Re: [v2 3/5] arm64: mte: implement CONFIG_ARM64_MTE_COMP

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Yury Norov <yury.norov@gmail.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Alexander Potapenko <glider@google.com>,
	catalin.marinas@arm.com, will@kernel.org, pcc@google.com,
	andreyknvl@gmail.com, linux@rasmusvillemoes.dk,
	linux-kernel@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org, eugenis@google.com
Subject: Re: [v2 3/5] arm64: mte: implement CONFIG_ARM64_MTE_COMP
Date: Thu, 13 Jul 2023 12:27:15 -0700	[thread overview]
Message-ID: <ZLBQCFbBOaBUTQmB@yury-ThinkPad> (raw)
In-Reply-To: <ZLAzG+Ue3JqDM/F3@smile.fi.intel.com>

> > +		bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > +					   bit_pos, 4);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, largest_idx,
> > +					   bit_pos, 6);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, tags[i],
> > +					   bit_pos, 4);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, 0, bit_pos, 4);
> 
> > +		bitmap_set_value_unaligned((unsigned long *)buf, sizes[i],
> > +					   bit_pos, 7);
> 
> > +	largest_idx = bitmap_get_value_unaligned((unsigned long *)buf, bit_pos,
> > +						 l_bits);
> 
> > +		r_tags[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > +						       bit_pos, 4);
> 
> > +		r_sizes[i] = bitmap_get_value_unaligned((unsigned long *)buf,
> > +							bit_pos, 7);
> 
> These castings is a red flag. bitmap API shouldn't be used like this. Something
> is not okay here.

Big-endian arches are not OK. Out-of-boundary access is not OK when
the buf is not exactly a multiple of words.

> > +void ea0_release_handle(u64 handle)
> > +{
> > +	void *storage = ea0_storage(handle);
> > +	int size = ea0_storage_size(handle);
> > +	struct kmem_cache *c;
> 
> > +	if (!handle || !storage)
> > +		return;
> 
> You use handle before this check. Haven't you run static analysers?

This approach is called 'defensive programming' as I learned from
previous iteration. Another interesting thing is that the only caller
of the function in patch #5 explicitly checks the handle for NULL, so
we're surely double-defensed here.

        +void _mte_free_saved_tags(void *storage)
        +{
        +       unsigned long handle = xa_to_value(storage);
        +       int size;
        +
        +       if (!handle)
        +               return;
        +       size = ea0_storage_size(handle);
        +       ea0_release_handle(handle);
        +}

_mte_free_saved_tags() calculates size, but doesn't use it in any form,
just to calculate it again in callee...

Thanks,
Yury

next prev parent reply	other threads:[~2023-07-13 19:27 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-13 12:57 [v2 0/5] Implement MTE tag compression for swapped pages Alexander Potapenko
2023-07-13 12:57 ` [v2 1/5] lib/bitmap: add bitmap_{set,get}_value_unaligned() Alexander Potapenko
2023-07-13 17:28   ` Andy Shevchenko
2023-07-13 18:05     ` Alexander Potapenko
2023-07-14  8:04       ` Andy Shevchenko
2023-07-14 11:19         ` William Breathitt Gray
2023-07-14 11:28           ` Andy Shevchenko
2023-07-14 12:07             ` Alexander Potapenko
2023-07-14 12:30               ` Andy Shevchenko
2023-07-13 12:57 ` [v2 2/5] lib/test_bitmap: add tests for bitmap_{set,get}_value_unaligned Alexander Potapenko
2023-07-13 12:57 ` [v2 3/5] arm64: mte: implement CONFIG_ARM64_MTE_COMP Alexander Potapenko
2023-07-13 16:37   ` Alexander Potapenko
2023-07-13 17:23   ` Andy Shevchenko
2023-07-13 19:27     ` Yury Norov [this message]
2023-07-14  8:01       ` Andy Shevchenko
2023-07-14  9:25     ` Alexander Potapenko
2023-07-14 10:47       ` Andy Shevchenko
2023-07-14 11:17         ` Alexander Potapenko
2023-07-13 12:57 ` [v2 4/5] arm64: mte: add a test for MTE tags compression Alexander Potapenko
2023-07-13 12:57 ` [v2 5/5] arm64: mte: add compression support to mteswap.c Alexander Potapenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZLBQCFbBOaBUTQmB@yury-ThinkPad \
    --to=yury.norov@gmail.com \
    --cc=andreyknvl@gmail.com \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=catalin.marinas@arm.com \
    --cc=eugenis@google.com \
    --cc=glider@google.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    --cc=pcc@google.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox