Re: [Fastboot] [PATCH 1/3] stack overflow safe kdump (2.6.18-rc1-i386) - safe_smp_processor_id

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Fernando Luis Vázquez Cao" <fernando@oss.ntt.co.jp>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Keith Owens <kaos@ocs.com.au>,
	akpm@osdl.org, James.Bottomley@steeleye.com,
	fastboot@lists.osdl.org, linux-kernel@vger.kernel.org,
	ak@suse.de
Subject: Re: [Fastboot] [PATCH 1/3] stack overflow safe kdump (2.6.18-rc1-i386) - safe_smp_processor_id
Date: Tue, 11 Jul 2006 13:21:01 +0900	[thread overview]
Message-ID: <1152591661.2414.11.camel@localhost.localdomain> (raw)
In-Reply-To: <m1u05ppu6h.fsf@ebiederm.dsl.xmission.com>

Hi Eric!

On Mon, 2006-07-10 at 05:37 -0600, Eric W. Biederman wrote:
> Fernando Luis Vázquez Cao <fernando@oss.ntt.co.jp> writes:
> 
> > Hi Keith,
> >
> > Thank you for the comments.
> >
> > On Mon, 2006-07-10 at 18:27 +1000, Keith Owens wrote:
> >> Fernando Luis Vazquez Cao (on Mon, 10 Jul 2006 16:50:52 +0900) wrote:
> >> >On the event of a stack overflow critical data that usually resides at
> >> >the bottom of the stack is likely to be stomped and, consequently, its
> >> >use should be avoided.
> >> >
> >> >In particular, in the i386 and IA64 architectures the macro
> >> >smp_processor_id ultimately makes use of the "cpu" member of struct
> >> >thread_info which resides at the bottom of the stack. x86_64, on the
> >> >other hand, is not affected by this problem because it benefits from
> >> >the use of the PDA infrastructure.
> >> >
> >> >To circumvent this problem I suggest implementing
> >> >"safe_smp_processor_id()" (it already exists in x86_64) for i386 and
> >> >IA64 and use it as a replacement for smp_processor_id in the reboot path
> >> >to the dump capture kernel. This is a possible implementation for i386.
> >> 
> >> I agree with avoiding the use of thread_info when the stack might be
> >> corrupt.  However your patch results in reading apic data and scanning
> >> NR_CPU sized tables for each IPI that is sent, which will slow down the
> >> sending of all IPIs, not just dump.
> > This patch only affects IPIs sent using send_IPI_allbutself which is
> > rarely called, so the impact in performance should be negligible.
> 
> Well smp_call_function uses it so I don't know if rarely called applies.
> 
> However when called with the NMI vector every instance of send_IPI_allbutself
> transforms this into send_IPI_mask.  Which is why we need to know our current
> cpu in the first place.
> 
> Therefore why don't we just do that explicitly in crash.c
> i.e.
> 
> static void smp_send_nmi_allbutself(void)
> {
> 	cpumask_t mask = cpu_online_map;
> 	cpu_clear(safe_smp_processor_id(), mask);
> 	send_IPI_mask(mask, NMI_VECTOR);
> }
> 
> That will guarantee that any effects this code paranoia may have
> are only seen in the crash dump path.

That is a good idea, but I have on concern. In mach-default by default
we use __send_IPI_shortcut (no_broadcast==0) instead of send_IPI_mask.
Is it always safe to ignore the no_broadcast setting? In other words,
can __send_IPI_shortcut be replaced by send_IPI_mask safely?

The implementation of send_IPI_allbutself in the different architectures
follows:

smp_send_nmi_allbutself
  send_IPI_allbutself

* mach-bigsmp
send_IPI_allbutself
  cpu_clear(smp_processor_id(), mask)
  send_IPI_mask
    send_IPI_mask_sequence
      apic_wait_icr_idle

* mach-default
send_IPI_allbutself
  __local_send_IPI_allbutself
    if (no_broadcast) {
      cpu_clear(smp_processor_id(), mask)
      send_IPI_mask(mask, vector)
        send_IPI_mask_bitmask
          apic_wait_icr_idle
    } else {
      __send_IPI_shortcut(APIC_DEST_ALLBUT, vector)
        apic_wait_icr_idle
    }

* mach-es7000
send_IPI_allbutself
  cpu_clear(smp_processor_id(), mask);
  send_IPI_mask
    send_IPI_mask_sequence
      apic_wait_icr_idle

* mach-numaq
send_IPI_allbutself
  cpu_clear(smp_processor_id(), mask)
  send_IPI_mask
    send_IPI_mask_sequence
      apic_wait_icr_idle

* mach-summit
send_IPI_allbutself
  cpu_clear(smp_processor_id(), mask)
  send_IPI_mask
    send_IPI_mask_sequence
      apic_wait_icr_idle

Regards,

Fernando

> 
> 
> >> It would be far cheaper to define
> >> a per-cpu variable containing the logical cpu number, set that variable
> >> once as each cpu is brought up and just read it in cases where you
> >> might not trust the integrity of struct thread_info.  safe_smp_processor_id()
> >> resolves to just a read of the per cpu variable.
> > But to read a per-cpu variable you need to index the corresponding array
> > with processor id of the current CPU (see code below), but that is
> > precisely what we are trying to figure out. Anyway as
> > send_IPI_allbutself is not a fast path (correct if this assumption is
> > wrong) the current implementation of safe_smp_processor_id should be
> > fine.
> >
> > #define get_cpu_var(var) (*({ preempt_disable();
> > &__get_cpu_var(var); }))
> > #define __get_cpu_var(var) per_cpu(var, smp_processor_id())
> >
> > Am I missing something obvious?
> 
> No.  Except that other architectures have cheaper per pointers so they
> don't have that problem.
> 
> Eric

next prev parent reply	other threads:[~2006-07-11  4:21 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-10  7:50 [PATCH 1/3] stack overflow safe kdump (2.6.18-rc1-i386) - safe_smp_processor_id Fernando Luis Vázquez Cao
2006-07-10  8:27 ` [Fastboot] " Keith Owens
2006-07-10 10:15   ` Fernando Luis Vázquez Cao
2006-07-10 11:37     ` Eric W. Biederman
2006-07-11  4:21       ` Fernando Luis Vázquez Cao [this message]
2006-07-11  4:44         ` Fernando Luis Vázquez Cao
2006-07-11  4:55         ` Keith Owens
2006-07-11  6:15           ` Fernando Luis Vázquez Cao
2006-07-11  6:25             ` Keith Owens
2006-07-10 12:04     ` Keith Owens
2006-07-11  6:40       ` Fernando Luis Vázquez Cao
2006-07-10 14:16 ` James Bottomley
2006-07-10 18:20   ` Eric W. Biederman
2006-07-10 20:58     ` James Bottomley
2006-07-11  3:42       ` Eric W. Biederman
2006-07-11 12:36         ` James Bottomley
2006-07-11 19:41           ` Eric W. Biederman
2006-07-11  6:21       ` [Fastboot] " Fernando Luis Vázquez Cao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1152591661.2414.11.camel@localhost.localdomain \
    --to=fernando@oss.ntt.co.jp \
    --cc=James.Bottomley@steeleye.com \
    --cc=ak@suse.de \
    --cc=akpm@osdl.org \
    --cc=ebiederm@xmission.com \
    --cc=fastboot@lists.osdl.org \
    --cc=kaos@ocs.com.au \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox