* [PATCH] scsi: eata: drop VLA in reorder()
@ 2018-03-11 21:06 Salvatore Mesoraca
2018-03-12 3:08 ` Tobin C. Harding
0 siblings, 1 reply; 9+ messages in thread
From: Salvatore Mesoraca @ 2018-03-11 21:06 UTC (permalink / raw)
To: linux-kernel
Cc: kernel-hardening, linux-scsi, James E.J. Bottomley,
Martin K. Petersen, Dario Ballabio, Kees Cook,
Salvatore Mesoraca
n_ready will always be less than or equal to MAX_MAILBOXES.
So we avoid a VLA[1] and use fixed-length arrays instead.
[1] https://lkml.org/lkml/2018/3/7/621
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
---
drivers/scsi/eata.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
index 6501c33..202cd17 100644
--- a/drivers/scsi/eata.c
+++ b/drivers/scsi/eata.c
@@ -2096,7 +2096,7 @@ static int reorder(struct hostdata *ha, unsigned long cursec,
unsigned int k, n;
unsigned int rev = 0, s = 1, r = 1;
unsigned int input_only = 1, overlap = 0;
- unsigned long sl[n_ready], pl[n_ready], ll[n_ready];
+ unsigned long sl[MAX_MAILBOXES], pl[MAX_MAILBOXES], ll[MAX_MAILBOXES];
unsigned long maxsec = 0, minsec = ULONG_MAX, seek = 0, iseek = 0;
unsigned long ioseek = 0;
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-11 21:06 [PATCH] scsi: eata: drop VLA in reorder() Salvatore Mesoraca
@ 2018-03-12 3:08 ` Tobin C. Harding
2018-03-12 6:36 ` valdis.kletnieks
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Tobin C. Harding @ 2018-03-12 3:08 UTC (permalink / raw)
To: Salvatore Mesoraca
Cc: linux-kernel, kernel-hardening, linux-scsi, James E.J. Bottomley,
Martin K. Petersen, Dario Ballabio, Kees Cook, Linus Torvalds,
kernelnewbies
Adding kernel newbies to CC because I pose a few noob questions :)
Adding Linus to CC because I quoted him.
On Sun, Mar 11, 2018 at 10:06:58PM +0100, Salvatore Mesoraca wrote:
> n_ready will always be less than or equal to MAX_MAILBOXES.
> So we avoid a VLA[1] and use fixed-length arrays instead.
>
> [1] https://lkml.org/lkml/2018/3/7/621
>
> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
> ---
> drivers/scsi/eata.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
> index 6501c33..202cd17 100644
> --- a/drivers/scsi/eata.c
> +++ b/drivers/scsi/eata.c
> @@ -2096,7 +2096,7 @@ static int reorder(struct hostdata *ha, unsigned long cursec,
> unsigned int k, n;
> unsigned int rev = 0, s = 1, r = 1;
> unsigned int input_only = 1, overlap = 0;
> - unsigned long sl[n_ready], pl[n_ready], ll[n_ready];
> + unsigned long sl[MAX_MAILBOXES], pl[MAX_MAILBOXES], ll[MAX_MAILBOXES];
I think we are going to see a recurring theme here. MAX_MAILBOXES==64
so this patch adds 1536 bytes to the stack on a 64 bit machine or 768
bytes on a 32 bit machine. Linus already commented on another VLA
removal patch that 768 was a lot of stack space. That comment did,
however say 'deep in some transfer call chain'. I don't know what a
'transfer call chain' (the transfer bit) is but is there some heuristic
we can use to know how deep is deep? Or more to the point, is there some
heuristic we can use to know what is an acceptable amount of stack space
to use?
As far as this patch is concerned wouldn't a kmalloc (with GFP_ATOMIC)
be ok? We are in an interrupt handler, can we assume that since IO has
just occurred that the IO will be so slow comparatively that a memory
allocation will be quick. (assuming IO since eata.c only requests a
single irq line.)
thanks,
Tobin.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-12 3:08 ` Tobin C. Harding
@ 2018-03-12 6:36 ` valdis.kletnieks
2018-03-12 10:11 ` Salvatore Mesoraca
2018-03-12 18:45 ` Linus Torvalds
2 siblings, 0 replies; 9+ messages in thread
From: valdis.kletnieks @ 2018-03-12 6:36 UTC (permalink / raw)
To: Tobin C. Harding
Cc: Salvatore Mesoraca, James E.J. Bottomley, linux-scsi,
Martin K. Petersen, kernel-hardening, Linus Torvalds,
kernelnewbies, linux-kernel, Dario Ballabio, Kees Cook
[-- Attachment #1.1: Type: text/plain, Size: 1369 bytes --]
On Mon, 12 Mar 2018 14:08:34 +1100, "Tobin C. Harding" said:
> removal patch that 768 was a lot of stack space. That comment did,
> however say 'deep in some transfer call chain'. I don't know what a
> 'transfer call chain' (the transfer bit) is but is there some heuristic
> we can use to know how deep is deep? Or more to the point, is there some
> heuristic we can use to know what is an acceptable amount of stack space
> to use?
The canonical "why we put kernel stacks on a diet" configuration:
Imagine a bunch of ISCSI targets - with IPSec wrapping the connection.
Arranged into a software RAID5. With LVM. With encryption on the LV. With XFS
on the encrypted LV. And then the in-kernel sharing it out over NFS. With
more IPSec wrapping the NFS TCP connection.
Oh, and I/O interrupts, just for fun. And most of all of that has to fit their *entire*
stack chain into 2 4K pages. Suddenly, that 768 bytes is taking close to 10% of
*all* of the stack that all of that call chain has to share.
And I see that patch is against scsi/eata.c - which means it can plausibly end up
sharing that stack scenario above starting at 'software raid5'.
(For bonus points, the alert reader is invited to figure out which stack each of the
above actually ends up on. No, it isn't split across enough stacks that taking
768 bytes out of any of them is acceptable.. :)
[-- Attachment #1.2: Type: application/pgp-signature, Size: 486 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-12 3:08 ` Tobin C. Harding
2018-03-12 6:36 ` valdis.kletnieks
@ 2018-03-12 10:11 ` Salvatore Mesoraca
2018-03-12 18:45 ` Linus Torvalds
2 siblings, 0 replies; 9+ messages in thread
From: Salvatore Mesoraca @ 2018-03-12 10:11 UTC (permalink / raw)
To: Tobin C. Harding
Cc: linux-kernel, Kernel Hardening, linux-scsi, James E.J. Bottomley,
Martin K. Petersen, Dario Ballabio, Kees Cook, Linus Torvalds,
kernelnewbies
2018-03-12 4:08 GMT+01:00 Tobin C. Harding <tobin@apporbit.com>:
> Adding kernel newbies to CC because I pose a few noob questions :)
> Adding Linus to CC because I quoted him.
>
> On Sun, Mar 11, 2018 at 10:06:58PM +0100, Salvatore Mesoraca wrote:
>> n_ready will always be less than or equal to MAX_MAILBOXES.
>> So we avoid a VLA[1] and use fixed-length arrays instead.
>>
>> [1] https://lkml.org/lkml/2018/3/7/621
>>
>> Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
>> ---
>> drivers/scsi/eata.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
>> index 6501c33..202cd17 100644
>> --- a/drivers/scsi/eata.c
>> +++ b/drivers/scsi/eata.c
>> @@ -2096,7 +2096,7 @@ static int reorder(struct hostdata *ha, unsigned long cursec,
>> unsigned int k, n;
>> unsigned int rev = 0, s = 1, r = 1;
>> unsigned int input_only = 1, overlap = 0;
>> - unsigned long sl[n_ready], pl[n_ready], ll[n_ready];
>> + unsigned long sl[MAX_MAILBOXES], pl[MAX_MAILBOXES], ll[MAX_MAILBOXES];
>
> I think we are going to see a recurring theme here. MAX_MAILBOXES==64
> so this patch adds 1536 bytes to the stack on a 64 bit machine or 768
> bytes on a 32 bit machine. Linus already commented on another VLA
> removal patch that 768 was a lot of stack space. That comment did,
> however say 'deep in some transfer call chain'. I don't know what a
> 'transfer call chain' (the transfer bit) is but is there some heuristic
> we can use to know how deep is deep? Or more to the point, is there some
> heuristic we can use to know what is an acceptable amount of stack space
> to use?
>
> As far as this patch is concerned wouldn't a kmalloc (with GFP_ATOMIC)
> be ok? We are in an interrupt handler, can we assume that since IO has
> just occurred that the IO will be so slow comparatively that a memory
> allocation will be quick. (assuming IO since eata.c only requests a
> single irq line.)
Yes, I think you are right. I'll change it in v2.
Thank you very much,
Salvatore
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-12 3:08 ` Tobin C. Harding
2018-03-12 6:36 ` valdis.kletnieks
2018-03-12 10:11 ` Salvatore Mesoraca
@ 2018-03-12 18:45 ` Linus Torvalds
2018-03-13 0:44 ` Arthur Marsh
2018-03-13 2:35 ` Martin K. Petersen
2 siblings, 2 replies; 9+ messages in thread
From: Linus Torvalds @ 2018-03-12 18:45 UTC (permalink / raw)
To: Tobin C. Harding, Arthur Marsh
Cc: Salvatore Mesoraca, Linux Kernel Mailing List, Kernel Hardening,
Linux SCSI List, James E.J. Bottomley, Martin K. Petersen,
Dario Ballabio, Kees Cook, kernelnewbies
On Sun, Mar 11, 2018 at 8:08 PM, Tobin C. Harding <tobin@apporbit.com> wrote:
>
> I think we are going to see a recurring theme here. MAX_MAILBOXES==64
> so this patch adds 1536 bytes to the stack on a 64 bit machine or 768
> bytes on a 32 bit machine.
Yeah, that's a bit excessive. It probably works, but one or two of
those allocations will make the kernel stack really tight, so in
general I really would suggest using kmalloc() instead, or figuring
out some way to simply shrink the data structures.
That said, I wonder if the solution to this particular driver is
"delete it". Because the hardware is truly ancient and nobody sane
would use it any more.
The last patch that seemed to come from an actual _user_ finding a
problem was in 2008 (commit 20c09df7eb9c: "[SCSI] eata: fix the data
buffer accessors conversion regression"). And even then it apparently
took a year for people to have noticed the breakage.
But because the person who reported that problem is still around, I'll
just add him to the cc, just in case.
Arthur Marsh, you have the dubious honor and distinction of being the
only person to have apparently used that driver in the last ten years.
Do you still have hardware using that? Because maybe it's really time
to retire that driver.
Linus
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-12 18:45 ` Linus Torvalds
@ 2018-03-13 0:44 ` Arthur Marsh
2018-03-13 2:35 ` Martin K. Petersen
1 sibling, 0 replies; 9+ messages in thread
From: Arthur Marsh @ 2018-03-13 0:44 UTC (permalink / raw)
To: Linus Torvalds, Tobin C. Harding
Cc: Salvatore Mesoraca, James E.J. Bottomley, Linux SCSI List,
Martin K. Petersen, Kernel Hardening, kernelnewbies,
Linux Kernel Mailing List, Dario Ballabio, Kees Cook
Linus Torvalds wrote on 13/03/18 05:15:
> On Sun, Mar 11, 2018 at 8:08 PM, Tobin C. Harding <tobin@apporbit.com> wrote:
>>
>> I think we are going to see a recurring theme here. MAX_MAILBOXES==64
>> so this patch adds 1536 bytes to the stack on a 64 bit machine or 768
>> bytes on a 32 bit machine.
>
> Yeah, that's a bit excessive. It probably works, but one or two of
> those allocations will make the kernel stack really tight, so in
> general I really would suggest using kmalloc() instead, or figuring
> out some way to simply shrink the data structures.
>
> That said, I wonder if the solution to this particular driver is
> "delete it". Because the hardware is truly ancient and nobody sane
> would use it any more.
>
> The last patch that seemed to come from an actual _user_ finding a
> problem was in 2008 (commit 20c09df7eb9c: "[SCSI] eata: fix the data
> buffer accessors conversion regression"). And even then it apparently
> took a year for people to have noticed the breakage.
>
> But because the person who reported that problem is still around, I'll
> just add him to the cc, just in case.
>
> Arthur Marsh, you have the dubious honor and distinction of being the
> only person to have apparently used that driver in the last ten years.
> Do you still have hardware using that? Because maybe it's really time
> to retire that driver.
>
> Linus
>
Hi Linus and maintainers, thanks for the courtesy email and all the help
with the driver.
I am unable to make use of the driver any more due to failed hardware.
The DPT2044W SCSI controller and the IBM disk from May 1998 last
officially ran on 7 August 2017. I was had previously been able to get
the data off it and disconnected the controller and disk following
recurring problems with booting.
Aug 7 16:40:24 localhost kernel: [ 105.098705] sd 0:0:6:0: [sda]
Synchronizing SCSI cache
Aug 7 16:40:24 localhost kernel: [ 105.233166] EATA0: IRQ 11 mapped to
IO-APIC IRQ 18.
Aug 7 16:40:24 localhost kernel: [ 105.233475] EATA/DMA 2.0x:
Copyright (C) 1994-2003 Dario Ballabio.
Aug 7 16:40:24 localhost kernel: [ 105.233485] EATA config options ->
tm:1, lc:y, mq:16, rs:y, et:n, ip:n, ep:n, pp:y.
Aug 7 16:40:24 localhost kernel: [ 105.233492] EATA0: 2.0C, PCI
0x9010, IRQ 18, BMST, SG 122, MB 64.
Aug 7 16:40:24 localhost kernel: [ 105.233499] EATA0: wide SCSI
support enabled, max_id 16, max_lun 8.
Aug 7 16:40:24 localhost kernel: [ 105.233505] EATA0: SCSI channel 0
enabled, host target ID 7.
Aug 7 16:40:24 localhost kernel: [ 105.233521] scsi host0: EATA/DMA
2.0x rev. 8.10.00
Arthur Marsh.
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-12 18:45 ` Linus Torvalds
2018-03-13 0:44 ` Arthur Marsh
@ 2018-03-13 2:35 ` Martin K. Petersen
2018-03-13 9:05 ` Christoph Hellwig
1 sibling, 1 reply; 9+ messages in thread
From: Martin K. Petersen @ 2018-03-13 2:35 UTC (permalink / raw)
To: Linus Torvalds
Cc: Tobin C. Harding, Arthur Marsh, Salvatore Mesoraca,
Linux Kernel Mailing List, Kernel Hardening, Linux SCSI List,
James E.J. Bottomley, Martin K. Petersen, Dario Ballabio,
Kees Cook, kernelnewbies
Linus,
> That said, I wonder if the solution to this particular driver is
> "delete it". Because the hardware is truly ancient and nobody sane
> would use it any more.
I'm not aware of anybody actively using these anymore. They are
mid-nineties vintage with an M68K processor onboard. I ran a couple of
these when they were new but haven't had a working board in probably a
decade.
No objections to Salvatore's patch but I have a slight affinity for
retiring unused code over patching it. So unless there are objections...
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-13 2:35 ` Martin K. Petersen
@ 2018-03-13 9:05 ` Christoph Hellwig
2018-03-13 22:04 ` Salvatore Mesoraca
0 siblings, 1 reply; 9+ messages in thread
From: Christoph Hellwig @ 2018-03-13 9:05 UTC (permalink / raw)
To: Martin K. Petersen
Cc: Linus Torvalds, Tobin C. Harding, Arthur Marsh,
Salvatore Mesoraca, Linux Kernel Mailing List, Kernel Hardening,
Linux SCSI List, James E.J. Bottomley, Dario Ballabio, Kees Cook,
kernelnewbies
On Mon, Mar 12, 2018 at 10:35:36PM -0400, Martin K. Petersen wrote:
> No objections to Salvatore's patch but I have a slight affinity for
> retiring unused code over patching it. So unless there are objections...
Lets kill it. And the not DMA capable eata_pio driver with it for
good riddance.
>
> --
> Martin K. Petersen Oracle Linux Engineering
---end quoted text---
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] scsi: eata: drop VLA in reorder()
2018-03-13 9:05 ` Christoph Hellwig
@ 2018-03-13 22:04 ` Salvatore Mesoraca
0 siblings, 0 replies; 9+ messages in thread
From: Salvatore Mesoraca @ 2018-03-13 22:04 UTC (permalink / raw)
To: Christoph Hellwig
Cc: James E.J. Bottomley, Linux SCSI List, Martin K. Petersen,
Kernel Hardening, Linus Torvalds, Tobin C. Harding,
kernelnewbies, Linux Kernel Mailing List, Dario Ballabio,
Arthur Marsh, Kees Cook
2018-03-13 10:05 GMT+01:00 Christoph Hellwig <hch@infradead.org>:
> On Mon, Mar 12, 2018 at 10:35:36PM -0400, Martin K. Petersen wrote:
>> No objections to Salvatore's patch but I have a slight affinity for
>> retiring unused code over patching it. So unless there are objections...
>
> Lets kill it. And the not DMA capable eata_pio driver with it for
> good riddance.
Good, I'll send a patch to remove eata & friends.
Thank you for your time,
Salvatore
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-03-13 22:04 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-11 21:06 [PATCH] scsi: eata: drop VLA in reorder() Salvatore Mesoraca
2018-03-12 3:08 ` Tobin C. Harding
2018-03-12 6:36 ` valdis.kletnieks
2018-03-12 10:11 ` Salvatore Mesoraca
2018-03-12 18:45 ` Linus Torvalds
2018-03-13 0:44 ` Arthur Marsh
2018-03-13 2:35 ` Martin K. Petersen
2018-03-13 9:05 ` Christoph Hellwig
2018-03-13 22:04 ` Salvatore Mesoraca
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).