| Message ID | 20240403125109.2054881-9-dawei.li@shingroup.cn (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | perf: Avoid placing cpumask var on stack | expand |
On Wed, Apr 03, 2024 at 08:51:07PM +0800, Dawei Li wrote: > For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask > variable on stack is not recommended since it can cause potential stack > overflow. > > Instead, kernel code should always use *cpumask_var API(s) to allocate > cpumask var in config-neutral way, leaving allocation strategy to > CONFIG_CPUMASK_OFFSTACK. > > But dynamic allocation in cpuhp's teardown callback is somewhat problematic > for if allocation fails(which is unlikely but still possible): > - If -ENOMEM is returned to caller, kernel crashes for non-bringup > teardown; > - If callback pretends nothing happened and returns 0 to caller, it may > trap system into an in-consisitent/compromised state; > > Use newly-introduced cpumask_any_and_but() to address all issues above. > It eliminates usage of temporary cpumask var in generic way, no matter how > the cpumask var is allocated. > > Suggested-by: Mark Rutland <mark.rutland@arm.com> > Signed-off-by: Dawei Li <dawei.li@shingroup.cn> The logic looks good to me, but I'd like the commit message updated the same as per my comment on patch 2. With that commit message: Reviewed-by: Mark Rutland <mark.rutland@arm.com> Mark. > --- > drivers/perf/hisilicon/hisi_uncore_pmu.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/drivers/perf/hisilicon/hisi_uncore_pmu.c b/drivers/perf/hisilicon/hisi_uncore_pmu.c > index 04031450d5fe..ccc9191ad1b6 100644 > --- a/drivers/perf/hisilicon/hisi_uncore_pmu.c > +++ b/drivers/perf/hisilicon/hisi_uncore_pmu.c > @@ -504,7 +504,6 @@ int hisi_uncore_pmu_offline_cpu(unsigned int cpu, struct hlist_node *node) > { > struct hisi_pmu *hisi_pmu = hlist_entry_safe(node, struct hisi_pmu, > node); > - cpumask_t pmu_online_cpus; > unsigned int target; > > if (!cpumask_test_and_clear_cpu(cpu, &hisi_pmu->associated_cpus)) > @@ -518,9 +517,8 @@ int hisi_uncore_pmu_offline_cpu(unsigned int cpu, struct hlist_node *node) > hisi_pmu->on_cpu = -1; > > /* Choose a new CPU to migrate ownership of the PMU to */ > - cpumask_and(&pmu_online_cpus, &hisi_pmu->associated_cpus, > - cpu_online_mask); > - target = cpumask_any_but(&pmu_online_cpus, cpu); > + target = cpumask_any_and_but(&hisi_pmu->associated_cpus, > + cpu_online_mask, cpu); > if (target >= nr_cpu_ids) > return 0; > > -- > 2.27.0 >
On Wed, 3 Apr 2024 15:35:47 +0100 Mark Rutland <mark.rutland@arm.com> wrote: > On Wed, Apr 03, 2024 at 08:51:07PM +0800, Dawei Li wrote: > > For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask > > variable on stack is not recommended since it can cause potential stack > > overflow. > > > > Instead, kernel code should always use *cpumask_var API(s) to allocate > > cpumask var in config-neutral way, leaving allocation strategy to > > CONFIG_CPUMASK_OFFSTACK. > > > > But dynamic allocation in cpuhp's teardown callback is somewhat problematic > > for if allocation fails(which is unlikely but still possible): > > - If -ENOMEM is returned to caller, kernel crashes for non-bringup > > teardown; > > - If callback pretends nothing happened and returns 0 to caller, it may > > trap system into an in-consisitent/compromised state; > > > > Use newly-introduced cpumask_any_and_but() to address all issues above. > > It eliminates usage of temporary cpumask var in generic way, no matter how > > the cpumask var is allocated. > > > > Suggested-by: Mark Rutland <mark.rutland@arm.com> > > Signed-off-by: Dawei Li <dawei.li@shingroup.cn> > > The logic looks good to me, but I'd like the commit message updated the same as > per my comment on patch 2. > > With that commit message: > > Reviewed-by: Mark Rutland <mark.rutland@arm.com> Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
diff --git a/drivers/perf/hisilicon/hisi_uncore_pmu.c b/drivers/perf/hisilicon/hisi_uncore_pmu.c index 04031450d5fe..ccc9191ad1b6 100644 --- a/drivers/perf/hisilicon/hisi_uncore_pmu.c +++ b/drivers/perf/hisilicon/hisi_uncore_pmu.c @@ -504,7 +504,6 @@ int hisi_uncore_pmu_offline_cpu(unsigned int cpu, struct hlist_node *node) { struct hisi_pmu *hisi_pmu = hlist_entry_safe(node, struct hisi_pmu, node); - cpumask_t pmu_online_cpus; unsigned int target; if (!cpumask_test_and_clear_cpu(cpu, &hisi_pmu->associated_cpus)) @@ -518,9 +517,8 @@ int hisi_uncore_pmu_offline_cpu(unsigned int cpu, struct hlist_node *node) hisi_pmu->on_cpu = -1; /* Choose a new CPU to migrate ownership of the PMU to */ - cpumask_and(&pmu_online_cpus, &hisi_pmu->associated_cpus, - cpu_online_mask); - target = cpumask_any_but(&pmu_online_cpus, cpu); + target = cpumask_any_and_but(&hisi_pmu->associated_cpus, + cpu_online_mask, cpu); if (target >= nr_cpu_ids) return 0;
For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. But dynamic allocation in cpuhp's teardown callback is somewhat problematic for if allocation fails(which is unlikely but still possible): - If -ENOMEM is returned to caller, kernel crashes for non-bringup teardown; - If callback pretends nothing happened and returns 0 to caller, it may trap system into an in-consisitent/compromised state; Use newly-introduced cpumask_any_and_but() to address all issues above. It eliminates usage of temporary cpumask var in generic way, no matter how the cpumask var is allocated. Suggested-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Dawei Li <dawei.li@shingroup.cn> --- drivers/perf/hisilicon/hisi_uncore_pmu.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)