From: Kees Cook <keescook@chromium.org>
To: Matthew Wilcox <willy@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Romain Perier <romain.perier@gmail.com>,
Allen Pais <allen.lkml@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Oscar Carter <oscar.carter@gmx.com>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Kevin Curtis <kevin.curtis@farsite.co.uk>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Harald Freudenberger <freude@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Jiri Slaby <jslaby@suse.com>, Felipe Balbi <balbi@kernel.org>,
Jason Wessel <jason.wessel@windriver.com>,
Daniel Thompson <daniel.thompson@linaro.org>,
Douglas Anderson <dianders@chromium.org>,
Mitchell Blank Jr <mitch@sfgoth.com>,
Julian Wiedmann <jwi@linux.ibm.com>,
Karsten Graul <kgraul@linux.ibm.com>,
Ursula Braun <ubraun@linux.ibm.com>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Christian Gromm <christian.gromm@microchip.com>,
Nishka Dasgupta <nishkadg.linux@gmail.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Stephen Boyd <swboyd@chromium.org>,
Wambui Karuga <wambui.karugax@gmail.com>,
Guenter Roeck <linux@roeck-us.net>,
Chris Packham <chris.packham@alliedtelesis.co.nz>,
Kyungtae Kim <kt0755@gmail.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Jonathan Corbet <corbet@lwn.net>,
Peter Zijlstra <peterz@infradead.org>,
Will Deacon <will@kernel.org>,
linux-input@vger.kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, linux-s390@vger.kernel.org,
devel@driverdev.osuosl.org, linux-usb@vger.kernel.org,
kgdb-bugreport@lists.sourceforge.net,
alsa-devel@alsa-project.org, kernel-hardening@lists.openwall.com
Subject: Re: [PATCH 3/3] tasklet: Introduce new initialization API
Date: Thu, 16 Jul 2020 12:22:17 -0700 [thread overview]
Message-ID: <202007161216.9C9784FEBE@keescook> (raw)
In-Reply-To: <20200716153704.GM12769@casper.infradead.org>
On Thu, Jul 16, 2020 at 04:37:04PM +0100, Matthew Wilcox wrote:
> On Wed, Jul 15, 2020 at 08:08:47PM -0700, Kees Cook wrote:
> > +#define DECLARE_TASKLET(name, _callback) \
> > +struct tasklet_struct name = { \
> > + .count = ATOMIC_INIT(0), \
> > + .callback = _callback, \
> > + .use_callback = true, \
> > +}
> > +
> > +#define DECLARE_TASKLET_DISABLED(name, _callback) \
> > +struct tasklet_struct name = { \
> > + .count = ATOMIC_INIT(1), \
> > + .callback = _callback, \
> > +}
>
> You forgot to set use_callback here.
Eek; thank you.
> > @@ -547,7 +547,10 @@ static void tasklet_action_common(struct softirq_action *a,
> > if (!test_and_clear_bit(TASKLET_STATE_SCHED,
> > &t->state))
> > BUG();
> > - t->func(t->data);
> > + if (t->use_callback)
> > + t->callback(t);
> > + else
> > + t->func(t->data);
>
> I think this is the wrong way to do the conversion. Start out by setting
> t->data to (unsigned long)t in the new initialisers. Then convert the
> drivers (all 350 of them) to the new API. Then you can get rid of 'data'
> from the tasklet_struct.
That's what I did when I converted timer_struct, and it ended up creating
a mess for Control Flow Integrity checking. (The problem isn't actually
casting .data, but rather in how the callsite calls the callback --
casting the callback assignments doesn't fix the mismatch between the
caller and the callback's expectation about the function prototype
under CFI.) I got lucky with timer_struct (in v4.14) in that not much
had been converted, and I was able to do the entire conversion in the
next kernel release.
So, this time, I'm trying to avoid the prototype mismatch mess by
providing a selector to determine which prototype the callback should
be called through, and I was happy to discover I could do it without
growing the tasklet structure. Obviously the memory corruption safety
improvement won't be realized until both .data, .use_callback, and .func
are removed, but that was true even with the earlier style of conversion.
--
Kees Cook
next prev parent reply other threads:[~2020-07-16 19:22 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-16 3:08 [PATCH 0/3] Modernize tasklet callback API Kees Cook
2020-07-16 3:08 ` [PATCH 1/3] usb: gadget: udc: Avoid tasklet passing a global Kees Cook
2020-07-16 7:28 ` Greg Kroah-Hartman
2020-07-16 19:41 ` Kees Cook
2020-07-31 9:20 ` Felipe Balbi
2020-07-16 3:08 ` [PATCH 2/3] treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() Kees Cook
2020-07-16 7:30 ` Greg Kroah-Hartman
2020-07-16 11:29 ` Matthew Wilcox
2020-07-16 19:15 ` Kees Cook
2020-07-16 3:08 ` [PATCH 3/3] tasklet: Introduce new initialization API Kees Cook
2020-07-16 7:30 ` Greg Kroah-Hartman
2020-07-16 15:37 ` Matthew Wilcox
2020-07-16 19:22 ` Kees Cook [this message]
2020-07-16 7:57 ` [PATCH 0/3] Modernize tasklet callback API Peter Zijlstra
2020-07-16 8:15 ` Sebastian Andrzej Siewior
2020-07-16 19:24 ` Kees Cook
2020-07-16 19:14 ` Kees Cook
2020-07-16 20:48 ` Dmitry Torokhov
2020-07-16 21:24 ` Kees Cook
2020-07-30 7:03 ` Thomas Gleixner
2020-07-30 18:14 ` Kees Cook
2020-08-03 8:46 ` Allen
2020-08-11 12:16 ` Allen
2020-08-11 21:33 ` Kees Cook
2020-08-12 6:21 ` Takashi Iwai
2020-08-12 11:32 ` Allen
2020-08-12 12:31 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202007161216.9C9784FEBE@keescook \
--to=keescook@chromium.org \
--cc=allen.lkml@gmail.com \
--cc=alsa-devel@alsa-project.org \
--cc=balbi@kernel.org \
--cc=bigeasy@linutronix.de \
--cc=borntraeger@de.ibm.com \
--cc=chris.packham@alliedtelesis.co.nz \
--cc=christian.gromm@microchip.com \
--cc=corbet@lwn.net \
--cc=daniel.thompson@linaro.org \
--cc=davem@davemloft.net \
--cc=devel@driverdev.osuosl.org \
--cc=dianders@chromium.org \
--cc=dmitry.torokhov@gmail.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hca@linux.ibm.com \
--cc=jason.wessel@windriver.com \
--cc=jslaby@suse.com \
--cc=jwi@linux.ibm.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=kevin.curtis@farsite.co.uk \
--cc=kgdb-bugreport@lists.sourceforge.net \
--cc=kgraul@linux.ibm.com \
--cc=kt0755@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=masahiroy@kernel.org \
--cc=mitch@sfgoth.com \
--cc=netdev@vger.kernel.org \
--cc=nishkadg.linux@gmail.com \
--cc=oscar.carter@gmx.com \
--cc=perex@perex.cz \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=romain.perier@gmail.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=swboyd@chromium.org \
--cc=tglx@linutronix.de \
--cc=tiwai@suse.com \
--cc=ubraun@linux.ibm.com \
--cc=wambui.karugax@gmail.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).