Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2823498pxu; Mon, 7 Dec 2020 17:17:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJwK+0cbAPi5nAcjrV2Wfa4dKvYIT20boVQ4aF/rYJAFEesxHtcy5MbMv+TvpH3mKoHF1Is8 X-Received: by 2002:a17:906:4bc6:: with SMTP id x6mr21123821ejv.4.1607390279115; Mon, 07 Dec 2020 17:17:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607390279; cv=none; d=google.com; s=arc-20160816; b=MdfR8CQ1OiBYFuZ30IzqS/QhjI4lAbVdp7N+gGB10OBuGQi4Kf91Pu0uUflMTkQpDL GUhyeBJOQOmiGpm+EP7WdVzAoKl8gN8s9isl5oyzW2iF+nGx5SaqO+NpembRZIkDBqLB +DTvd3KmyzdmTyjx/M4QvE8sJpiD7wMZOzjOAPWhl3sDDdquicqrXbI3K/YYhVjwI/Ek 4JeqjzmPe7Cx7itwMzK4zSOJN2vI+B+xsNToWPz1JTipog0SikMXlfRX8wTHSt6FgDIW VDONZhz8qeuiDzMjxaB1h3JOCKFVXZnnvyIpjXNSsqSV+J0Y1bJSQtOSzvTOJB8Q5UkL hGlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=dSGlDbhidPZDKDk+p1AfcvxJW+DI8YFPrPNCgK1gB9g=; b=uSshctV80DXUqIADZbZaSc7FGxzHJGa8tx2mGyVMkspPQ1d8RXH1B4fB9gcL9BIhbj HrFBJLpi0Dc/FnqfrdmDpKlh/aCEPiFA/3Dqp570xTTqmbuXP334UirddmUWvyyby9Dt o4tl7QvuK51h+OZtphszx5zEeQpHrhMb4VPsfy6NDgj8j45B/fBNvSzd9Th4mTN978Y4 UZzOd+/3Z9B7Ni9XI0gbfdvCjxyXF3+UTCxaMxtAXHsk2nenveo7kG9uLKHKYBjF0k3C Cz+zkfS/5MH7d/1XvoX5Sx4XFOE6HwTCgTO3Sye8hqHFJTx/x++yL4K4xlVQcGbZzUP0 4Vsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=jQPNXyyX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q18si9365669edt.586.2020.12.07.17.17.36; Mon, 07 Dec 2020 17:17:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=jQPNXyyX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728174AbgLGXuj (ORCPT + 99 others); Mon, 7 Dec 2020 18:50:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43058 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727895AbgLGXuj (ORCPT ); Mon, 7 Dec 2020 18:50:39 -0500 Received: from mail-ej1-x642.google.com (mail-ej1-x642.google.com [IPv6:2a00:1450:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1547C0617B0 for ; Mon, 7 Dec 2020 15:49:58 -0800 (PST) Received: by mail-ej1-x642.google.com with SMTP id lt17so22102363ejb.3 for ; Mon, 07 Dec 2020 15:49:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dSGlDbhidPZDKDk+p1AfcvxJW+DI8YFPrPNCgK1gB9g=; b=jQPNXyyXDtq6FwskA2qiUp0rH3o00tsydXaWBYwhxrZzXwg6ROdBBhLAzLLbCOcEKn ks/K+L16TbmyD5D1MULfLAEpQ8l3ZHBFiXGQClAhKOKRpOkiXk88WPHTBuTQpDRNVGjh vaP7U+dJgj3qF+k5Gce4G3KQ2g3VyV0ttsOgok5JTlKhpS6QooayH9i/4rYhb/YdIxCB UE6jCjF0KiykMojJqV3SeOmaY1SC/pShZm3+bxyWl7p518IGZ11PcoDRP68hjib4xONH 2M8Ii9WyCgcB8iT0jcarECaRrxt0jTam80xcl2NeSbYu4pBrgQ47xkuJfTjedmo0mQZ7 3WDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dSGlDbhidPZDKDk+p1AfcvxJW+DI8YFPrPNCgK1gB9g=; b=rV5v3eCjGlflZPFZvA+bf4O5MLDNnh2+EZ2NfY/OGmwTelcm3e+TDlHOj2p5hv67d2 BU57HyA4kFKF1c1umTDxw/q47DLiX6XobkFdHB3skEwrCICYDLizlC6PVH4jUL4v4YNK aeRKet8FjhCu25e+NWMSQJxfMmOz8MxSZUgTrqAslxuLOxJHudN+JfOlioLFwnlUtpuK JOwDdptubYyBpzJDB1kVs/MxCkuaGg0nPeONOXKaYzbRVyvmjYcdy7X9tDZXFbnPfGV1 tyONWsNMSjgkg9nhNv5YOjcp8mydccA5q6hfJOM87G+DfzShRy+ZS8guFXthZV+6vv8I ZOvg== X-Gm-Message-State: AOAM530DRB80breJKZBCpaAWtmskPpX1vmdPamB0valQUBq8/euV33SR vNcFGGrbKu/m949A6FNfTQ5+LW7XtzX/U8oa/gAF6Q== X-Received: by 2002:a17:906:c20f:: with SMTP id d15mr20931926ejz.341.1607384997566; Mon, 07 Dec 2020 15:49:57 -0800 (PST) MIME-Version: 1.0 References: <20201207225703.2033611-1-ira.weiny@intel.com> <20201207225703.2033611-3-ira.weiny@intel.com> <20201207232649.GD7338@casper.infradead.org> <20201207234008.GE7338@casper.infradead.org> In-Reply-To: <20201207234008.GE7338@casper.infradead.org> From: Dan Williams Date: Mon, 7 Dec 2020 15:49:55 -0800 Message-ID: Subject: Re: [PATCH V2 2/2] mm/highmem: Lift memcpy_[to|from]_page to core To: Matthew Wilcox Cc: "Weiny, Ira" , Thomas Gleixner , Andrew Morton , Dave Hansen , Christoph Hellwig , Al Viro , Eric Biggers , Joonas Lahtinen , Linux Kernel Mailing List , linux-fsdevel Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 7, 2020 at 3:40 PM Matthew Wilcox wrote: > > On Mon, Dec 07, 2020 at 03:34:44PM -0800, Dan Williams wrote: > > On Mon, Dec 7, 2020 at 3:27 PM Matthew Wilcox wrote: > > > > > > On Mon, Dec 07, 2020 at 02:57:03PM -0800, ira.weiny@intel.com wrote: > > > > +static inline void memcpy_page(struct page *dst_page, size_t dst_off, > > > > + struct page *src_page, size_t src_off, > > > > + size_t len) > > > > +{ > > > > + char *dst = kmap_local_page(dst_page); > > > > + char *src = kmap_local_page(src_page); > > > > > > I appreciate you've only moved these, but please add: > > > > > > BUG_ON(dst_off + len > PAGE_SIZE || src_off + len > PAGE_SIZE); > > > > I imagine it's not outside the realm of possibility that some driver > > on CONFIG_HIGHMEM=n is violating this assumption and getting away with > > it because kmap_atomic() of contiguous pages "just works (TM)". > > Shouldn't this WARN rather than BUG so that the user can report the > > buggy driver and not have a dead system? > > As opposed to (on a HIGHMEM=y system) silently corrupting data that > is on the next page of memory? Wouldn't it fault in HIGHMEM=y case? I guess not necessarily... > I suppose ideally ... > > if (WARN_ON(dst_off + len > PAGE_SIZE)) > len = PAGE_SIZE - dst_off; > if (WARN_ON(src_off + len > PAGE_SIZE)) > len = PAGE_SIZE - src_off; > > and then we just truncate the data of the offending caller instead of > corrupting innocent data that happens to be adjacent. Although that's > not ideal either ... I dunno, what's the least bad poison to drink here? Right, if the driver was relying on "corruption" for correct operation. If corruption actual were happening in practice wouldn't there have been screams by now? Again, not necessarily... At least with just plain WARN the kernel will start screaming on the user's behalf, and if it worked before it will keep working.