Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2287369pxk; Sat, 19 Sep 2020 21:15:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyBu6/fOjB0BRWplnkxebKfPK0XpmQFXOP+oW+/+/lCPiol72KwYaFlb5OsHCPceLOk1JmQ X-Received: by 2002:a05:6402:b64:: with SMTP id cb4mr46274998edb.25.1600575350537; Sat, 19 Sep 2020 21:15:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600575350; cv=none; d=google.com; s=arc-20160816; b=UaKqNrcphfM5E8nCkglSXNkdvbfpwg39jb+xoY8Z9CXmbwX+Lxpfpj8u1LDK5DeXXk tIaXULKDRtXLkc9dadZ/kWZU1lVtX47IKOQ4XWDaGu13Lo/ltRvpr8R4ujvka9eULiRl 0tB7OxFyMaFnOYjqPAuBCvYkndCHiQozf6doExHCNP3fWYuYUpblQwOq+HX6ZkYxjjUI FuwFEgF4XJxTOo2jQZQS1pu+W232SxfhS11oMkyuIYiWkyzzEVKiZxxzzyQxx2+g6zs7 QQa16i4UxHv9fSqM3hzCTyqDyAw/hQqz17ouUAf+DSuTqaq7M4mIm/Bp0lMnjm/dOzxb 5XGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:dkim-signature:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=m33F43k6ThFH0WLhvBUSNEz46bGRVYGvkyLd8PV6uC4=; b=d7+FPVVuDwiTApj/8rf2LBtXwV1+L3jDvty3yCDWbfh+8o3FugC6AHidXTvdGo3f1z S0oz3qCBawLAgp+CMf3PrmUuB1wpwiGUQBv1hz25PvrXdg8wqtz7CKh/dJOr6cY42j8n bKPL9Sdlirbi/AjJ9hylDHafhPVA10Mzmrh9bOuaqzkUtdbk8dSApVh39dPa7OXabX0W 197vhVxcWqRiVclijLrMeq2iMfGEr74VnVvNKkuTMBVxsHkBu6LJHRkZ4yjm9K0EJ6nN 0+nn4HlVGBy3G0PgY7V+50KwmmobzQTLCColxqDL9p8MtRlzEHdxcxTVgnBDZGH2TnzO nNag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nvidia.com header.s=n1 header.b=aQMDyhhB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mb18si6533613ejb.680.2020.09.19.21.15.27; Sat, 19 Sep 2020 21:15:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@nvidia.com header.s=n1 header.b=aQMDyhhB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726882AbgITENU (ORCPT + 99 others); Sun, 20 Sep 2020 00:13:20 -0400 Received: from hqnvemgate25.nvidia.com ([216.228.121.64]:16325 "EHLO hqnvemgate25.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726760AbgITENU (ORCPT ); Sun, 20 Sep 2020 00:13:20 -0400 Received: from hqmail.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate25.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Sat, 19 Sep 2020 21:12:35 -0700 Received: from [10.2.52.182] (172.20.13.39) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 20 Sep 2020 04:13:18 +0000 Subject: Re: [PATCH] mm/gup: protect unpin_user_pages() against npages==-ERRNO To: Souptick Joarder , Dan Carpenter CC: Andrew Morton , , , Ira Weiny , , , , Matthew Wilcox References: <20200916100232.GF18329@kadam> <20200917065706.409079-1-jhubbard@nvidia.com> <20200917074054.GO18329@kadam> From: John Hubbard Message-ID: <7812dfc5-698d-e765-ad62-abf23d19d3cf@nvidia.com> Date: Sat, 19 Sep 2020 21:13:17 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [172.20.13.39] X-ClientProxiedBy: HQMAIL107.nvidia.com (172.20.187.13) To HQMAIL107.nvidia.com (172.20.187.13) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1600575155; bh=m33F43k6ThFH0WLhvBUSNEz46bGRVYGvkyLd8PV6uC4=; h=Subject:To:CC:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding:X-Originating-IP:X-ClientProxiedBy; b=aQMDyhhBU/nd0EnkV0JTV8dYZel5tQEJT7uevM38qyGKEBjQxrWgZOIAgTqRpSnny W5rAIEqUMPTvegI8U14RrBfOVc57FCzjYbwwh//Lmb+bgU8HB2W/GB6ee8wVPrXZh6 XSjVYxZwaYScqsx/ffsP0n9gYdNwuWY8nLPBfb3LZef+gas6vFiN+Js+S/DnzHlVtL k7SBYWHCPTZ+6XkG2ttSJZ7/O0K1Rzx3CxNIOtdi4pmNCWOzepcaAO9pbZ+9oAyh0R RJ+3Xft+4k0BijToAWe17HZiMM245K8MhMQGwd5RME1q6AXioZuc6OfjqL8Sol8Awy vwyNWVjWJifQg== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/19/20 8:03 PM, Souptick Joarder wrote: > On Thu, Sep 17, 2020 at 1:11 PM Dan Carpenter wrote: >> On Wed, Sep 16, 2020 at 11:57:06PM -0700, John Hubbard wrote: >>> As suggested by Dan Carpenter, fortify unpin_user_pages() just a bit, >>> against a typical caller mistake: check if the npages arg is really a >>> -ERRNO value, which would blow up the unpinning loop: WARN and return. >>> >>> If this new WARN_ON() fires, then the system *might* be leaking pages >>> (by leaving them pinned), but probably not. More likely, gup/pup >>> returned a hard -ERRNO error to the caller, who erroneously passed it >>> here. ... > > Do we need a similar check inside unpin_user_pages_dirty_lock(), > when make_dirty set to false ? Maybe not. This call is rarely if ever used for error handling, but rather, for finishing up a successful use of the pages. There is a balance between protecting against buggy callers and just fixing any buggy callers. There is also a limit to how much code one can write in hopes of avoiding bugs in...code that one writes. :) Which is why static analysis, unit and regression tests, code reviews are important too. Here, I submit that that we're about to cross the line and go too far. But if you have any examples of buggy callers for unpin_user_pages_dirty_lock(), that might shift the line. Or maybe others feel that we haven't gone far enough yet after all? thanks, -- John Hubbard NVIDIA