x86: mce: fix error handling
in [Kernel]
|
From: Borislav Petkov on 28 Jul 2010 12:50 From: Kulikov Vasiliy <segooon(a)gmail.com> Date: Wed, Jul 28, 2010 at 12:39:44PM -0400 > mcheck_init_device() poorly handles errors. If any request fails > unregister and free everything. > > Signed-off-by: Kulikov Vasiliy <segooon(a)gmail.com> Acked-by: Borislav Petkov <Borislav.Petkov(a)amd.com> -- Regards/Gruss, Boris. Advanced Micro Devices GmbH Einsteinring 24, 85609 Dornach General Managers: Alberto Bozzo, Andrew Bowd Registration: Dornach, Gemeinde Aschheim, Landkreis Muenchen Registergericht Muenchen, HRB Nr. 43632 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Andi Kleen on 28 Jul 2010 13:10 On 7/28/2010 6:39 PM, Kulikov Vasiliy wrote: > mcheck_init_device() poorly handles errors. If any request fails > unregister and free everything. Actually these are at early boot time and only contain memory errors, and if you run out of memory at this stage the system is usually dead in the water anyways. The best you can do at this stage is panicing, but silently returning from the the init function doesn't help anyone. But someone else will likely panic anyways. e.g. boot time allocations of cpu masks generally do not check for memory failures and I think that's ok, not a bug. Your patch would be good if the driver was modular, but it isn't. -Andi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Vasiliy Kulikov on 28 Jul 2010 13:20 Hi, On Wed, Jul 28, 2010 at 19:07 +0200, Andi Kleen wrote: > On 7/28/2010 6:39 PM, Kulikov Vasiliy wrote: > >mcheck_init_device() poorly handles errors. If any request fails > >unregister and free everything. > > Actually these are at early boot time and only contain memory errors, > and if you run out of memory at this stage the system is usually > dead in the water anyways. The best you can do at this stage > is panicing, but silently returning from the the init function doesn't > help anyone. But someone else will likely panic anyways. > > e.g. boot time allocations of cpu masks generally do not check for memory > failures and I think that's ok, not a bug. > > Your patch would be good if the driver was modular, but it isn't. I'm agree with you that if allocation fails at boot time, we are dead :) But this coding style breaking rules that result from some functions _must_ be checked for errors. Maybe we should add BUG_ON() here or indicate someway that we have no ideas how to handle error? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Andi Kleen on 28 Jul 2010 13:30 > I'm agree with you that if allocation fails at boot time, we are dead :) > But this coding style breaking rules that result from some functions > _must_ be checked for errors. Maybe we should add BUG_ON() here or > indicate someway that we have no ideas how to handle error? What rules exactly? I don't think any of those functions are declared with __must_check Coding style should never get in the way of what is right. The classic way to explicitely discard a return value is a cast to void, but that is generally considered ugly in the Linux kernel. One could possibly add a comment about this at least. -Andi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Vasiliy Kulikov on 29 Jul 2010 05:40 On Wed, Jul 28, 2010 at 19:20 +0200, Andi Kleen wrote: > > >I'm agree with you that if allocation fails at boot time, we are dead :) > >But this coding style breaking rules that result from some functions > >_must_ be checked for errors. Maybe we should add BUG_ON() here or > >indicate someway that we have no ideas how to handle error? > > What rules exactly? I don't think any of those functions are > declared with __must_check IMO memmory allocation fails are dangerous in kernel mode. As it is probably not exploitable because of boot time, it can destroy some sensitive data like dirty disk caches those are going to be written on disk. > > Coding style should never get in the way of what is right. > > The classic way to explicitely discard a return value is a cast to > void, but that is generally considered > ugly in the Linux kernel. > > One could possibly add a comment about this at least. > > -Andi > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
|
Next
|
Last
Pages: 1 2 Prev: [PATCH 04/10] x86: mce: fix error handling Next: mm: check kmalloc() return value |