Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3534480pxu; Tue, 8 Dec 2020 14:52:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJw7qTrew9qbbcHgeeqCAVY5olMWZhNUUNTEypamHGOo1bwa+HStxFybJOF9IoKYpc4mTQQ5 X-Received: by 2002:a17:906:cce9:: with SMTP id ot41mr14201735ejb.46.1607467973840; Tue, 08 Dec 2020 14:52:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607467973; cv=none; d=google.com; s=arc-20160816; b=ALVm5ECmalgw0fS3qHDYCzIiuAgoB3RjQwyn7yX923CRTMt5n7U37wuKskk/ontVrz 5DkL0riY/T7zBFctxPZJTbclExadK1tqPR4dvS80oyhfaPyKhEr8lqgzexShymX/rSiH ELaTx30gca9c+pokiVqnbjJpZW/7nd/yQuC7oltjeppw19XOKmHK9cjGtRJzJnI9hazs BJxk2YXU4l0vpWcE2ndzLKLAwoF8VBYYz9w3txaNocHXRocucWJcQ1nBulRebh0MuLL6 17BzF8RLMkbMryLirgmKyvOSzYacJl7Y67EeDvlEfi1V1L5PWjBG/V2HCxZN343Jag97 atdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qPLPYejHiYKI/SS/VMuVb/4MJA5j0lvth0OjAoews7k=; b=WPxZMg2eYFIJqbSuSsQ2caMvuq+HoOnzd+qO+XBTgnhMzRWBRExC/Q4y/QjDpiifjq nqBo8wVHnyyhk/RZ9zq+u++M44G7prO40FHidDEU0K2PRhRevN8bnewlxuvt0ojNSToO GnZzicACfTotK3pP56SwsTzvqMr16NktK77XEKiZpUczaA/mXOa9M3Gozp/FBNinINSR U70qgiwvRvZWk/0xrkvZEc28+BvIJaUIm1ul3Yw4572KnC6GBKa0LHpXk7mQoQN9Qemm Wu9LUB1KPRvMJGntLHk4r0ZkcFie1gd3R8555RKE133wpJS5ior5qaBKTXpCg7wPDnF/ qJLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=DmLL7ePI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s9si10759395edt.290.2020.12.08.14.52.28; Tue, 08 Dec 2020 14:52:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=DmLL7ePI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730838AbgLHWs4 (ORCPT + 99 others); Tue, 8 Dec 2020 17:48:56 -0500 Received: from userp2130.oracle.com ([156.151.31.86]:33790 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730776AbgLHWs4 (ORCPT ); Tue, 8 Dec 2020 17:48:56 -0500 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 0B8Mdugb079151; Tue, 8 Dec 2020 22:47:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2020-01-29; bh=qPLPYejHiYKI/SS/VMuVb/4MJA5j0lvth0OjAoews7k=; b=DmLL7ePIWe9zrLaIVSG1mBDrU3FSj8xHx6v+DAaAInug+mcMLNgt9b+Nbuscwu89/PMd jQNzab7wOqAPrxMP2z7ZG3Sy2D80ZpKFXTWRC2ZE9k43rk8wOPbOLWOG/hxsgX1BKovK ARMEP0Gw/uPu9LzVQ/UkNYCXkdc3RTKPi7snCQo9AGIHnhYSs/Ywm8vWqHZCcmvnXCHf H3kX71F54nr+/iEpCElOqIYvm50PlriM5PEfD+u2ykgQU1xWU4S068sfli0N7wNVFvJk YpSAtLe5lQEVVUcMks+V5X7ciFOhPpGHNEv4QuahImF/x2eVm/pS8057D/oT2c+do+xh YA== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by userp2130.oracle.com with ESMTP id 3581mqwbt4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 08 Dec 2020 22:47:59 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 0B8Mfi5J164266; Tue, 8 Dec 2020 22:45:59 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userp3030.oracle.com with ESMTP id 358m4yjd1m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 08 Dec 2020 22:45:59 +0000 Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 0B8MjuMt013079; Tue, 8 Dec 2020 22:45:57 GMT Received: from localhost (/67.169.218.210) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 08 Dec 2020 14:45:56 -0800 Date: Tue, 8 Dec 2020 14:45:55 -0800 From: "Darrick J. Wong" To: Matthew Wilcox Cc: Dan Williams , Ira Weiny , Thomas Gleixner , Andrew Morton , Dave Hansen , Christoph Hellwig , Al Viro , Eric Biggers , Joonas Lahtinen , Linux Kernel Mailing List , linux-fsdevel Subject: Re: [PATCH V2 2/2] mm/highmem: Lift memcpy_[to|from]_page to core Message-ID: <20201208224555.GA605321@magnolia> References: <20201207225703.2033611-1-ira.weiny@intel.com> <20201207225703.2033611-3-ira.weiny@intel.com> <20201207232649.GD7338@casper.infradead.org> <20201207234008.GE7338@casper.infradead.org> <20201208213255.GO1563847@iweiny-DESK2.sc.intel.com> <20201208215028.GK7338@casper.infradead.org> <20201208223234.GL7338@casper.infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201208223234.GL7338@casper.infradead.org> X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9829 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 suspectscore=1 bulkscore=0 malwarescore=0 phishscore=0 adultscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012080142 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9829 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 mlxlogscore=999 clxscore=1011 malwarescore=0 priorityscore=1501 adultscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 impostorscore=0 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012080142 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 08, 2020 at 10:32:34PM +0000, Matthew Wilcox wrote: > On Tue, Dec 08, 2020 at 02:23:10PM -0800, Dan Williams wrote: > > On Tue, Dec 8, 2020 at 1:51 PM Matthew Wilcox wrote: > > > > > > On Tue, Dec 08, 2020 at 01:32:55PM -0800, Ira Weiny wrote: > > > > On Mon, Dec 07, 2020 at 03:49:55PM -0800, Dan Williams wrote: > > > > > On Mon, Dec 7, 2020 at 3:40 PM Matthew Wilcox wrote: > > > > > > > > > > > > On Mon, Dec 07, 2020 at 03:34:44PM -0800, Dan Williams wrote: > > > > > > > On Mon, Dec 7, 2020 at 3:27 PM Matthew Wilcox wrote: > > > > > > > > > > > > > > > > On Mon, Dec 07, 2020 at 02:57:03PM -0800, ira.weiny@intel.com wrote: > > > > > > > > > +static inline void memcpy_page(struct page *dst_page, size_t dst_off, > > > > > > > > > + struct page *src_page, size_t src_off, > > > > > > > > > + size_t len) > > > > > > > > > +{ > > > > > > > > > + char *dst = kmap_local_page(dst_page); > > > > > > > > > + char *src = kmap_local_page(src_page); > > > > > > > > > > > > > > > > I appreciate you've only moved these, but please add: > > > > > > > > > > > > > > > > BUG_ON(dst_off + len > PAGE_SIZE || src_off + len > PAGE_SIZE); > > > > > > > > > > > > > > I imagine it's not outside the realm of possibility that some driver > > > > > > > on CONFIG_HIGHMEM=n is violating this assumption and getting away with > > > > > > > it because kmap_atomic() of contiguous pages "just works (TM)". > > > > > > > Shouldn't this WARN rather than BUG so that the user can report the > > > > > > > buggy driver and not have a dead system? > > > > > > > > > > > > As opposed to (on a HIGHMEM=y system) silently corrupting data that > > > > > > is on the next page of memory? > > > > > > > > > > Wouldn't it fault in HIGHMEM=y case? I guess not necessarily... > > > > > > > > > > > I suppose ideally ... > > > > > > > > > > > > if (WARN_ON(dst_off + len > PAGE_SIZE)) > > > > > > len = PAGE_SIZE - dst_off; > > > > > > if (WARN_ON(src_off + len > PAGE_SIZE)) > > > > > > len = PAGE_SIZE - src_off; > > > > > > > > > > > > and then we just truncate the data of the offending caller instead of > > > > > > corrupting innocent data that happens to be adjacent. Although that's > > > > > > not ideal either ... I dunno, what's the least bad poison to drink here? > > > > > > > > > > Right, if the driver was relying on "corruption" for correct operation. > > > > > > > > > > If corruption actual were happening in practice wouldn't there have > > > > > been screams by now? Again, not necessarily... > > > > > > > > > > At least with just plain WARN the kernel will start screaming on the > > > > > user's behalf, and if it worked before it will keep working. > > > > > > > > So I decided to just sleep on this because I was recently told to not introduce > > > > new WARN_ON's[1] > > > > > > > > I don't think that truncating len is worth the effort. The conversions being > > > > done should all 'work' At least corrupting users data in the same way as it > > > > used to... ;-) I'm ok with adding the WARN_ON's and I have modified the patch > > > > to do so while I work through the 0-day issues. (not sure what is going on > > > > there.) > > > > > > > > However, are we ok with adding the WARN_ON's given what Greg KH told me? This > > > > is a bit more critical than the PKS API in that it could result in corrupt > > > > data. > > > > > > zero_user_segments contains: > > > > > > BUG_ON(end1 > page_size(page) || end2 > page_size(page)); > > > > > > These should be consistent. I think we've demonstrated that there is > > > no good option here. > > > > True, but these helpers are being deployed to many new locations where > > they were not used before. > > So what's your preferred poison? > > 1. Corrupt random data in whatever's been mapped into the next page (which > is what the helpers currently do) Please no. > 2. Copy less data than requested This sounds like the germination event for a research paper showing that 63% of callers never notice. ;) > 3. Crash Useful as a debug tool? > 4. Something else Return bytes copied like we do for writes that didn't quite work? --D