From: Ingo Molnar <mingo@kernel.org>
To: Dave Hansen <dave@sr71.net>
Cc: linux-kernel@vger.kernel.org, dave.hansen@linux.intel.com,
peterz@infradead.org, mingo@redhat.com, ak@linux.intel.com,
tim.c.chen@linux.intel.com, akpm@linux-foundation.org,
cl@linux.com, penberg@kernel.org, linux-mm@kvack.org,
kirill@shutemov.name, lauraa@codeaurora.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] [v3] warn on performance-impacting configs aka. TAINT_PERFORMANCE
Date: Sun, 24 Aug 2014 16:49:46 +0200 [thread overview]
Message-ID: <20140824144946.GC9455@gmail.com> (raw)
In-Reply-To: <53F75B91.2040100@sr71.net>
* Dave Hansen <dave@sr71.net> wrote:
> On 08/22/2014 12:20 AM, Ingo Molnar wrote:
> > Essentially all DEBUG_OBJECTS_* options are expensive, assuming
> > they are enabled, i.e. DEBUG_OBJECTS_ENABLE_DEFAULT=y.
> >
> > Otherwise they should only be warned about if the debugobjects
> > boot option got enabled.
> >
> > I.e. you'll need a bit of a runtime check for this one.
>
> At that point, what do we print, and when do we print it? We're not
> saying that the config option should be disabled because it's really the
> boot option plus the config option that is causing the problem.
>
> I'll just put the DEBUG_OBJECTS_ENABLE_DEFAULT in here which is
> analogous to what we're doing with SLUB_DEBUG_ON.
>
> >> +static ssize_t performance_taint_read(struct file *file, char __user *user_buf,
> >> + size_t count, loff_t *ppos)
> >> +{
> >> + int i;
> >> + int ret;
> >> + char *buf;
> >> + size_t buf_written = 0;
> >> + size_t buf_left;
> >> + size_t buf_len;
> >> +
> >> + if (!ARRAY_SIZE(perfomance_killing_configs))
> >> + return 0;
> >> +
> >> + buf_len = 1;
> >> + for (i = 0; i < ARRAY_SIZE(perfomance_killing_configs); i++)
> >> + buf_len += strlen(config_prefix) +
> >> + strlen(perfomance_killing_configs[i]);
> >> + /* Add a byte for for each entry in the array for a \n */
> >> + buf_len += ARRAY_SIZE(perfomance_killing_configs);
> >> +
> >> + buf = kmalloc(buf_len, GFP_KERNEL);
> >> + if (!buf)
> >> + return -ENOMEM;
> >> +
> >> + buf_left = buf_len;
> >> + for (i = 0; i < ARRAY_SIZE(perfomance_killing_configs); i++) {
> >> + buf_written += snprintf(buf + buf_written, buf_left,
> >> + "%s%s\n", config_prefix,
> >> + perfomance_killing_configs[i]);
> >> + buf_left = buf_len - buf_written;
> >
> > So, ARRAY_SIZE(performance_killing_configs) is written out four
> > times, a temporary variable would be in order I suspect.
>
> If one of them had gone over 80 chars, I probably would have. :) I put
> one in anyway.
>
> > Also, do you want to check buf_left and break out early from
> > the loop if it goes non-positive?
>
> You're slowly inflating my patch for no practical gain. :)
AFAICS it's a potential memory corruption and security bug,
should the array ever grow large enough to overflow the passed
in buffer size.
Thanks,
Ingo
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Dave Hansen <dave@sr71.net>
Cc: linux-kernel@vger.kernel.org, dave.hansen@linux.intel.com,
peterz@infradead.org, mingo@redhat.com, ak@linux.intel.com,
tim.c.chen@linux.intel.com, akpm@linux-foundation.org,
cl@linux.com, penberg@kernel.org, linux-mm@kvack.org,
kirill@shutemov.name, lauraa@codeaurora.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] [v3] warn on performance-impacting configs aka. TAINT_PERFORMANCE
Date: Sun, 24 Aug 2014 16:49:46 +0200 [thread overview]
Message-ID: <20140824144946.GC9455@gmail.com> (raw)
In-Reply-To: <53F75B91.2040100@sr71.net>
* Dave Hansen <dave@sr71.net> wrote:
> On 08/22/2014 12:20 AM, Ingo Molnar wrote:
> > Essentially all DEBUG_OBJECTS_* options are expensive, assuming
> > they are enabled, i.e. DEBUG_OBJECTS_ENABLE_DEFAULT=y.
> >
> > Otherwise they should only be warned about if the debugobjects
> > boot option got enabled.
> >
> > I.e. you'll need a bit of a runtime check for this one.
>
> At that point, what do we print, and when do we print it? We're not
> saying that the config option should be disabled because it's really the
> boot option plus the config option that is causing the problem.
>
> I'll just put the DEBUG_OBJECTS_ENABLE_DEFAULT in here which is
> analogous to what we're doing with SLUB_DEBUG_ON.
>
> >> +static ssize_t performance_taint_read(struct file *file, char __user *user_buf,
> >> + size_t count, loff_t *ppos)
> >> +{
> >> + int i;
> >> + int ret;
> >> + char *buf;
> >> + size_t buf_written = 0;
> >> + size_t buf_left;
> >> + size_t buf_len;
> >> +
> >> + if (!ARRAY_SIZE(perfomance_killing_configs))
> >> + return 0;
> >> +
> >> + buf_len = 1;
> >> + for (i = 0; i < ARRAY_SIZE(perfomance_killing_configs); i++)
> >> + buf_len += strlen(config_prefix) +
> >> + strlen(perfomance_killing_configs[i]);
> >> + /* Add a byte for for each entry in the array for a \n */
> >> + buf_len += ARRAY_SIZE(perfomance_killing_configs);
> >> +
> >> + buf = kmalloc(buf_len, GFP_KERNEL);
> >> + if (!buf)
> >> + return -ENOMEM;
> >> +
> >> + buf_left = buf_len;
> >> + for (i = 0; i < ARRAY_SIZE(perfomance_killing_configs); i++) {
> >> + buf_written += snprintf(buf + buf_written, buf_left,
> >> + "%s%s\n", config_prefix,
> >> + perfomance_killing_configs[i]);
> >> + buf_left = buf_len - buf_written;
> >
> > So, ARRAY_SIZE(performance_killing_configs) is written out four
> > times, a temporary variable would be in order I suspect.
>
> If one of them had gone over 80 chars, I probably would have. :) I put
> one in anyway.
>
> > Also, do you want to check buf_left and break out early from
> > the loop if it goes non-positive?
>
> You're slowly inflating my patch for no practical gain. :)
AFAICS it's a potential memory corruption and security bug,
should the array ever grow large enough to overflow the passed
in buffer size.
Thanks,
Ingo
next prev parent reply other threads:[~2014-08-24 14:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-21 20:24 [PATCH] [v3] warn on performance-impacting configs aka. TAINT_PERFORMANCE Dave Hansen
2014-08-21 20:24 ` Dave Hansen
2014-08-21 20:57 ` Dave Jones
2014-08-21 20:57 ` Dave Jones
2014-08-21 21:03 ` Dave Hansen
2014-08-21 21:03 ` Dave Hansen
2014-08-22 7:20 ` Ingo Molnar
2014-08-22 7:20 ` Ingo Molnar
2014-08-22 15:02 ` Dave Hansen
2014-08-22 15:02 ` Dave Hansen
2014-08-24 14:49 ` Ingo Molnar [this message]
2014-08-24 14:49 ` Ingo Molnar
2014-08-24 20:40 ` Dave Hansen
2014-08-24 20:40 ` Dave Hansen
2014-08-24 22:13 ` Linus Torvalds
2014-08-22 16:32 ` Tim Chen
2014-08-22 16:45 ` Dave Hansen
2014-08-22 16:45 ` Dave Hansen
2014-08-22 18:12 ` Tim Chen
2014-08-22 18:12 ` Tim Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140824144946.GC9455@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=dave.hansen@linux.intel.com \
--cc=dave@sr71.net \
--cc=kirill@shutemov.name \
--cc=lauraa@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=penberg@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.