Re: [PATCH] /dev/mem: Bail out upon SIGKILL when reading memory.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
	syzbot <syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com>
Subject: Re: [PATCH] /dev/mem: Bail out upon SIGKILL when reading memory.
Date: Mon, 26 Aug 2019 13:19:44 +0200	[thread overview]
Message-ID: <20190826111944.GA39308@gmail.com> (raw)
In-Reply-To: <92919086-0a7e-520d-0465-b9e3051e965a@i-love.sakura.ne.jp>


* Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote:

> On 2019/08/26 1:54, Linus Torvalds wrote:
> > On Sat, Aug 24, 2019 at 10:50 PM Tetsuo Handa
> > <penguin-kernel@i-love.sakura.ne.jp> wrote:
> >>
> >> @@ -142,7 +144,7 @@ static ssize_t read_mem(struct file *file, char __user *buf,
> >>                 sz = size_inside_page(p, count);
> >>                 cond_resched();
> >>                 err = -EINTR;
> >> -               if (fatal_signal_pending(current))
> >> +               if (signal_pending(current))
> >>                         goto failed;
> >>
> >>                 err = -EPERM;
> > 
> > So from a "likelihood of breaking" standpoint, I'd really like to make
> > sure that the "signal_pending()" checks come at the *end* of the loop.
> > 
> > That way, if somebody is doing a 4-byte read from MMIO, he'll never see -EINTR.
> > 
> > I'm specifically thinking of tools like user-space 'lspci' etc, which
> > I wouldn't be surprised could happen.
> > 
> > Also, just in case things break, I do agree with Ingo that this should
> > be split up into several patches.
> 
> Thinking from how read_mem() returns error code instead of returning bytes
> already processed, any sane users will not try to read so much memory (like 2GB).
> If userspace programs want to read so much memory, there must have been attempts
> to improve performance. I guess that userspace program somehow knows which region
> to read and tries to read only meaningful pages (which would not become hundreds MB).
> Thus, I don't think we want to make /dev/{mem,kmem} intrruptible. Just making killable
> in case insane userspace program (like fuzzer) tried to read/write so much memory
> will be sufficient...

Basically making IO primitives interruptible is the norm and it's a 
quality of implementation issue: it's only a historic accident that 
/dev/mem read()s aren't.

So let's try and make it interruptible as the #3 patch I sent did - of 
course if anything breaks we'll have to undo it. But if we can get away 
with then by all means let's do so - even shorter reads can generate 
nasty long processing latencies.

Ok?

Thanks,

     Ingo

next prev parent reply	other threads:[~2019-08-26 11:19 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-20 22:06 [PATCH] /dev/mem: Bail out upon SIGKILL when reading memory Tetsuo Handa
2019-08-20 22:24 ` Greg Kroah-Hartman
2019-08-21  0:07   ` Tetsuo Handa
2019-08-22  9:59   ` Tetsuo Handa
2019-08-22 13:35     ` Greg Kroah-Hartman
2019-08-22 14:00       ` Tetsuo Handa
2019-08-22 16:42         ` Greg Kroah-Hartman
2019-08-22 17:11           ` Dmitry Vyukov
2019-08-22 21:17             ` Tetsuo Handa
2019-08-22 23:59               ` Dmitry Vyukov
2019-08-23  8:17                 ` Tetsuo Handa
2019-08-23 16:47                   ` Dmitry Vyukov
2019-10-08  9:57                   ` Kernel config for fuzz testing Tetsuo Handa
2019-08-22 21:29 ` [PATCH] /dev/mem: Bail out upon SIGKILL when reading memory Linus Torvalds
2019-08-22 22:08 ` Linus Torvalds
2019-08-23  9:16   ` Ingo Molnar
2019-08-23 16:39     ` Linus Torvalds
2019-08-24 16:14       ` Ingo Molnar
2019-08-24 17:40         ` Linus Torvalds
2019-08-24 20:22           ` Ingo Molnar
2019-08-24 20:56             ` Linus Torvalds
2019-08-30  9:56               ` David Laight
2019-08-25  5:49             ` Tetsuo Handa
2019-08-25  9:59               ` Ingo Molnar
2019-08-25 10:35                 ` Tetsuo Handa
2019-08-25 10:48                   ` Ingo Molnar
2019-08-25 16:54               ` Linus Torvalds
2019-08-26 10:40                 ` Tetsuo Handa
2019-08-26 11:19                   ` Ingo Molnar [this message]
2019-08-26 15:02                     ` Rewriting read_kmem()/write_kmem() ? Tetsuo Handa
2019-08-23 11:46   ` [PATCH] /dev/mem: Bail out upon SIGKILL when reading memory Tetsuo Handa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190826111944.GA39308@gmail.com \
    --to=mingo@kernel.org \
    --cc=arnd@arndb.de \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox