From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from aserp2130.oracle.com ([141.146.126.79]:33714 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932544AbeBVNgs (ORCPT ); Thu, 22 Feb 2018 08:36:48 -0500 Date: Thu, 22 Feb 2018 08:36:05 -0500 From: Sowmini Varadhan To: Willem de Bruijn Cc: Network Development , David Miller , rds-devel@oss.oracle.com, Santosh Shilimkar Subject: Re: [PATCH net-next] RDS: deliver zerocopy completion notification with data as an optimization Message-ID: <20180222133605.GA32463@oracle.com> References: <1519244381-138747-1-git-send-email-sowmini.varadhan@oracle.com> <20180221221428.GG15244@oracle.com> <20180221230355.GH15244@oracle.com> <20180222002646.GI15244@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: On (02/21/18 19:39), Willem de Bruijn wrote: > >> By the way, the put_cmsg is unconditional even if the caller did > >> not supply msg_control. So it is basically no longer safe to ever > >> call read, recv or recvfrom on a socket if zerocopy notifications > >> are outstanding. > > > > Wait, I thought put_cmsg already checks for these things. > > It does, and sets MSG_CTRUNC to signal that it was unable to > write all control data. But by then the notifications have already > been dequeued. Putting hyperbole about "no longer safe to ever call read etc" aside, put_cmsg can also return EFAULT if uspace provides a bogus cmsghdr, (i.e., copy_to_user fails). So the only thing you can do to really protect against every possible thing is to requeue the notification if put_cmsg fails.