Re: [PATCH 1/2] cpumask: Introduce possible_cpu_safe()

From: Michal Hocko
Date: Thu Apr 04 2019 - 06:35:33 EST

Next message: james qian wang (Arm Technology China): "[PATCH] drm/komeda: Add writeback support"
Previous message: Russell King - ARM Linux admin: "fs/adfs - keep or kill it?"
In reply to: Dan Carpenter: "[PATCH 2/2] io_uring: Potential Oops in io_sq_offload_start()"
Next in thread: Peter Zijlstra: "Re: [PATCH 1/2] cpumask: Introduce possible_cpu_safe()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu 04-04-19 13:02:19, Dan Carpenter wrote:
> There have been two cases recently where we pass user a controlled "cpu"
> to possible_cpus(). That's not allowed. If it's invalid, it will
> trigger a WARN_ONCE() and an out of bounds read which could result in an
> Oops.
>
> This patch introduces possible_cpu_safe() which first checks to see if
> the cpu is valid, turns off speculation and then checks if the cpu is
> possible.

Why cannot we do the check in possible_cpu directly? Is it used from any
hot path? I am quite skeptical people will use the new helper
consistently.
--
Michal Hocko
SUSE Labs

Next message: james qian wang (Arm Technology China): "[PATCH] drm/komeda: Add writeback support"
Previous message: Russell King - ARM Linux admin: "fs/adfs - keep or kill it?"
In reply to: Dan Carpenter: "[PATCH 2/2] io_uring: Potential Oops in io_sq_offload_start()"
Next in thread: Peter Zijlstra: "Re: [PATCH 1/2] cpumask: Introduce possible_cpu_safe()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]