From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Guenter Roeck <linux@roeck-us.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Darren Hart <dvhart@infradead.org>,
linux-arch <linux-arch@vger.kernel.org>
Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user()
Date: Tue, 15 Oct 2019 21:18:45 +0100 [thread overview]
Message-ID: <20191015201845.GP26530@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20191015194012.GO26530@ZenIV.linux.org.uk>
On Tue, Oct 15, 2019 at 08:40:12PM +0100, Al Viro wrote:
> or this
> static void ntb_memcpy_tx(struct ntb_queue_entry *entry, void __iomem *offset)
> {
> #ifdef ARCH_HAS_NOCACHE_UACCESS
> /*
> * Using non-temporal mov to improve performance on non-cached
> * writes, even though we aren't actually copying from user space.
> */
> __copy_from_user_inatomic_nocache(offset, entry->buf, entry->len);
> #else
> memcpy_toio(offset, entry->buf, entry->len);
> #endif
>
> /* Ensure that the data is fully copied out before setting the flags */
> wmb();
>
> ntb_tx_copy_callback(entry, NULL);
> }
> "user" part is bollocks in both cases; moreover, I really wonder about that
> ifdef in ntb one - ARCH_HAS_NOCACHE_UACCESS is x86-only *at* *the* *moment*
> and it just so happens that ..._toio() doesn't require anything special on
> x86. Have e.g. arm grow nocache stuff and the things will suddenly break,
> won't they?
Incidentally, there are two callers of __copy_from_user_inatomic_nocache() in
generic code:
lib/iov_iter.c:792: __copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
lib/iov_iter.c:849: if (__copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
Neither is done under under pagefault_disable(), AFAICS. This one
drivers/gpu/drm/qxl/qxl_ioctl.c:189: unwritten = __copy_from_user_inatomic_nocache
probably is - it has something called qxl_bo_kmap_atomic_page() called just prior,
which would seem to imply kmap_atomic() somewhere in it.
The same goes for
drivers/gpu/drm/i915/i915_gem.c:500: unwritten = __copy_from_user_inatomic_nocache((void __force *)vaddr + offset,
So we have 5 callers anywhere. Two are not "inatomic" in any sense; source is
in userspace and we want nocache behaviour. Two _are_ done into a page that
had been fed through kmap_atomic(); the source is, again, in userland. And
the last one is complete BS - it wants memcpy_toio_nocache() and abuses this
thing.
Incidentally, in case of fault i915 caller ends up unmapping the page,
mapping it non-atomic (with kmap?) and doing plain copy_from_user(),
nocache be damned. qxl, OTOH, whines and fails all the way to userland...
next prev parent reply other threads:[~2019-10-15 20:18 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-06 22:20 [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Guenter Roeck
2019-10-06 23:06 ` Linus Torvalds
2019-10-06 23:35 ` Linus Torvalds
2019-10-07 0:04 ` Guenter Roeck
2019-10-07 1:17 ` Linus Torvalds
2019-10-07 1:24 ` Al Viro
2019-10-07 2:06 ` Linus Torvalds
2019-10-07 2:50 ` Al Viro
2019-10-07 3:11 ` Linus Torvalds
2019-10-07 15:40 ` David Laight
2019-10-07 18:11 ` Linus Torvalds
2019-10-08 9:58 ` David Laight
2019-10-07 17:34 ` Al Viro
2019-10-07 18:13 ` Linus Torvalds
2019-10-07 18:22 ` Al Viro
2019-10-07 18:26 ` Linus Torvalds
2019-10-07 18:36 ` Tony Luck
2019-10-07 19:08 ` Linus Torvalds
2019-10-07 19:49 ` Tony Luck
2019-10-07 20:04 ` Linus Torvalds
2019-10-08 3:29 ` Al Viro
2019-10-08 4:09 ` Linus Torvalds
2019-10-08 4:14 ` Linus Torvalds
2019-10-08 5:02 ` Al Viro
2019-10-08 4:24 ` Linus Torvalds
2019-10-10 19:55 ` Al Viro
2019-10-10 22:12 ` Linus Torvalds
2019-10-11 0:11 ` Al Viro
2019-10-11 0:31 ` Linus Torvalds
2019-10-13 18:13 ` Al Viro
2019-10-13 18:43 ` Linus Torvalds
2019-10-13 19:10 ` Al Viro
2019-10-13 19:22 ` Linus Torvalds
2019-10-13 19:59 ` Al Viro
2019-10-13 20:20 ` Linus Torvalds
2019-10-15 3:46 ` Michael Ellerman
2019-10-15 18:08 ` Al Viro
2019-10-15 19:00 ` Linus Torvalds
2019-10-15 19:40 ` Al Viro
2019-10-15 20:18 ` Al Viro [this message]
2019-10-16 12:12 ` [RFC] change of calling conventions for arch_futex_atomic_op_inuser() Al Viro
2019-10-16 12:24 ` Thomas Gleixner
2019-10-16 20:25 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Al Viro
2019-10-17 19:36 ` [RFC][PATCHES] drivers/scsi/sg.c uaccess cleanups/fixes Al Viro
2019-10-17 19:39 ` [RFC PATCH 1/8] sg_ioctl(): fix copyout handling Al Viro
2019-10-17 19:39 ` [RFC PATCH 2/8] sg_new_write(): replace access_ok() + __copy_from_user() with copy_from_user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 3/8] sg_write(): __get_user() can fail Al Viro
2019-10-17 19:39 ` [RFC PATCH 4/8] sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t Al Viro
2019-10-17 19:39 ` [RFC PATCH 5/8] sg_new_write(): don't bother with access_ok Al Viro
2019-10-17 19:39 ` [RFC PATCH 6/8] sg_read(): get rid of access_ok()/__copy_..._user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 7/8] sg_write(): get rid of access_ok()/__copy_from_user()/__get_user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 8/8] SG_IO: get rid of access_ok() Al Viro
2019-10-17 21:44 ` [RFC][PATCHES] drivers/scsi/sg.c uaccess cleanups/fixes Douglas Gilbert
2019-11-05 4:54 ` Martin K. Petersen
2019-11-05 5:25 ` Al Viro
2019-11-06 4:29 ` Martin K. Petersen
2019-10-18 0:27 ` [RFC] csum_and_copy_from_user() semantics Al Viro
2019-10-25 14:01 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Thomas Gleixner
2019-10-08 4:57 ` Al Viro
2019-10-08 13:14 ` Greg KH
2019-10-08 15:29 ` Al Viro
2019-10-08 15:38 ` Greg KH
2019-10-08 17:06 ` Al Viro
2019-10-08 19:58 ` Al Viro
2019-10-08 20:16 ` Al Viro
2019-10-08 20:34 ` Al Viro
2019-10-07 2:30 ` Guenter Roeck
2019-10-07 3:12 ` Linus Torvalds
2019-10-07 0:23 ` Guenter Roeck
2019-10-07 4:04 ` Max Filippov
2019-10-07 12:16 ` Guenter Roeck
2019-10-07 19:21 ` Linus Torvalds
2019-10-07 20:29 ` Guenter Roeck
2019-10-07 23:27 ` Guenter Roeck
2019-10-08 6:28 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191015201845.GP26530@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=dvhart@infradead.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.