kiryushin <kiryushin@...ud.ru>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
Ashok Raj <ashok.raj@...el.com>,
David Woodhouse <dwmw@...zon.co.uk>, linux-kernel@...r.kernel.org,
lvc-project@...uxtesting.org
Subject: Re: [PATCH] x86/smpboot: Add map vars allocation check in
smp_prepare_cpus_common
* Nikita Kiryushin <kiryushin@...ud.ru> wrote:
> As of now, zalloc_cpumask_var for various maps in smp_prepare_cpus_common
> is not checked.
>
> If allocation fails, it will not be known, unless the not-allocated map
> will be accessed. The situation seems not very realistic now, but could
> get more relevant in the future, as number of cores (and amount of
> allocated resources) grows.
>
> Add a cumulative status for all zalloc_cpumask_var() calls in
> smp_prepare_cpus_common() and error message in case the status signals
> that any of the map var allocations failed (per cpu).
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Nikita Kiryushin <kiryushin@...ud.ru>
> ---
> arch/x86/kernel/smpboot.c | 15 ++++++++++-----
> 1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
> index 76bb65045c64..3b24c2e1fa3b 100644
> --- a/arch/x86/kernel/smpboot.c
> +++ b/arch/x86/kernel/smpboot.c
> @@ -1042,11 +1042,16 @@ void __init smp_prepare_cpus_common(void)
> }
>
> for_each_possible_cpu(i) {
> - zalloc_cpumask_var(&per_cpu(cpu_sibling_map, i), GFP_KERNEL);
> - zalloc_cpumask_var(&per_cpu(cpu_core_map, i), GFP_KERNEL);
> - zalloc_cpumask_var(&per_cpu(cpu_die_map, i), GFP_KERNEL);
> - zalloc_cpumask_var(&per_cpu(cpu_llc_shared_map, i), GFP_KERNEL);
> - zalloc_cpumask_var(&per_cpu(cpu_l2c_shared_map, i), GFP_KERNEL);
> + bool ret = true;
> +
> + ret &= zalloc_cpumask_var(&per_cpu(cpu_sibling_map, i), GFP_KERNEL);
> + ret &= zalloc_cpumask_var(&per_cpu(cpu_core_map, i), GFP_KERNEL);
> + ret &= zalloc_cpumask_var(&per_cpu(cpu_die_map, i), GFP_KERNEL);
> + ret &= zalloc_cpumask_var(&per_cpu(cpu_llc_shared_map, i), GFP_KERNEL);
> + ret &= zalloc_cpumask_var(&per_cpu(cpu_l2c_shared_map, i), GFP_KERNEL);
> +
> + if (!ret)
> + pr_err("Failed to allocate map for CPU%u\n", i);
So:
- That doesn't really solve anything, nor does it propagate the error
further up. Plus memory allocation failures within __init functions for
key CPU data structures are invariably fatal. While there might be
more cores in the future - but there will be even more RAM. This error
condition will never be realistic.
- The canonical arch behavior for __init functions is to return -ENOMEM
and not printk anything. But that's not really an option for
smp_prepare_cpus_common(), which feeds back into the
::smp_prepare_cpus() callback that doesn't really expect failure either.
My suggestion would be to simply pass in __GFP_NOFAIL to document that
there's no reasonable allocation failure policy here. That's better than
needlessly complicating this code.
Also note that this code has changed in the latest x86 tree (tip:master).
Thanks,
Ingo
Powered by blists - more mailing lists