From: Andi Kleen <andi@firstfloor.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Bron Gondwana <brong@fastmail.fm>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Nick Piggin <npiggin@suse.de>,
Andrew Morton <akpm@linux-foundation.org>,
Rob Mueller <robm@fastmail.fm>, Ingo Molnar <mingo@elte.hu>
Subject: Re: BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable)
Date: Tue, 17 Jun 2008 23:26:48 +0200 [thread overview]
Message-ID: <48582C18.4090900@firstfloor.org> (raw)
In-Reply-To: <alpine.LFD.1.10.0806171412470.2907@woody.linux-foundation.org>
Linus Torvalds wrote:
>
> On Tue, 17 Jun 2008, Andi Kleen wrote:
>> The x86-64 copy_*_user functions were always designed to return errors
>> both ways (as in both for load and for store).
>
> That's not the problem, Andi.
>
> The problem is that it returns THE WRONG VALUE!
>
> If the fault happened on the second load,
Loads are not supposed to fault in copy_to_user(). Only stores are.
The way it works is that it assumes that either loads fault (when used
as copy_from_user) or stores (copy_to_user), but never both.
> but the first load was never
> actually paired up with a store (because of unrolling the loop), then YOU
> MUST NOT CLAIM THAT YOU DID A 8-BYTE COPY! Because you have copied exactly
> _zero_ bytes, even though you _loaded_ 8 bytes successfully!
>
> See?
>
> Claiming that you copied 8 bytes when you didn't do anything at all is
> WRONG. It's so incredibly wrong that it is scary.
If your patch fixes something then the main wrong thing is the caller
who passes a faulting source address.
And again it always breaks the other case.
-Andi
next prev parent reply other threads:[~2008-06-17 21:27 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-17 6:00 BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable) Bron Gondwana
2008-06-17 6:02 ` Bron Gondwana
2008-06-17 17:08 ` Linus Torvalds
2008-06-17 17:45 ` Linus Torvalds
2008-06-17 20:16 ` Linus Torvalds
2008-06-17 20:41 ` Linus Torvalds
2008-06-17 21:06 ` Linus Torvalds
2008-06-17 21:16 ` Andi Kleen
2008-06-17 21:24 ` Linus Torvalds
2008-06-17 21:30 ` Andi Kleen
2008-06-17 21:37 ` Linus Torvalds
2008-06-17 21:36 ` Al Viro
2008-06-17 21:42 ` Andi Kleen
2008-06-17 21:49 ` Linus Torvalds
2008-06-17 22:11 ` Al Viro
2008-06-17 22:21 ` Andi Kleen
2008-06-18 6:22 ` Nick Piggin
2008-06-17 21:20 ` Linus Torvalds
2008-06-18 2:27 ` Bron Gondwana
2008-06-18 3:14 ` Bron Gondwana
2008-06-18 4:03 ` Linus Torvalds
2008-06-18 5:11 ` Cyrus mmap vs lseek/write usage - (WAS: BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable)) Bron Gondwana
2008-06-18 16:22 ` Linus Torvalds
2008-06-18 23:45 ` Robert Mueller
2008-06-19 0:20 ` Linus Torvalds
2008-10-03 11:44 ` BUG: mmapfile/writev spurious zero bytes still in the wild Bron Gondwana
2008-10-03 13:07 ` Andrew Morton
2008-10-04 0:13 ` Bron Gondwana
2008-06-17 21:15 ` BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable) Andi Kleen
2008-06-17 20:58 ` Andi Kleen
2008-06-17 21:14 ` Linus Torvalds
2008-06-17 21:26 ` Andi Kleen [this message]
2008-06-17 21:31 ` Linus Torvalds
2008-06-17 21:34 ` Linus Torvalds
2008-06-17 21:34 ` Andi Kleen
2008-06-17 21:46 ` Linus Torvalds
2008-06-18 6:10 ` Nick Piggin
2008-06-18 2:21 ` Bron Gondwana
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48582C18.4090900@firstfloor.org \
--to=andi@firstfloor.org \
--cc=akpm@linux-foundation.org \
--cc=brong@fastmail.fm \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=npiggin@suse.de \
--cc=robm@fastmail.fm \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.