From: Andi Kleen <andi@firstfloor.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Bron Gondwana <brong@fastmail.fm>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Nick Piggin <npiggin@suse.de>,
Andrew Morton <akpm@linux-foundation.org>,
Rob Mueller <robm@fastmail.fm>, Ingo Molnar <mingo@elte.hu>
Subject: Re: BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable)
Date: Tue, 17 Jun 2008 23:26:48 +0200 [thread overview]
Message-ID: <48582C18.4090900@firstfloor.org> (raw)
In-Reply-To: <alpine.LFD.1.10.0806171412470.2907@woody.linux-foundation.org>
Linus Torvalds wrote:
>
> On Tue, 17 Jun 2008, Andi Kleen wrote:
>> The x86-64 copy_*_user functions were always designed to return errors
>> both ways (as in both for load and for store).
>
> That's not the problem, Andi.
>
> The problem is that it returns THE WRONG VALUE!
>
> If the fault happened on the second load,
Loads are not supposed to fault in copy_to_user(). Only stores are.
The way it works is that it assumes that either loads fault (when used
as copy_from_user) or stores (copy_to_user), but never both.
> but the first load was never
> actually paired up with a store (because of unrolling the loop), then YOU
> MUST NOT CLAIM THAT YOU DID A 8-BYTE COPY! Because you have copied exactly
> _zero_ bytes, even though you _loaded_ 8 bytes successfully!
>
> See?
>
> Claiming that you copied 8 bytes when you didn't do anything at all is
> WRONG. It's so incredibly wrong that it is scary.
If your patch fixes something then the main wrong thing is the caller
who passes a faulting source address.
And again it always breaks the other case.
-Andi
next prev parent reply other threads:[~2008-06-17 21:27 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-17 6:00 BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable) Bron Gondwana
2008-06-17 6:02 ` Bron Gondwana
2008-06-17 17:08 ` Linus Torvalds
2008-06-17 17:45 ` Linus Torvalds
2008-06-17 20:16 ` Linus Torvalds
2008-06-17 20:41 ` Linus Torvalds
2008-06-17 21:06 ` Linus Torvalds
2008-06-17 21:16 ` Andi Kleen
2008-06-17 21:24 ` Linus Torvalds
2008-06-17 21:30 ` Andi Kleen
2008-06-17 21:37 ` Linus Torvalds
2008-06-17 21:36 ` Al Viro
2008-06-17 21:42 ` Andi Kleen
2008-06-17 21:49 ` Linus Torvalds
2008-06-17 22:11 ` Al Viro
2008-06-17 22:21 ` Andi Kleen
2008-06-18 6:22 ` Nick Piggin
2008-06-17 21:20 ` Linus Torvalds
2008-06-18 2:27 ` Bron Gondwana
2008-06-18 3:14 ` Bron Gondwana
2008-06-18 4:03 ` Linus Torvalds
2008-06-18 5:11 ` Cyrus mmap vs lseek/write usage - (WAS: BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable)) Bron Gondwana
2008-06-18 16:22 ` Linus Torvalds
2008-06-18 23:45 ` Robert Mueller
2008-06-19 0:20 ` Linus Torvalds
2008-10-03 11:44 ` BUG: mmapfile/writev spurious zero bytes still in the wild Bron Gondwana
2008-10-03 13:07 ` Andrew Morton
2008-10-04 0:13 ` Bron Gondwana
2008-06-17 21:15 ` BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable) Andi Kleen
2008-06-17 20:58 ` Andi Kleen
2008-06-17 21:14 ` Linus Torvalds
2008-06-17 21:26 ` Andi Kleen [this message]
2008-06-17 21:31 ` Linus Torvalds
2008-06-17 21:34 ` Linus Torvalds
2008-06-17 21:34 ` Andi Kleen
2008-06-17 21:46 ` Linus Torvalds
2008-06-18 6:10 ` Nick Piggin
2008-06-18 2:21 ` Bron Gondwana
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48582C18.4090900@firstfloor.org \
--to=andi@firstfloor.org \
--cc=akpm@linux-foundation.org \
--cc=brong@fastmail.fm \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=npiggin@suse.de \
--cc=robm@fastmail.fm \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox