Xen project Mailing List

Re: [PATCH for-4.19] xen/xmalloc: XMEM_POOL_POISON improvements

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 23 Oct 2023 10:04:21 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yxr1Y0Ek7NMXkZbUJ9ZbNY9A3+I9X2NdghD2Lsn9j/0=; b=AM1BgdgAnYxTo2c2qFfbcATcVfSOPtJKRLqyHMFoUHrC91JPJ1BsYmSJy3jNu1nuyPQcqWx0tpu3stnrzeL1gPHyO7Ps+hVAndnOoFHhz/yAi6dZ+IBnFWJzJnwCfuuAHK8lNUtWO8C/K7Vwh7g2izGMAgIA5TV0OpvOr5UIC9Z+22g/mGRYxc14TOODgxfT6Ud5zvFfJp8pYGuSfmAHrdhM8n1nXRt9VAmOeu45rOoh9S0CBYyulclWualMOKPGinNHjqyMw8iUz+yORo0TlVb0ydsRj3VBrFnzhpDsW5pAFjcQkfWQJ7y7ye+lti47kLC4jH3OnknVk4zm9gtDOw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SQVqD7MTXVBJdDcZtJkQaSe8uLINgs6p43m+CMRMfhtR0hdlnDdgvgo5fi8Dnmt/RMBsNo6J+AivP2UJTEduZf+yNxIaWuBeRy63NcpLn1G2hX9M4VAl9fZoHkW42EkJB6Io4nQWExeaHgflCEYjsihqzooUSpDqp8T4K8ZWv1rwjPCfay/4vGhFp+qjKXRjW/O6HI5IFepNe2pkrAHG72+5yr/Yyek1O/HFrl2EI+KsjugrBqErWxLz2MYencQpy1c56vInZ5jaVWtVcTb3YyKXPAVcN/nA0E/nFdslvXzIIIloibTC4idtoMkLm0i5fnmRqwoRO4yQzSjm7YimFw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 23 Oct 2023 08:04:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 20.10.2023 22:26, Andrew Cooper wrote: > When in use, the spew: > > (XEN) Assertion '!memchr_inv(b->ptr.buffer + MIN_BLOCK_SIZE, POISON_BYTE, > (b->size & BLOCK_SIZE_MASK) - MIN_BLOCK_SIZE)' failed at > common/xmalloc_tlsf.c:246 > > is unweidly and meaningless to non-Xen developers. Just to mention it (no objection to the changes done): While I agree with unwieldy (and I'd add "of limited use"), an assertion message not necessarily being meaningful to non-Xen developers is imo not really a criteria - that's to be expected in various cases. > Therefore: > > * Switch to IS_ENABLED(). There's no need for full #ifdef-ary. > * Pull memchr_inv() out into the if(), and provide a better error message. Thing is - this "better" error message now ends up being less specific, and hence could mean also other kinds of corruption. > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > --- > CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx> > CC: Jan Beulich <JBeulich@xxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > CC: Wei Liu <wl@xxxxxxx> > CC: Julien Grall <julien@xxxxxxx> > CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > Observations from the debugging of: > https://github.com/Dasharo/dasharo-issues/issues/488 > > There's a further bug. XMEM_POOL_POISON can be enabled in release builds, > where the ASSERT() gets dropped. Just to mention it - this limits usefulness, but doesn't make the option entirely useless. The poisoning itself also allows certain cases of use- after-free to be caught. The assertion really is "only" about write-after- free. (Maybe the improved error message could indicate so?) > However, upping to a BUG() can't provide any helpful message out to the user. > > I tried modifying BUG() to take an optional message, but xen/bug.h needs > untangling substantially before that will work, and I don't have time right > now. I agree with Julien's suggestion of using panic() in the meantime, as a possible alternative. Question though is whether it's better to halt the system right away, as opposed to e.g. permitting orderly shutdown to cover the case where the corruption ends up not being "deadly". Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.