From: David Laight <David.Laight@ACULAB.COM>
To: 'Alexandre Ghiti' <alex@ghiti.fr>,
Samuel Holland <samuel.holland@sifive.com>,
Alexandre Ghiti <alexghiti@rivosinc.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
Albert Ou <aou@eecs.berkeley.edu>,
"Andrew Morton" <akpm@linux-foundation.org>,
Charlie Jenkins <charlie@rivosinc.com>,
Guo Ren <guoren@kernel.org>, Jisheng Zhang <jszhang@kernel.org>,
Kemeng Shi <shikemeng@huaweicloud.com>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
"Mike Rapoport (IBM)" <rppt@kernel.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Xiao Wang <xiao.w.wang@intel.com>, Yangyu Chen <cyy@cyyself.name>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok()
Date: Mon, 25 Mar 2024 09:30:23 +0000 [thread overview]
Message-ID: <5c027cbf6b8741e4a8147963b07a8ac4@AcuMS.aculab.com> (raw)
In-Reply-To: <d323eb10-c79b-49cb-94db-9b135e6fd280@ghiti.fr>
From: Alexandre Ghiti
> Sent: 25 March 2024 07:31
>
> Hi David,
>
> On 24/03/2024 20:42, David Laight wrote:
> > ...
> >> The use of alternatives allows to return right away if the buffer is
> >> beyond the usable user address space, and it's not just "slightly
> >> faster" for some cases (a very large buffer with only a few bytes being
> >> beyond the limit or someone could fault-in all the user pages and fail
> >> very late...etc). access_ok() is here to guarantee that such situations
> >> don't happen, so actually it makes more sense to use an alternative to
> >> avoid that.
> >
> > Is it really worth doing ANY optimisations for the -EFAULT path?
> > They really don't happen.
> >
> > The only fault path that matters is the one that has to page in
> > data from somewhere.
>
>
> Which is completely avoided with a strict definition of access_ok(). I
> see access_ok() as an already existing optimization of fault paths by
> avoiding them entirely when they are bound to happen.
No, access_ok() exists because accesses to kernel addresses don't fault.
Possibly in linux 0.01 it tried to ensure that the access was valid
(by checking the process's page tables (etc) but that that hasn't been
true for a long time.
You don't want to add a single instruction (never mind a conditional)
to access_ok() to avoid a page fault on an address that will fault.
Basically real programs don't pass bad addresses into the kernel
or access them in userspace. EFAULT and SIGSEGV are pretty fatal.
(Nothing call sbrk() from its SIGSEGV handler any more!)
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-03-25 9:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 17:59 [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok() Samuel Holland
2024-03-18 20:50 ` Alexandre Ghiti
2024-03-18 21:29 ` Samuel Holland
2024-03-19 16:51 ` Alexandre Ghiti
2024-03-24 19:42 ` David Laight
2024-03-25 7:30 ` Alexandre Ghiti
2024-03-25 9:30 ` David Laight [this message]
2024-03-25 16:39 ` Mark Rutland
2024-03-25 18:02 ` Arnd Bergmann
2024-03-25 18:30 ` Mark Rutland
2024-03-25 19:20 ` Samuel Holland
2024-03-25 20:38 ` Arnd Bergmann
2024-03-26 10:19 ` David Laight
2024-03-26 14:49 ` Mark Rutland
2024-03-25 20:12 ` Alexandre Ghiti
2024-03-24 22:05 ` Arnd Bergmann
2024-03-25 7:25 ` Alexandre Ghiti
2024-03-25 11:15 ` Arnd Bergmann
2024-03-25 20:40 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5c027cbf6b8741e4a8147963b07a8ac4@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=alexghiti@rivosinc.com \
--cc=aou@eecs.berkeley.edu \
--cc=charlie@rivosinc.com \
--cc=cyy@cyyself.name \
--cc=guoren@kernel.org \
--cc=jszhang@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=rppt@kernel.org \
--cc=samuel.holland@sifive.com \
--cc=shikemeng@huaweicloud.com \
--cc=willy@infradead.org \
--cc=xiao.w.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox