Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 501EBC433F5 for ; Thu, 25 Nov 2021 21:43:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239140AbhKYVqV (ORCPT ); Thu, 25 Nov 2021 16:46:21 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:52822 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238655AbhKYVoU (ORCPT ); Thu, 25 Nov 2021 16:44:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637876468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zy1D3BcfbmTkQAKQ8xyKaO+OdCXbfXv9jg1mQpYzJQU=; b=eFdPVysPfUn6i2C6KFj1OdMDjxV9inm+/XgxWjR+rJuD4zKCxxiQrz/4OWfJNwsp2Rli8s Tm8CMU0vX5KT8wWL6fywzDKk90Ja/EPuLF+g2HR/ToKfint9cWFC6a3KwIkZ+0jflUV1zL eM8OCBMwzGzM5TNrp7Uxojnr++OVJhI= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-419-7snnXUKkO1y4gA6-DcOKeg-1; Thu, 25 Nov 2021 16:41:06 -0500 X-MC-Unique: 7snnXUKkO1y4gA6-DcOKeg-1 Received: by mail-wm1-f72.google.com with SMTP id a64-20020a1c7f43000000b003335e5dc26bso3833159wmd.8 for ; Thu, 25 Nov 2021 13:41:06 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zy1D3BcfbmTkQAKQ8xyKaO+OdCXbfXv9jg1mQpYzJQU=; b=2mo6Y5gi3GVq7ATUhULKQmi6amFrMZu9rMoR+4J8KwDl6ordj7qXAOb4iN1QqlU5ok hiPu2JzncBWpOywMsvjLoQUhuF10sZOWUqIYoBCJP40VIPhkjq7gn197PJCz3wtFGFBD bKcqIkPgYMWfkor2pYETWRYf7HCyn8XeaL4Y8GNLA357jFVIizhdgP5+uMiuMaEppdiS /gAGsHcdf/SzKXlwi9hnyhInKv5Vcq8bexM23+pW2w/CJZbfL7DPiD4o1h8HFx4yfcOo As3qCbXRfwzm8LyuVQki+tPtwyKGUQVxcCpiObcKO3+KMu4wl21YrXAZoxkRY02XyHI3 +C+w== X-Gm-Message-State: AOAM532WrhfvDepM/gBxggD9QbmYwgLh66wLfm/VRaeb7tOshimpa3aW fPoBQbEq7aubPVpo5pYtt88oZmNAnfXcT/r0dV9+CHSs7pwFAwCCYub1S7lW6Jyvcphi6xxkqTf QJMYISTQ/oHgeo05+G3+1ryB671URsVstfT9Ho17s X-Received: by 2002:a05:600c:1e26:: with SMTP id ay38mr11407737wmb.14.1637876465786; Thu, 25 Nov 2021 13:41:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJxBOJN0sKvw/32yrofU9l5xWSU9km9NEYBCalXaAIBq9JyTlz4/gcW6rG7s0RNEsFbdNvJaMjB37Li1S3SYJcE= X-Received: by 2002:a05:600c:1e26:: with SMTP id ay38mr11407713wmb.14.1637876465617; Thu, 25 Nov 2021 13:41:05 -0800 (PST) MIME-Version: 1.0 References: <20211124192024.2408218-1-catalin.marinas@arm.com> <20211124192024.2408218-4-catalin.marinas@arm.com> In-Reply-To: From: Andreas Gruenbacher Date: Thu, 25 Nov 2021 22:40:54 +0100 Message-ID: Subject: Re: [PATCH 3/3] btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page faults To: Matthew Wilcox Cc: Catalin Marinas , Linus Torvalds , Josef Bacik , David Sterba , Al Viro , Andrew Morton , Will Deacon , linux-fsdevel , Linux Kernel Mailing List , Linux ARM , linux-btrfs Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 25, 2021 at 10:02 PM Matthew Wilcox wrote: > On Thu, Nov 25, 2021 at 08:43:57PM +0000, Catalin Marinas wrote: > > > I really believe that the fix is to make the read/write probing just > > > be more aggressive. > > > > > > Make the read/write probing require that AT LEAST bytes be > > > readable/writable at the beginning, where 'n' is 'min(len,ALIGN)', and > > > ALIGN is whatever size that copy_from/to_user_xyz() might require just > > > because it might do multi-byte accesses. > > > > > > In fact, make ALIGN be perhaps something reasonable like 512 bytes or > > > whatever, and then you know you can handle the btrfs "copy a whole > > > structure and reset if that fails" case too. > > > > IIUC what you are suggesting, we still need changes to the btrfs loop > > similar to willy's but that should work fine together with a slightly > > more aggressive fault_in_writable(). > > > > A probing of at least sizeof(struct btrfs_ioctl_search_key) should > > suffice without any loop changes and 512 would cover it but it doesn't > > look generic enough. We could pass a 'probe_prefix' argument to > > fault_in_exact_writeable() to only probe this and btrfs would just > > specify the above sizeof(). > > How about something like this? > > +++ b/mm/gup.c > @@ -1672,6 +1672,13 @@ size_t fault_in_writeable(char __user *uaddr, size_t size) > > if (unlikely(size == 0)) > return 0; > + if (SUBPAGE_PROBE_INTERVAL) { > + while (uaddr < PAGE_ALIGN((unsigned long)uaddr)) { > + if (unlikely(__put_user(0, uaddr) != 0)) > + goto out; > + uaddr += SUBPAGE_PROBE_INTERVAL; > + } > + } > if (!PAGE_ALIGNED(uaddr)) { > if (unlikely(__put_user(0, uaddr) != 0)) > return size; > > ARM then defines SUBPAGE_PROBE_INTERVAL to be 16 and the rest of us > leave it as 0. That way we probe all the way to the end of the current > page and the start of the next page. > > Oh, that needs to be checked to not exceed size as well ... anyway, > you get the idea. Note that we don't need this additional probing when accessing the buffer with byte granularity. That's probably the common case. Andreas