lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CY5PR11MB63665172F7608BD64E8BCF27ED692@CY5PR11MB6366.namprd11.prod.outlook.com>
Date: Wed, 25 Sep 2024 10:30:03 +0000
From: "Usyskin, Alexander" <alexander.usyskin@...el.com>
To: Rohit Agarwal <rohiagar@...omium.org>, "Winkler, Tomas"
	<tomas.winkler@...el.com>, Arnd Bergmann <arnd@...db.de>, Greg Kroah-Hartman
	<gregkh@...uxfoundation.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Lubart,
 Vitaly" <vitaly.lubart@...el.com>
Subject: RE: [RFC] Order 4 allocation failures in the MEI client driver

> On 23/08/24 2:30 AM, Winkler, Tomas wrote:
> >>>> On Wed, Aug 21, 2024, at 05:20, Rohit Agarwal wrote:
> >>>>> On 19/08/24 6:45 PM, Arnd Bergmann wrote:
> >>>>>> On Tue, Aug 13, 2024, at 10:45, Rohit Agarwal wrote:
> >>>>>>
> >>>>>> What is the call chain you see in the kernel messages? Is it
> >>>>>> always the same?
> >>>>> Yes the call stack is same everytime. This is the call stack
> >>>>>
> >>>>> <4>[ 2019.101352] dump_stack_lvl+0x69/0xa0 <4>[ 2019.101359]
> >>>>> warn_alloc+0x10d/0x180 <4>[ 2019.101363]
> >>>>> __alloc_pages_slowpath+0xe3d/0xe80
> >>>>> <4>[ 2019.101366] __alloc_pages+0x22f/0x2b0 <4>[ 2019.101369]
> >>>>> __kmalloc_large_node+0x9d/0x120 <4>[ 2019.101373] ?
> >>>>> mei_cl_alloc_cb+0x34/0xa0 <4>[ 2019.101377] ?
> >>>>> mei_cl_alloc_cb+0x74/0xa0 <4>[ 2019.101379] __kmalloc+0x86/0x130
> >>>>> <4>[ 2019.101382] mei_cl_alloc_cb+0x74/0xa0 <4>[ 2019.101385]
> >>>>> mei_cl_enqueue_ctrl_wr_cb+0x38/0x90
> >>>> Ok, so this might be a result of mei_cl_enqueue_ctrl_wr_cb() doing
> >>>>
> >>>>          /* for RX always allocate at least client's mtu */
> >>>>          if (length)
> >>>>                  length = max_t(size_t, length, mei_cl_mtu(cl));
> >>>>
> >>>> which was added in 3030dc056459 ("mei: add wrapper for queuing
> >>>> control commands."). All the callers seem to be passing a short
> >>>> "length" of just a few bytes, but this would always extend it to
> >>>> cl->me_cl->props.max_msg_length in mei_cl_mtu().
> >>>>
> >>>> Not sure where that part is set.
> >>> It's allocating maximum header for receiving buffer so it can
> >>> accommodate any response.
> >>> Looks like this part can be optimized with pre allocated buffer pool.
> >> I understand that it's always trying to allocate the maximum, the question
> is
> >> whether there is ever a need to set the maximum to more than a page.
> Pre-
> >> allocating a buffer at probe time would also address the issue, but if it's
> >> possible to just make that buffer smaller, it wouldn't be needed.
> >>
> >> Is the 64KB buffer size part of the Chrome specific interface as well, or is
> that
> >> part of the upstream kernel implementation?
> > The upstream solution is for newer graphics cards and overall
> implementation is different.
> > I'm trying to collect more information myself, it's summer vacation time, so
> it will take few days.
> > Thanks
> > Tomas
> >
> A gentle reminder.
> 
> Thanks,
> Rohit.

The FW guy say that the biggest buffer there is 33K, and this is already order 4 allocation.
Thus, the MTU size can't be reduced.
The only thing that we can do is to ask pxp to send to mei expected message size and
mei will allocate only that size. This can lead to unexpected behaviour in driver
when FW sends more data then expected by pxp.
This still may fail on big buffer requested by pxp, not sure what is the real message
that Linux pxp module is using.

Is this error can be eliminated by retry from PXP side? 


-- 
Alexander (Sasha) Usyskin

CSE FW Dev – Host SW
Intel Israel (74) Limited


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ