Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2226664ybz; Thu, 30 Apr 2020 13:11:05 -0700 (PDT) X-Google-Smtp-Source: APiQypKbLNltgjz2/jUpntCK7Z+DrfDLaa+gQwFniFHAvI/Cz/+9LLo8iXuGThdn69Cj7c+B4t+T X-Received: by 2002:a17:906:2351:: with SMTP id m17mr131582eja.179.1588277464949; Thu, 30 Apr 2020 13:11:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588277464; cv=none; d=google.com; s=arc-20160816; b=woeTVDKDpmzNqPUihVefER9Qe1+xOQZ/7TiBWlm3N9FtvlMRUSdQ4hX8DlDCxAHTf1 Frl9pjDqx0XoCZhR4EJhp+voH+77XPLeA+O02HL1BwJyhFK5pUOHjfP8fUhz/exyd5vL anb1SKdoB3K+bvKb7eP/KVFW682xNIrV+6hirLaMbnMPYgeEfKurXasZVZ+usKkEoLXO EvCGx5DF4HjnjUVQuklb934VN8Oq8M5b2Fcs/+kuux/tq/0xYW1AdjpcLK6q75i3hv7a gLvspnyg9KLpE1+9NaaDrZfCWSt6/K/8/UTQeRZHdSgR5BKYWnvHLzQ6+Z7HDNcVyJAH N8rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id :date:subject:mime-version:from:content-transfer-encoding :dkim-signature; bh=p3wUvEbSn9f+WPyEEsvBQpBZL7x1SSk0c7XRYZKC7go=; b=sUbCkMdyqWM7JSONfurQJjm/5RFwI4z/6fecDK5x//8AIhWhM7twbVZvyVoENVuVwS S7Gwjp9T8YuzGfEFqf1E1/pZR0PYMS3ZYrh2hVCjWQMJ2xEzWyqEgOnhBBWRQHX7dH3X 5hA8BIBVwKZAP5aKhEGP9RMTBeqEfmp0YT4Pg03jIaMlETx+yZC7YStOdB95YI71Mst/ j6O6bM2Up4GNoNaBhVaw3KF++nguIVeUKueAzBmF3glxEd2nrYa/8AIDdOAklcK/cpvR 4fkUhUfoL0oJPOyO9iHzDIQ4T/6MS5XwmqGe04diejqdVDklH74gF5ZZ2Ziv6p2GFzRk ebdA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=vLKm85Xe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o32si388059edb.380.2020.04.30.13.10.41; Thu, 30 Apr 2020 13:11:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=vLKm85Xe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726783AbgD3UHP (ORCPT + 99 others); Thu, 30 Apr 2020 16:07:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57752 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726660AbgD3UHO (ORCPT ); Thu, 30 Apr 2020 16:07:14 -0400 Received: from mail-pl1-x641.google.com (mail-pl1-x641.google.com [IPv6:2607:f8b0:4864:20::641]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AF79C035494 for ; Thu, 30 Apr 2020 13:07:13 -0700 (PDT) Received: by mail-pl1-x641.google.com with SMTP id f15so2719210plr.3 for ; Thu, 30 Apr 2020 13:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=p3wUvEbSn9f+WPyEEsvBQpBZL7x1SSk0c7XRYZKC7go=; b=vLKm85XeGVLBINOi+MNK7f63J8VzDtOC7kEqYCvUpC4YvbvTEJAYkMiBSGQX6J70Ha maCBbN6Occzx6JzwsTyizH4bV5bF82J1N3xXZLGRQ6aVP1XmfstafoB5WPCGqRGsQwEK fvEkC4NCRYQ5xnMtYPB0OAq8dlOZa9n33vdEJ0pRlrc7xXYyA+cVJn2gpcBJJoPdOSQ9 DH0j5fkW9bao+gLWoFUenYN07TOxS19vea2YvvDccg5FxBmAxAbHWtKy+i35RAaIsqGc YYpb6EHY6WGpF1QO657rmcKInIALsnUwu7XXWfMHA4jWEOxpOTV9p4srfx3ugdTOALk1 Bn3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=p3wUvEbSn9f+WPyEEsvBQpBZL7x1SSk0c7XRYZKC7go=; b=Ypfa2XLv+8tfgpdvGyVumhBMfzh68ivHanlFrzUqA+atmNX91HeXbqz5/t/JNSknT/ wIM4p7WziEoy7/JdFrUKHONhnBwnH4y1NHHc/t0+f3mFK1dN+No0TMsNd5PhpfZfCzNP FKwT3ZQCAeTfaS/zwhIblys8AUy5DyTKlMKwctORztCl8EurZVODDZ0SEOP450s57HPb qA4bl5NdpDHdmyBnAa9rNqdPYBSgKRZXknIWG+apDsGSI6edlw16Yo9feRI96TQW3CeB w5xyZREo9ZI6PUiu29nw/pUjg7x+xtxatrgpVfu+FgzVMXwBPYKeLoK7KsyTAJQ9pTyR 7m2Q== X-Gm-Message-State: AGi0PuZQh4EzX7zRRNzcsoSIXJHVx5SIFfMnNQlBaGGyWqB7WoBBzmog E53RrTQ0MuuO53AbsV5KJDbYnQ== X-Received: by 2002:a17:90a:1b26:: with SMTP id q35mr571681pjq.149.1588277232615; Thu, 30 Apr 2020 13:07:12 -0700 (PDT) Received: from ?IPv6:2601:646:c200:1ef2:fd86:293b:2791:eb06? ([2601:646:c200:1ef2:fd86:293b:2791:eb06]) by smtp.gmail.com with ESMTPSA id d203sm523177pfd.79.2020.04.30.13.07.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 30 Apr 2020 13:07:11 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v2 0/2] Replace and improve "mcsafe" with copy_safe() Date: Thu, 30 Apr 2020 13:07:09 -0700 Message-Id: <4819995F-4EAE-46EE-8311-9CF65CB8D08A@amacapital.net> References: Cc: "Luck, Tony" , Andy Lutomirski , Linus Torvalds , Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Borislav Petkov , stable , the arch/x86 maintainers , "H. Peter Anvin" , Paul Mackerras , Benjamin Herrenschmidt , Erwin Tsaur , Michael Ellerman , Arnaldo Carvalho de Melo , linux-nvdimm , Linux Kernel Mailing List In-Reply-To: To: Dan Williams X-Mailer: iPhone Mail (17E262) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Apr 30, 2020, at 12:51 PM, Dan Williams wrot= e: >=20 > =EF=BB=BFOn Thu, Apr 30, 2020 at 12:23 PM Luck, Tony = wrote: >>=20 >>> On Thu, Apr 30, 2020 at 11:42:20AM -0700, Andy Lutomirski wrote: >>> I suppose there could be a consistent naming like this: >>>=20 >>> copy_from_user() >>> copy_to_user() >>>=20 >>> copy_from_unchecked_kernel_address() [what probe_kernel_read() is] >>> copy_to_unchecked_kernel_address() [what probe_kernel_write() is] >>>=20 >>> copy_from_fallible() [from a kernel address that can fail to a kernel >>> address that can't fail] >>> copy_to_fallible() [the opposite, but hopefully identical to memcpy() on= x86] >>>=20 >>> copy_from_fallible_to_user() >>> copy_from_user_to_fallible() >>>=20 >>> These names are fairly verbose and could probably be improved. >>=20 >> How about >>=20 >> try_copy_catch(void *dst, void *src, size_t count, int *fault) >>=20 >> returns number of bytes not-copied (like copy_to_user etc). >>=20 >> if return is not zero, "fault" tells you what type of fault >> cause the early stop (#PF, #MC). >=20 > I do like try_copy_catch() for the case when neither of the buffers > are __user (like in the pmem driver) and _copy_to_iter_fallible() > (plus all the helpers it implies) for the other cases. >=20 > copy_to_user_fallible > copy_fallible_to_page > copy_pipe_to_iter_fallible >=20 > ...because the mmu-fault handling is an aspect of "_user" and fallible > implies other source fault reasons. It does leave a gap if an > architecture has a concept of a fallible write, but that seems like > something that will be handled asynchronously and not subject to this > interface. I=E2=80=99m suspicious that, as a practical matter, x86 does have a fallible= write. In particular, if a page fails and the memory failure code is notifi= ed, the page will be unmapped. At that point, an attempt to write to the fai= led fallible page will get #PF, and code that writes to it needs to be prepa= red to handle #PF. Perhaps copy_to_fallible(), etc can still return void, b= ut I=E2=80=99m unconvinced the implementation can be the same as memcpy.=