From: Ingo Molnar <mingo@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Theodore Ts'o <tytso@mit.edu>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-ext4@vger.kernel.org" <linux-ext4@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [REGRESSION] 998ef75ddb and aio-dio-invalidate-failure w/ data=journal
Date: Tue, 6 Oct 2015 15:42:42 +0200 [thread overview]
Message-ID: <20151006134242.GA13181@gmail.com> (raw)
In-Reply-To: <CA+55aFwYW1q2b5BeRBQRunU_hmB+TbB_Q-kPoSwgyhT20g4-ag@mail.gmail.com>
* Linus Torvalds <torvalds@linux-foundation.org> wrote:
> On Tue, Oct 6, 2015 at 10:27 AM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> >>
> >> We really should try get rid of _all_ uses of the "__" versions unless they are
> >> very locally and obviously checked with access_ok(). We've had way too many
> >> cases where people thought they were clever, and weren't really.
> >
> > That's a good idea.
> >
> > The logistics worries me a bit: it looks like a major undertaking, considering the
> > widespread use of these APIs in 1400+ call sites:
>
> Well, quite frankly, I think I'd be ok with just a mass conversion of the "__"
> functions to non-underscore ones.
>
> From past experience, I don't think we have anything that really cares. The one
> exception is probably the signal stack handling, because it really uses multiple
> individual accesses, and so it is much more noticeable.
>
> And there should be *no* meaningful difference between the underscore version
> and the non-underscore one, unless somebody does something really odd and
> questionable (ie depends on a kernel pointer - which doesn't even work on all
> architectures!).
>
> So I really think we could do a mass conversion of everything that isn't under
> "arch/" (and obviously asm-generic/uaccess.h) in just one single go.
>
> I obviously wouldn't take that into 4.3, but I really don't think this would
> merit splitting up into multiple patches either.
>
> Then, one by one, we might convert back to __get/put_user() when we've (a) added
> the SMAP/PAN infrastructure (b) verified that there's an access_ok()
> _right_there_ and (c) actually verified that it's performance-critical.
>
> I see drivers doing __get/put_user(), and it just makes me go "no". Not only are
> drivers likely to get it wrong, I don't believe the extra couple of cycles is
> going to matter compared to the cost of the hardware access itself. And if the
> access_ok() isn't local and obviously in the *only* place that can possibly lead
> to that code, then the code shouldn't use the underscore versions.
Great, fully agreed and will implement it this way!
Thanks,
Ingo
next prev parent reply other threads:[~2015-10-06 13:42 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-05 15:22 [REGRESSION] 998ef75ddb and aio-dio-invalidate-failure w/ data=journal Theodore Ts'o
2015-10-05 15:58 ` Linus Torvalds
2015-10-05 16:23 ` Dave Hansen
2015-10-05 20:22 ` Linus Torvalds
2015-10-05 20:48 ` Dave Hansen
2015-10-05 21:18 ` Linus Torvalds
2015-10-05 21:55 ` Linus Torvalds
2015-10-05 23:33 ` Dave Hansen
2015-10-06 9:01 ` Linus Torvalds
2015-10-05 20:49 ` H. Peter Anvin
2015-10-06 7:56 ` Ingo Molnar
2015-10-06 9:10 ` Linus Torvalds
2015-10-06 9:27 ` Ingo Molnar
2015-10-06 13:29 ` Linus Torvalds
2015-10-06 13:42 ` Ingo Molnar [this message]
2015-10-05 16:03 ` Dave Hansen
2015-10-05 18:04 ` Dave Hansen
2015-10-07 3:34 ` Theodore Ts'o
2015-10-07 7:32 ` Linus Torvalds
2015-10-07 15:43 ` Theodore Ts'o
2015-10-09 4:01 ` [PATCH] ext4: use private version of page_zero_new_buffers() for data=journal mode Theodore Ts'o
2015-10-13 6:06 ` Leonid V. Fedorenchik
2015-10-15 11:17 ` Jan Kara
2025-01-26 17:01 ` Mateusz Guzik
2025-01-26 18:48 ` Linus Torvalds
2025-01-26 19:49 ` Mateusz Guzik
2025-01-26 22:03 ` Linus Torvalds
2025-01-26 22:45 ` Mateusz Guzik
2025-01-27 20:52 ` Dave Hansen
2025-01-27 21:46 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151006134242.GA13181@gmail.com \
--to=mingo@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.