lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <a5c62d13-a8de-4efa-aa87-dfdf8a4e56bb@app.fastmail.com>
Date: Tue, 10 Jun 2025 12:31:15 +0200
From: "Arnd Bergmann" <arnd@...db.de>
To: "Patrisious Haddad" <phaddad@...dia.com>,
 "Arnd Bergmann" <arnd@...nel.org>, "Leon Romanovsky" <leon@...nel.org>,
 "Jason Gunthorpe" <jgg@...pe.ca>
Cc: Christian Göttsche <cgzones@...glemail.com>,
 "Serge E. Hallyn" <serge@...lyn.com>, "Chiara Meiohas" <cmeiohas@...dia.com>,
 "Alexander Viro" <viro@...iv.linux.org.uk>, linux-rdma@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup

On Tue, Jun 10, 2025, at 11:50, Patrisious Haddad wrote:
> On 6/10/2025 12:28 PM, Arnd Bergmann wrote:

>>   void mlx5_ib_ufile_hw_cleanup(struct ib_uverbs_file *ufile)
>>   {
>> -       struct mlx5_async_cmd async_cmd[MAX_ASYNC_CMDS];
>> +       struct mlx5_async_cmd *async_cmd;
> Please preserve reverse Christmas tree deceleration.
>>          struct ib_ucontext *ucontext = ufile->ucontext;
>>          struct ib_device *device = ucontext->device;
>>          struct mlx5_ib_dev *dev = to_mdev(device);
>> @@ -2678,6 +2678,10 @@ void mlx5_ib_ufile_hw_cleanup(struct ib_uverbs_file *ufile)
>>          int head = 0;
>>          int tail = 0;
>>
>> +       async_cmd = kcalloc(MAX_ASYNC_CMDS, sizeof(*async_cmd), GFP_KERNEL);
>> +       if (WARN_ON(!async_cmd))
>> +               return;
>
> But honestly I'm not sure I like this, the whole point of this patch was 
> performance optimization for teardown flow, and this function is called 
> in a loop not even one time.
>
> So I'm really not sure about how much kcalloc can slow it down here, and 
> it failing is whole other issue.

Generally speaking, kcalloc is fairly quick and won't fail here,
but it can take some time under memory pressure if it ends up
in memory reclaim.

> I'm thinking out-loud here, but theoretically we know stack size and 
> this struct size at compile time , so can we should be able to add some 
> kind of ifdef check "if (stack_frame_size < struct_size)" skip this 
> function and maybe print some warning.
> (since it is purely optimization function and logically the code will 
> continue correctly without it - but if it needs to be executed then let 
> it stay like this and needs a big enough stack - which is most of today 
> systems anyway) ?

The thing I'm most interested here is the compile-time warning:
we currently have some configurations that have a very high warning
limit of 2048 bytes or even unlimited, which means that a number
of functions that accidentally use too much stack space (either from
a compiler misoptimization or a programmer error) are missed and
can end up causing problems later. I posted this patch as part of
a larger work to eventually reduce the default warning limit
for those corner cases.

The risk in this particular function to actually overflow is fairly
low since it gets called from sys_close() or __fput(), which
are not nested deeply. I can think of a couple of other ways to
keep your fast path and also build cleanly with a lower warning
limit.

- check which exact configurations actually trigger the high stack
  usage and then skip the optimization in those cases. The most
  likely causes are CONFIG_KASAN_STACK and CONFIG_KMSAN, both
  of which already make the kernel a lot slower.

- reduce MAX_ASYNC_CMDS to always stay under the warning limit, either
  picking a lower value unconditionally, or based on the Kconfig
  options that trigger it

- preallocate the array as part of an existing structure, whichever
  makes sense here (mlx5_ib_dev maybe?).

- reorganize the code in some other form to have the stack not
  blow the warning limit. As far as I can tell, I only see this
  particular one with clang but not gcc, and that often means
  it happens because of some particular inlining decisions that
  clang takes, and we can force them by adding strategic
  __always_inline or noinline annotations that make both compilers
  do the same thing.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ