From: Al Viro <viro@ZenIV.linux.org.uk>
To: Rob Clark <robdclark@gmail.com>
Cc: Vaishali Thakkar <vaishali.thakkar@oracle.com>,
David Airlie <airlied@linux.ie>,
linux-arm-msm <linux-arm-msm@vger.kernel.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
freedreno@lists.freedesktop.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Julia Lawall <julia.lawall@lip6.fr>
Subject: Re: Use of copy_from_user in msm_gem_submit.c while holding a spin_lock
Date: Wed, 17 Aug 2016 20:15:34 +0100 [thread overview]
Message-ID: <20160817191534.GF2356@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CAF6AEGtLVW-_PMhpb5YQX_vXfn5t=jH7Fe7R+1DbMaoWt6Cc1A@mail.gmail.com>
On Wed, Aug 17, 2016 at 02:49:32PM -0400, Rob Clark wrote:
> I'm not saying that I shouldn't fix it (although not quite sure how
> yet.. taking/dropping the spinlock inside the loop is not a good
> option from a performance standpoint). What I am saying is that this
> is not something that can happen accidentally (as it could in the case
> of swap). But I agree that I should fix it somehow to avoid issues
> with an intentionally evil userspace.
I wouldn't count on that not happening by accident. With zero changes
in mesa itself - it can be as simple as change of allocator in the
bowels of libc or throwing libdmalloc into the link flags, etc. And most
of the time it would've worked just fine, but the same call in a situation
when most of the memory is occupied by dirty pagecache pages can end up
having to wait for writeback.
> If there is a copy_from_user() variant that will return an error
> instead of blocking, I think that is really what I want so I can
> implement a slow-path that drops the spin-lock temporarily.
*shrug*
pagefault_disable()/pagefault_enable() are there for purpose, so's
__copy_from_user_inatomic()... Just remember that __copy_from_user_inatomic()
does not check if the addresses are userland ones (i.e. the caller needs
to check access_ok() itself) and it is *NOT* guaranteed to zero what it
hadn't copied over. Currently it does zero tail on some, but not all
architectures; come next cycle it and it will not do that zeroing on any
of those.
next prev parent reply other threads:[~2016-08-17 19:17 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-17 11:40 Use of copy_from_user in msm_gem_submit.c while holding a spin_lock Vaishali Thakkar
2016-08-17 15:08 ` Rob Clark
2016-08-17 17:08 ` Al Viro
2016-08-17 18:49 ` Rob Clark
2016-08-17 18:58 ` Rob Clark
2016-08-17 19:15 ` Al Viro [this message]
2016-08-17 19:24 ` Rob Clark
2016-08-17 19:31 ` Al Viro
2016-08-18 8:31 ` Daniel Vetter
2016-08-17 21:29 ` Rob Clark
2016-08-18 8:36 ` Daniel Vetter
2016-08-18 10:55 ` Rob Clark
2016-08-18 13:08 ` Daniel Vetter
2016-08-18 13:14 ` Rob Clark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160817191534.GF2356@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=airlied@linux.ie \
--cc=dri-devel@lists.freedesktop.org \
--cc=freedreno@lists.freedesktop.org \
--cc=julia.lawall@lip6.fr \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robdclark@gmail.com \
--cc=vaishali.thakkar@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox