From: Mark Rutland <mark.rutland@arm.com>
To: Alexandre Ghiti <alex@ghiti.fr>
Cc: David Laight <David.Laight@aculab.com>,
Samuel Holland <samuel.holland@sifive.com>,
Alexandre Ghiti <alexghiti@rivosinc.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
Albert Ou <aou@eecs.berkeley.edu>,
Andrew Morton <akpm@linux-foundation.org>,
Charlie Jenkins <charlie@rivosinc.com>,
Guo Ren <guoren@kernel.org>, Jisheng Zhang <jszhang@kernel.org>,
Kemeng Shi <shikemeng@huaweicloud.com>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
"Mike Rapoport (IBM)" <rppt@kernel.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Xiao Wang <xiao.w.wang@intel.com>, Yangyu Chen <cyy@cyyself.name>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok()
Date: Mon, 25 Mar 2024 16:39:12 +0000 [thread overview]
Message-ID: <ZgGosOiW6mTeSnTL@FVFF77S0Q05N> (raw)
In-Reply-To: <d323eb10-c79b-49cb-94db-9b135e6fd280@ghiti.fr>
On Mon, Mar 25, 2024 at 08:30:37AM +0100, Alexandre Ghiti wrote:
> Hi David,
>
> On 24/03/2024 20:42, David Laight wrote:
> > ...
> > > The use of alternatives allows to return right away if the buffer is
> > > beyond the usable user address space, and it's not just "slightly
> > > faster" for some cases (a very large buffer with only a few bytes being
> > > beyond the limit or someone could fault-in all the user pages and fail
> > > very late...etc). access_ok() is here to guarantee that such situations
> > > don't happen, so actually it makes more sense to use an alternative to
> > > avoid that.
> > Is it really worth doing ANY optimisations for the -EFAULT path?
> > They really don't happen.
> >
> > The only fault path that matters is the one that has to page in
> > data from somewhere.
>
> Which is completely avoided with a strict definition of access_ok(). I see
> access_ok() as an already existing optimization of fault paths by avoiding
> them entirely when they are bound to happen.
I think the point that David is making is that address+size pairs that'd fail
access_ok() *should* be rare, and hence it's a better trade-off to occasionally
handle faults for those if it makes the common case of successful access_ok()
smaller or faster. For any well-behaved userspace applications, access_ok()
should practically never fail, since userspace should be passing good
address+size pairs as arguments to syscalls.
Using a compile-time constant TASK_SIZE_MAX allows the compiler to generate
much better code for access_ok(), and on arm64 we use a compile-time constant
even when our page table depth can change at runtime (and when native/compat
task sizes differ). The only abosolute boundary that needs to be maintained is
that access_ok() fails for kernel addresses.
Mark.
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-03-25 16:40 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 17:59 [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok() Samuel Holland
2024-03-18 20:50 ` Alexandre Ghiti
2024-03-18 21:29 ` Samuel Holland
2024-03-19 16:51 ` Alexandre Ghiti
2024-03-24 19:42 ` David Laight
2024-03-25 7:30 ` Alexandre Ghiti
2024-03-25 9:30 ` David Laight
2024-03-25 16:39 ` Mark Rutland [this message]
2024-03-25 18:02 ` Arnd Bergmann
2024-03-25 18:30 ` Mark Rutland
2024-03-25 19:20 ` Samuel Holland
2024-03-25 20:38 ` Arnd Bergmann
2024-03-26 10:19 ` David Laight
2024-03-26 14:49 ` Mark Rutland
2024-03-25 20:12 ` Alexandre Ghiti
2024-03-24 22:05 ` Arnd Bergmann
2024-03-25 7:25 ` Alexandre Ghiti
2024-03-25 11:15 ` Arnd Bergmann
2024-03-25 20:40 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZgGosOiW6mTeSnTL@FVFF77S0Q05N \
--to=mark.rutland@arm.com \
--cc=David.Laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=alexghiti@rivosinc.com \
--cc=aou@eecs.berkeley.edu \
--cc=charlie@rivosinc.com \
--cc=cyy@cyyself.name \
--cc=guoren@kernel.org \
--cc=jszhang@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=rppt@kernel.org \
--cc=samuel.holland@sifive.com \
--cc=shikemeng@huaweicloud.com \
--cc=willy@infradead.org \
--cc=xiao.w.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox