From: Yury Norov <yury.norov@gmail.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Alexander Potapenko <glider@google.com>,
catalin.marinas@arm.com, will@kernel.org, pcc@google.com,
andreyknvl@gmail.com, linux@rasmusvillemoes.dk,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, eugenis@google.com
Subject: Re: [v2 3/5] arm64: mte: implement CONFIG_ARM64_MTE_COMP
Date: Thu, 13 Jul 2023 12:27:15 -0700 [thread overview]
Message-ID: <ZLBQCFbBOaBUTQmB@yury-ThinkPad> (raw)
In-Reply-To: <ZLAzG+Ue3JqDM/F3@smile.fi.intel.com>
> > + bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > + bit_pos, 4);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > + bit_pos, 6);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, tags[i],
> > + bit_pos, 4);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, 0, bit_pos, 4);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, sizes[i],
> > + bit_pos, 7);
>
> > + largest_idx = bitmap_get_value_unaligned((unsigned long *)buf, bit_pos,
> > + l_bits);
>
> > + r_tags[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > + bit_pos, 4);
>
> > + r_sizes[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > + bit_pos, 7);
>
> These castings is a red flag. bitmap API shouldn't be used like this. Something
> is not okay here.
Big-endian arches are not OK. Out-of-boundary access is not OK when
the buf is not exactly a multiple of words.
> > +void ea0_release_handle(u64 handle)
> > +{
> > + void *storage = ea0_storage(handle);
> > + int size = ea0_storage_size(handle);
> > + struct kmem_cache *c;
>
> > + if (!handle || !storage)
> > + return;
>
> You use handle before this check. Haven't you run static analysers?
This approach is called 'defensive programming' as I learned from
previous iteration. Another interesting thing is that the only caller
of the function in patch #5 explicitly checks the handle for NULL, so
we're surely double-defensed here.
+void _mte_free_saved_tags(void *storage)
+{
+ unsigned long handle = xa_to_value(storage);
+ int size;
+
+ if (!handle)
+ return;
+ size = ea0_storage_size(handle);
+ ea0_release_handle(handle);
+}
_mte_free_saved_tags() calculates size, but doesn't use it in any form,
just to calculate it again in callee...
Thanks,
Yury
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Yury Norov <yury.norov@gmail.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Alexander Potapenko <glider@google.com>,
catalin.marinas@arm.com, will@kernel.org, pcc@google.com,
andreyknvl@gmail.com, linux@rasmusvillemoes.dk,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, eugenis@google.com
Subject: Re: [v2 3/5] arm64: mte: implement CONFIG_ARM64_MTE_COMP
Date: Thu, 13 Jul 2023 12:27:15 -0700 [thread overview]
Message-ID: <ZLBQCFbBOaBUTQmB@yury-ThinkPad> (raw)
In-Reply-To: <ZLAzG+Ue3JqDM/F3@smile.fi.intel.com>
> > + bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > + bit_pos, 4);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > + bit_pos, 6);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, tags[i],
> > + bit_pos, 4);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, 0, bit_pos, 4);
>
> > + bitmap_set_value_unaligned((unsigned long *)buf, sizes[i],
> > + bit_pos, 7);
>
> > + largest_idx = bitmap_get_value_unaligned((unsigned long *)buf, bit_pos,
> > + l_bits);
>
> > + r_tags[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > + bit_pos, 4);
>
> > + r_sizes[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > + bit_pos, 7);
>
> These castings is a red flag. bitmap API shouldn't be used like this. Something
> is not okay here.
Big-endian arches are not OK. Out-of-boundary access is not OK when
the buf is not exactly a multiple of words.
> > +void ea0_release_handle(u64 handle)
> > +{
> > + void *storage = ea0_storage(handle);
> > + int size = ea0_storage_size(handle);
> > + struct kmem_cache *c;
>
> > + if (!handle || !storage)
> > + return;
>
> You use handle before this check. Haven't you run static analysers?
This approach is called 'defensive programming' as I learned from
previous iteration. Another interesting thing is that the only caller
of the function in patch #5 explicitly checks the handle for NULL, so
we're surely double-defensed here.
+void _mte_free_saved_tags(void *storage)
+{
+ unsigned long handle = xa_to_value(storage);
+ int size;
+
+ if (!handle)
+ return;
+ size = ea0_storage_size(handle);
+ ea0_release_handle(handle);
+}
_mte_free_saved_tags() calculates size, but doesn't use it in any form,
just to calculate it again in callee...
Thanks,
Yury
next prev parent reply other threads:[~2023-07-13 19:27 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-13 12:57 [v2 0/5] Implement MTE tag compression for swapped pages Alexander Potapenko
2023-07-13 12:57 ` Alexander Potapenko
2023-07-13 12:57 ` [v2 1/5] lib/bitmap: add bitmap_{set,get}_value_unaligned() Alexander Potapenko
2023-07-13 12:57 ` Alexander Potapenko
2023-07-13 17:28 ` Andy Shevchenko
2023-07-13 17:28 ` Andy Shevchenko
2023-07-13 18:05 ` Alexander Potapenko
2023-07-13 18:05 ` Alexander Potapenko
2023-07-14 8:04 ` Andy Shevchenko
2023-07-14 8:04 ` Andy Shevchenko
2023-07-14 11:19 ` William Breathitt Gray
2023-07-14 11:19 ` William Breathitt Gray
2023-07-14 11:28 ` Andy Shevchenko
2023-07-14 11:28 ` Andy Shevchenko
2023-07-14 12:07 ` Alexander Potapenko
2023-07-14 12:07 ` Alexander Potapenko
2023-07-14 12:30 ` Andy Shevchenko
2023-07-14 12:30 ` Andy Shevchenko
2023-07-13 12:57 ` [v2 2/5] lib/test_bitmap: add tests for bitmap_{set,get}_value_unaligned Alexander Potapenko
2023-07-13 12:57 ` Alexander Potapenko
2023-07-13 12:57 ` [v2 3/5] arm64: mte: implement CONFIG_ARM64_MTE_COMP Alexander Potapenko
2023-07-13 12:57 ` Alexander Potapenko
2023-07-13 16:37 ` Alexander Potapenko
2023-07-13 16:37 ` Alexander Potapenko
2023-07-13 17:23 ` Andy Shevchenko
2023-07-13 17:23 ` Andy Shevchenko
2023-07-13 19:27 ` Yury Norov [this message]
2023-07-13 19:27 ` Yury Norov
2023-07-14 8:01 ` Andy Shevchenko
2023-07-14 8:01 ` Andy Shevchenko
2023-07-14 9:25 ` Alexander Potapenko
2023-07-14 9:25 ` Alexander Potapenko
2023-07-14 10:47 ` Andy Shevchenko
2023-07-14 10:47 ` Andy Shevchenko
2023-07-14 11:17 ` Alexander Potapenko
2023-07-14 11:17 ` Alexander Potapenko
2023-07-13 12:57 ` [v2 4/5] arm64: mte: add a test for MTE tags compression Alexander Potapenko
2023-07-13 12:57 ` Alexander Potapenko
2023-07-13 12:57 ` [v2 5/5] arm64: mte: add compression support to mteswap.c Alexander Potapenko
2023-07-13 12:57 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZLBQCFbBOaBUTQmB@yury-ThinkPad \
--to=yury.norov@gmail.com \
--cc=andreyknvl@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=catalin.marinas@arm.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=pcc@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.