Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2440782ybv; Fri, 21 Feb 2020 15:59:02 -0800 (PST) X-Google-Smtp-Source: APXvYqyX0F5TCos27kSGNSekLxF+PsQ792rdO1j4IYvKS2z7U/jvcwr6nTtl5987z7CE/Eaf0upj X-Received: by 2002:a05:6808:3ae:: with SMTP id n14mr4259770oie.63.1582329542305; Fri, 21 Feb 2020 15:59:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582329542; cv=none; d=google.com; s=arc-20160816; b=d/WtG1cLBkkQ76d7wyak8jCg5SfKVwKyKTWYc6RN3wNmNcRiTWdlyqWOsCxZ5BHOa+ 1SR1GBSf6yoYSzRXvKgIz7GoN8+Ff6YzZsjXvZFzANXyK04qH23F0U7IMyjuqdisJL9W dQ1WEmyn9WHhScw1U6gmpfQdodOUFToeNnWNQeezTyfpG01+SXdL67LZtCrihvyCzRkL pCbx4yX80wMWsdpsAacGLX33OEcODpBqs/SihmYY8g+mcP7joaa7xYh/GvMX4U9U+EdL p5lKweLuBbyN1rmfBZOm9D8vrcfdbpUZTzTQ+3UKFJpaaikt12gWktEKJZ25kcTLg2JT 59cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=qiG7pot6Y3vUQfXaE6EUO4Bu3OsHuA7R3tN5RSakjwg=; b=Knkxs2cqQJG/Y1PwTJrqhzmtRpMOg1h4GaD74Sd1BXrxQ4PUv915fai56MHuXFcaJy 02QxR0SdNivSY0ZIMNOd4Z0ZEt+hLej4ta93eeJ4h0dmUmgCUv54eidL2oP9R5rcJNi1 GEcaTn/D156FEVx4lCzlvcDVWij2+avBgvLSvlMDIKFHebKo40Y8Df1DnAFu9DewtWqM ji1G09rXeS3FXNOCjXd0x+U3P9m+yxxMFUMgz7ZqIAzAm4hTuzNWNKkv5HHhM2Ef8qYh GdE4shIlVKStK315wQxfiu7iSaVG8Xjo297L2CT4mf3AEFM8TqFIw9xfYcInSuNSCNiv X5Hg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=QO4Pn5ap; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u13si2297109otg.56.2020.02.21.15.58.50; Fri, 21 Feb 2020 15:59:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=QO4Pn5ap; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729789AbgBUX5m (ORCPT + 99 others); Fri, 21 Feb 2020 18:57:42 -0500 Received: from mail-lj1-f195.google.com ([209.85.208.195]:39337 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726802AbgBUX5m (ORCPT ); Fri, 21 Feb 2020 18:57:42 -0500 Received: by mail-lj1-f195.google.com with SMTP id o15so3984954ljg.6 for ; Fri, 21 Feb 2020 15:57:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qiG7pot6Y3vUQfXaE6EUO4Bu3OsHuA7R3tN5RSakjwg=; b=QO4Pn5apGPQaqsXMunZJXeak/y7+lxUjlyZKKwvgp/5FkLGq2dunBWlfMqDp6DR1Qo CNKPXP6AerT4mmZgD3dH3/tgPmvt/KInFN3PbivTiTmLnn4WgEw+3dGIcgQ6DLX5PnVo Ig3fufIr+k8nUB688CUzfLf2gICEFtcJVHakY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qiG7pot6Y3vUQfXaE6EUO4Bu3OsHuA7R3tN5RSakjwg=; b=ftYToW1sVFUK6UQ81hYmSGAs9JO+j/BogvNL0prwyiYgNUGOTmrbM1Eyld7N6vhF5G oTezibx8zh0e395EpzpFtbKNbpv2MXZqap/CJBUA+48Le2G9pqkSCCKX3dOCv7VniOXh rB7VmmMYlqVtQCuzLW4Gp+G79ji5jRtMsFIEk7tRjwwAr6HEMW6BpLqA6/U/keCLhd7h Ci8xleNr2MXdsZfrFL5WyB5pN9ABarZZzTycgGlQgy1AKZQR4ToRF1DtCHJY29Rhug5b JOj8S5F+N4vQYSB0pzlpbIHCtt45cSSiMd2cWmqYUdpE00zs1hKKFq+FV09DOzIpgc0H u3Cg== X-Gm-Message-State: APjAAAUmlss+w1ndoKyRb/sRp6E+aOpybkrJuVqoMpo4ycnQCCV0C2kA XmfdA+5KcS5qrkxOicWOV5p/N/B0VZ8= X-Received: by 2002:a2e:8e84:: with SMTP id z4mr22526088ljk.207.1582329458605; Fri, 21 Feb 2020 15:57:38 -0800 (PST) Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com. [209.85.208.175]) by smtp.gmail.com with ESMTPSA id n13sm2423210lji.91.2020.02.21.15.57.37 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 21 Feb 2020 15:57:37 -0800 (PST) Received: by mail-lj1-f175.google.com with SMTP id x14so3935850ljd.13 for ; Fri, 21 Feb 2020 15:57:37 -0800 (PST) X-Received: by 2002:a2e:9d92:: with SMTP id c18mr2760083ljj.265.1582329456973; Fri, 21 Feb 2020 15:57:36 -0800 (PST) MIME-Version: 1.0 References: <6A09F721-0AD9-4B86-AB3E-563A1CF5ABDE@amacapital.net> <202002211506.2151CA26@keescook> In-Reply-To: <202002211506.2151CA26@keescook> From: Linus Torvalds Date: Fri, 21 Feb 2020 15:57:21 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] mm/tlb: Fix use_mm() vs TLB invalidate To: Kees Cook Cc: Andy Lutomirski , Peter Zijlstra , Andrew Morton , Linux Kernel Mailing List , Jens Axboe , Jann Horn , Will Deacon Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 21, 2020 at 3:10 PM Kees Cook wrote: > > Why not just fail after the WARN -- I wrote the patch for the (very few) > callers to handle the errors, clean up, and carry on. Can it actually fail? Or is this all just "let's add new error conditions that make the code harder to read because they make no actual sense"? It's not clear that it's worth handling "cannot happen" situations. It might be worth warning about them (that's questionable too, but at least there's an argument that you "verify that it can't happen"). But having the error condition of a "cannot happen" situation then percolate down and make other code more complex seems to be only a downside. It's not even security or "avoid data corruption" at that point. At the point where you start adding more complexity for things that aren't supposed to be possible in the first place, you're only going to cause bugs. Maybe not immediately. But "illegible code" ends up being "buggy code" a decade later. Linus