lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 5 May 2024 19:31:24 +0200
From: Erick Archer <erick.archer@...look.com>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: Erick Archer <erick.archer@...look.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Namhyung Kim <namhyung@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>,
	Adrian Hunter <adrian.hunter@...el.com>,
	"Liang, Kan" <kan.liang@...ux.intel.com>,
	Kees Cook <keescook@...omium.org>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nick Desaulniers <ndesaulniers@...gle.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>,
	linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v2] perf/ring_buffer: Prefer struct_size over open coded
 arithmetic

On Sun, May 05, 2024 at 05:24:55PM +0200, Christophe JAILLET wrote:
> Le 05/05/2024 à 16:15, Erick Archer a écrit :
> > diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c
> > index 4013408ce012..080537eff69f 100644
> > --- a/kernel/events/ring_buffer.c
> > +++ b/kernel/events/ring_buffer.c
> > @@ -822,9 +822,7 @@ struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
> >   	unsigned long size;
> 
> Hi,
> 
> Should size be size_t?

I'm sorry, but I don't have enough knowledge to answer this question.
The "size" variable is used as a return value by struct_size and as
a parameter to the order_base_2() and kzalloc_node() functions.

The size type for the kzalloc_node function is "size_t" but for the
order_base_2() macro it is necessary an unsigned type (since this
is expanded to "__ilog2_u32(u32 n)" or "__ilog2_u64(u64 n)").

So, I don't know if it is correct to change the type to size_t.
Maybe someone can help with this.

> 
> >   	int i, node;
> > -	size = sizeof(struct perf_buffer);
> > -	size += nr_pages * sizeof(void *);
> > -
> > +	size = struct_size(rb, data_pages, nr_pages);
> >   	if (order_base_2(size) > PAGE_SHIFT+MAX_PAGE_ORDER)
> >   		goto fail;
> > @@ -833,6 +831,7 @@ struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
> >   	if (!rb)
> >   		goto fail;
> > +	rb->nr_pages = nr_pages;
> >   	rb->user_page = perf_mmap_alloc_page(cpu);
> >   	if (!rb->user_page)
> >   		goto fail_user_page;
> > @@ -843,8 +842,6 @@ struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
> >   			goto fail_data_pages;
> >   	}
> > -	rb->nr_pages = nr_pages;
> > -
> >   	ring_buffer_init(rb, watermark, flags);
> >   	return rb;
> > @@ -916,18 +913,15 @@ void rb_free(struct perf_buffer *rb)
> >   struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
> >   {
> >   	struct perf_buffer *rb;
> > -	unsigned long size;
> >   	void *all_buf;
> >   	int node;
> > -	size = sizeof(struct perf_buffer);
> > -	size += sizeof(void *);
> > -
> >   	node = (cpu == -1) ? cpu : cpu_to_node(cpu);
> > -	rb = kzalloc_node(size, GFP_KERNEL, node);
> > +	rb = kzalloc_node(struct_size(rb, data_pages, 1), GFP_KERNEL, node);
> >   	if (!rb)
> >   		goto fail;
> > +	rb->nr_pages = nr_pages;
> 
> I don't think this is correct.

I think you are right. My bad :(

> There is already a logic in place about it a few lines below:
> 
> 	all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);
> 	if (!all_buf)
> 		goto fail_all_buf;
> 
> 	rb->user_page = all_buf;
> 	rb->data_pages[0] = all_buf + PAGE_SIZE;
> 	if (nr_pages) {					<--- here
> 		rb->nr_pages = 1;			<---
> 		rb->page_order = ilog2(nr_pages);
> 	}
> 
> I think that what is needed is to move this block just 2 lines above,
> (before rb->data_pages[0] = ...)
> 
> 
> I'm also wondering what should be done if nr_pages = 0.

Perhaps this is enough since we only allocate memory for one
member of the array.

@@ -916,18 +913,15 @@ void rb_free(struct perf_buffer *rb)
 struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
 {
        struct perf_buffer *rb;
-       unsigned long size;
        void *all_buf;
        int node;

-       size = sizeof(struct perf_buffer);
-       size += sizeof(void *);
-
        node = (cpu == -1) ? cpu : cpu_to_node(cpu);
-       rb = kzalloc_node(size, GFP_KERNEL, node);
+       rb = kzalloc_node(struct_size(rb, data_pages, 1), GFP_KERNEL, node);
        if (!rb)
                goto fail;

+       rb->nr_pages = 1;
        INIT_WORK(&rb->work, rb_free_work);

        all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);

I think that we don't need to deal with the "nr_pages = 0" case
since the flex array will always have a length of one.

Kees, can you help us with this?

Regards,
Erick

> CJ
> 
> >   	INIT_WORK(&rb->work, rb_free_work);
> >   	all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ