Received: by 10.213.65.68 with SMTP id h4csp1997659imn; Thu, 5 Apr 2018 07:20:36 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+XaAOsXjrBgp0SrYtQ98EFlGir8GsF2CB3BpWzjIfd2gjdCMXgUR4PQNN3F3pK3p19EeP+ X-Received: by 10.101.100.4 with SMTP id a4mr9405754pgv.316.1522938036062; Thu, 05 Apr 2018 07:20:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522938036; cv=none; d=google.com; s=arc-20160816; b=fNdFIJTbHo8VuKzFjgcVvCGuHSrTsGuJuJWw+X8KMUIah+4sIP/BEHo5oZfArGsYqi DhRmlCsoHcxBArNn/fH7XgHruaim8psaIsRNZAXXaOvHJBkzkv0PG8zEh9jpJUW3LpXW XrR54GtJZEx5swqubuUgfFLYqSBImAa/fi6FHLRgOiZDTQItqA0rL07nqlzYLEn3oe4Z YdO1+dk/ix09+/sKXoPAFBrOnYaii66QqN0qlB2kULb3zkuRSr6fx7sLxDMstNOtjVxP Tc3VxjJpWSctAEjPQfgZ0Ik0D9xWppquLqJwQFiaEszIjv4EP6PkMHZL1WRJEQ73YN6F KiEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=KPmRhbcQ6pV1H578/CnSZ+xP8dNzWmyNW14B5AZXg5c=; b=AOyMaXLJ6LXpDBdoWjybse+Mh8afFi58DvHeNaPvWK+oU1HiRG/1P0Scqhqg50Bq0K G1V3qEz5pw0hQlFHJfAxueL6Kgln2uSF/7T2IE/ZCrWjdptZ7zRICofKd8Ny6pb03Qh/ z2zvSgWz50o4nShThQv93VNhyUXzFLB11Ta8ztbDH0+rDDx2svSTHVL9Ta+0+0haDdh6 /kLCj3PqtJMuM5FlguOGM/5USWOXNCyKtIheCejWESesC4mHBIwz1w/HrjotWGInuLFC pKA8mqmRBUSfeZJBWcZU4RHq58+Vs39wA9/bLaNxAWz8TPb707HD9g56hOwKveq2YIgD DD/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k63si5674625pgc.577.2018.04.05.07.20.21; Thu, 05 Apr 2018 07:20:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751363AbeDEORf (ORCPT + 99 others); Thu, 5 Apr 2018 10:17:35 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60622 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751165AbeDEORd (ORCPT ); Thu, 5 Apr 2018 10:17:33 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C1FAC402277B; Thu, 5 Apr 2018 14:17:32 +0000 (UTC) Received: from redhat.com (ovpn-122-62.rdu2.redhat.com [10.10.122.62]) by smtp.corp.redhat.com (Postfix) with SMTP id EC532AB3F5; Thu, 5 Apr 2018 14:17:30 +0000 (UTC) Date: Thu, 5 Apr 2018 17:17:30 +0300 From: "Michael S. Tsirkin" To: Linus Torvalds Cc: Linux Kernel Mailing List , stable , syzbot+6304bf97ef436580fede@syzkaller.appspotmail.com, linux-mm , "Kirill A. Shutemov" , Andrew Morton , Huang Ying , Jonathan Corbet , Peter Zijlstra , Thomas Gleixner , Thorsten Leemhuis Subject: Re: [PATCH] gup: return -EFAULT on access_ok failure Message-ID: <20180405171009-mutt-send-email-mst@kernel.org> References: <1522431382-4232-1-git-send-email-mst@redhat.com> <20180405045231-mutt-send-email-mst@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Thu, 05 Apr 2018 14:17:32 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Thu, 05 Apr 2018 14:17:32 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'mst@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 04, 2018 at 07:40:36PM -0700, Linus Torvalds wrote: > On Wed, Apr 4, 2018 at 6:53 PM, Michael S. Tsirkin wrote: > > > > Any feedback on this? As this fixes a bug in vhost, I'll merge > > through the vhost tree unless someone objects. > > NAK. > > __get_user_pages_fast() returns the number of pages it gets. > > It has never returned an error code, and all the other versions of it > (architecture-specific) don't either. Thanks Linus. I can change the docs and all the callers. I wonder however whether all the following should be changed then: static long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, ... if (!vma || check_vma_flags(vma, gup_flags)) return i ? : -EFAULT; is this a bug in __get_user_pages? Another example: ret = get_gate_page(mm, start & PAGE_MASK, gup_flags, &vma, pages ? &pages[i] : NULL); if (ret) return i ? : ret; and ret is -EFAULT on error. Another example: switch (ret) { case 0: goto retry; case -EFAULT: case -ENOMEM: case -EHWPOISON: return i ? i : ret; case -EBUSY: return i; case -ENOENT: goto next_page; } it looks like this will return -EFAULT/-ENOMEM/-EHWPOISON if i is 0. > If you ask for one page, and get zero pages, then that's an -EFAULT. > Note that that's an EFAULT regardless of whether that zero page > happened due to kernel addresses or just lack of mapping in user > space. > > The documentation is simply wrong if it says anything else. Fix the > docs, and fix the users. > > The correct use has always been to check the number of pages returned. > > Just looking around, returning an error number looks like it could > seriously confuse some things. > > You have things like the kvm code that > does the *right* thing: > > unsigned long ... npinned ... > > npinned = get_user_pages_fast(uaddr, npages, write ? > FOLL_WRITE : 0, pages); > if (npinned != npages) { > ... > > err: > if (npinned > 0) > release_pages(pages, npinned); > > and the above code clearly depends on the actual behavior, not on the > documentation. This seems to work fine with my patch since it only changes the case where npinned == 0. > Any changes in this area would need some *extreme* care, exactly > because of code like the above that clearly depends on the existing > semantics. > > In fact, the documentation really seems to be just buggy. The actual > get_user_pages() function itself is expressly being careful *not* to > return an error code, it even has a comment to the effect ("Have to be > a bit careful with return values"). > > So the "If no pages were pinned, returns -errno" comment is just bogus. > > Linus I'd like to change the doc then, but it seems that I'll have to change the implementation in that case too. -- MST