lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53621985-23fc-49e3-a402-4b6e2335a970@nvidia.com>
Date: Tue, 10 Jun 2025 17:51:37 +0300
From: Patrisious Haddad <phaddad@...dia.com>
To: Arnd Bergmann <arnd@...db.de>, Arnd Bergmann <arnd@...nel.org>,
 Leon Romanovsky <leon@...nel.org>, Jason Gunthorpe <jgg@...pe.ca>
Cc: Christian Göttsche <cgzones@...glemail.com>,
 "Serge E. Hallyn" <serge@...lyn.com>, Chiara Meiohas <cmeiohas@...dia.com>,
 Alexander Viro <viro@...iv.linux.org.uk>, linux-rdma@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup


On 6/10/2025 1:31 PM, Arnd Bergmann wrote:
> External email: Use caution opening links or attachments
>
>
> On Tue, Jun 10, 2025, at 11:50, Patrisious Haddad wrote:
>> On 6/10/2025 12:28 PM, Arnd Bergmann wrote:
>>>    void mlx5_ib_ufile_hw_cleanup(struct ib_uverbs_file *ufile)
>>>    {
>>> -       struct mlx5_async_cmd async_cmd[MAX_ASYNC_CMDS];
>>> +       struct mlx5_async_cmd *async_cmd;
>> Please preserve reverse Christmas tree deceleration.
>>>           struct ib_ucontext *ucontext = ufile->ucontext;
>>>           struct ib_device *device = ucontext->device;
>>>           struct mlx5_ib_dev *dev = to_mdev(device);
>>> @@ -2678,6 +2678,10 @@ void mlx5_ib_ufile_hw_cleanup(struct ib_uverbs_file *ufile)
>>>           int head = 0;
>>>           int tail = 0;
>>>
>>> +       async_cmd = kcalloc(MAX_ASYNC_CMDS, sizeof(*async_cmd), GFP_KERNEL);
>>> +       if (WARN_ON(!async_cmd))
>>> +               return;
>> But honestly I'm not sure I like this, the whole point of this patch was
>> performance optimization for teardown flow, and this function is called
>> in a loop not even one time.
>>
>> So I'm really not sure about how much kcalloc can slow it down here, and
>> it failing is whole other issue.
> Generally speaking, kcalloc is fairly quick and won't fail here,
> but it can take some time under memory pressure if it ends up
> in memory reclaim.
>
>> I'm thinking out-loud here, but theoretically we know stack size and
>> this struct size at compile time , so can we should be able to add some
>> kind of ifdef check "if (stack_frame_size < struct_size)" skip this
>> function and maybe print some warning.
>> (since it is purely optimization function and logically the code will
>> continue correctly without it - but if it needs to be executed then let
>> it stay like this and needs a big enough stack - which is most of today
>> systems anyway) ?
> The thing I'm most interested here is the compile-time warning:
> we currently have some configurations that have a very high warning
> limit of 2048 bytes or even unlimited, which means that a number
> of functions that accidentally use too much stack space (either from
> a compiler misoptimization or a programmer error) are missed and
> can end up causing problems later. I posted this patch as part of
> a larger work to eventually reduce the default warning limit
> for those corner cases.
>
> The risk in this particular function to actually overflow is fairly
> low since it gets called from sys_close() or __fput(), which
> are not nested deeply. I can think of a couple of other ways to
> keep your fast path and also build cleanly with a lower warning
> limit.
>
> - check which exact configurations actually trigger the high stack
>    usage and then skip the optimization in those cases. The most
>    likely causes are CONFIG_KASAN_STACK and CONFIG_KMSAN, both
>    of which already make the kernel a lot slower.

Personally I prefer this option the most.
But If I were you I would wait to hear if the maintainers got a problem 
with that approach ...

>
> - reduce MAX_ASYNC_CMDS to always stay under the warning limit, either
>    picking a lower value unconditionally, or based on the Kconfig
>    options that trigger it

No the number 8 wasn't chosen arbitrarily it also due to performance 
reasons, whereas note that it is also the number

of commands that can be sent in parallel for destruction so reducing it 
isn't ideal.

>
> - preallocate the array as part of an existing structure, whichever
>    makes sense here (mlx5_ib_dev maybe?).
Can work but not ideal.
>
> - reorganize the code in some other form to have the stack not
>    blow the warning limit. As far as I can tell, I only see this
>    particular one with clang but not gcc, and that often means
>    it happens because of some particular inlining decisions that
>    clang takes, and we can force them by adding strategic
>    __always_inline or noinline annotations that make both compilers
>    do the same thing.
Sounds like the hardest option to implement but I have no quarrel with it.
>
>        Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ