Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp1393823rdb;
        Wed, 24 Jan 2024 14:02:50 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFcqYjjPRREPHAxI8oad40Ec1/fmFL8C+H5odMrv2uqYBU534xr0LtyanhluDVj4ArAKvdy
X-Received: by 2002:a05:6a20:9193:b0:199:96a4:4b22 with SMTP id v19-20020a056a20919300b0019996a44b22mr93049pzd.41.1706133770051;
        Wed, 24 Jan 2024 14:02:50 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706133770; cv=pass;
        d=google.com; s=arc-20160816;
        b=vEdbnczbMU9S5KCdDc97AWLBxT808NtqK2BURgd/FEqexrImLQU+7Ah449lDBSHNkb
         58PGLRFxP4L+yp4QaSDBqvtk6Tly+RZ5JjLXxyM9rsx7eg7i5cBZ2WN+UVl50OGQeXhY
         4otjoMN4Ex2TuYHAXfAc12D8tzEi/Ml0V4TPWqlYHEC5Tus5EXkm4H2bcQ5DK/JbkuTj
         B9rH+JtyW9XdRrEf3/QCXucEbtXFEH7qOhQ3Jzl96S2fW3tQDVjjF87ijStpCEc1TQvR
         xLMQsoCb2GYTOAYZ3ljFofgRjqbY/WosS9FshJAYFtgU3P4XsBDkk+x1SwzpnrmQ2FPX
         D81g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :dkim-signature;
        bh=uzk/NXIbOmouCEogp9S9WiRLOAXkHbEQwd7DHqsoqDY=;
        fh=kaTAXvuBRjWXbLD6n5gvThpIpMVoUivj6+EwRbhLJ9Q=;
        b=yUuXs4jTs1z70OjafaOv7YSrtdVuWZqY6nJa0aknrmyxouqPtVSTlTDv/z1C90zDyg
         L708QAG1ClO0rW7UUP9hq9bzLCSCITrcIENcrsv9zSCqgycgQB5bmG29o4XsKb1ae0D8
         mEYrZsl5meEHglylZgOAnlZXS/a9vs21hGH9y3AT6EWL/AT0P/tf6Em/HG3jz1UZGC7+
         uEw6++yieUVM+1tV0M/BpuFzaJsaNJjaWL3dkv6OhOrQG9YvwAaViNhWHuLPBL9qveEG
         rk48xSVtVNCrolNTQSOdUJsmajIH3/qL+/Wv8ea/CheJAdzfEPvE1usK+sa0mMYo0nyA
         0lxg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Rhgvatcv;
       arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-37714-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-37714-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-37714-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id y13-20020a056a00190d00b006d9b870b85asi14556957pfi.169.2024.01.24.14.02.49
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 24 Jan 2024 14:02:50 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-37714-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Rhgvatcv;
       arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-37714-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-37714-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id E0834288AE8
	for <linux.lists.archive@gmail.com>; Wed, 24 Jan 2024 21:55:03 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 59B63135406;
	Wed, 24 Jan 2024 21:54:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="Rhgvatcv"
Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FE52134743
	for <linux-kernel@vger.kernel.org>; Wed, 24 Jan 2024 21:54:54 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.52
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1706133296; cv=none; b=hUANOQLR4vUQxNEj8Qm9/aWIdxt9L+a7/23KjadHGNxdwfIs3jNiyMT+j2H7UNLOs04iEpOVSQTVpOFUFYn+kqOqjDlN+f5/eM4FcaIKhuAMoebEpZxhYWtmVoKskk05QjNy/T/wioNEzf7L7Gc2wVPj4ajOQCrFG3uDIeM9mR4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1706133296; c=relaxed/simple;
	bh=oc1lZj/Tvpz8f0+Va0OB/RbD+89WY+TKLfsWPUxPCf0=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=qrCAripbHsIPhoLIVPKtJBbIT+gnfmFmVPL476Q7OMFyLrsfQCw2iHa4kt2r5K0ka3IGSImXXOsnzgtAq7rFQp9dPsBPwUO4e2E3A1eWXIwbiY3ebJcLUbesydtV8Yr/7nPHR8AhPjcDIFynepwcePrSoyKnC2YjTlcoIPWeQG4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org; spf=pass smtp.mailfrom=linuxfoundation.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=Rhgvatcv; arc=none smtp.client-ip=209.85.218.52
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org
Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-a26f73732c5so675785566b.3
        for <linux-kernel@vger.kernel.org>; Wed, 24 Jan 2024 13:54:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google; t=1706133292; x=1706738092; darn=vger.kernel.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=uzk/NXIbOmouCEogp9S9WiRLOAXkHbEQwd7DHqsoqDY=;
        b=Rhgvatcv8M9UY4CK+IBjAahK0+xaj8YPjh+qNhKpsgt3PQ6O3hHTvUrpvtOqD3DZKc
         6qmfKWJTA2DPLk52BoY05p7qzXacgyNNHU8Bnx3HWjIn2nEi9asx+e1hc0ZlUqM7AQxY
         tbT8z/WqnJOLROFkoJsoKpsgOZuxbvyCac4Ns=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1706133292; x=1706738092;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uzk/NXIbOmouCEogp9S9WiRLOAXkHbEQwd7DHqsoqDY=;
        b=uGEjYFakGzPPYeHlU0ITXNUJmow2SUVCQyLB334WTet7fxZF1yvvFIyM8iQ/K2NBHe
         ff1Y+JkAzyE0L/KAxGnvzowPtGPZL7pD6aCpW0VZfg8+CSVQ/N4FL4IA3Trn20VHoK42
         EI7F4PTE5dcr+O+XsfvvbdpT7iEMWyf+NQno3pD/radT/khHfasAHhs4EKIcCHtYFILR
         /6Y7/TcyOVZN7dhMxwwTggvdvSC95jndDWPPg9JoVqVMJQJxRv33BbUXQdt48zR5Fp4m
         J4zwFE6C4pMhzqPnwikf7QlX60AM0sI8nqpHSh52CalVJpYC4m+pfESVNcP1M+WYko1f
         ywWw==
X-Gm-Message-State: AOJu0YyjXCAGKCwpIxKNEn6KsSlANuJag8Wwx/nkHym98CxVvbqsszyh
	dOApIfaysfx7YBddzm0hQ0WwROcNaq7nzQXxE9D4b+r9/CJMyG5yDV+Zvd/W3jNmfQciBpctukY
	ot3VhMQ==
X-Received: by 2002:a17:907:c28b:b0:a31:6865:f354 with SMTP id tk11-20020a170907c28b00b00a316865f354mr87738ejc.143.1706133292292;
        Wed, 24 Jan 2024 13:54:52 -0800 (PST)
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com. [209.85.128.51])
        by smtp.gmail.com with ESMTPSA id ps12-20020a170906bf4c00b00a31225fed97sm295692ejb.104.2024.01.24.13.54.51
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 24 Jan 2024 13:54:51 -0800 (PST)
Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-40eb0836f8dso33823805e9.2
        for <linux-kernel@vger.kernel.org>; Wed, 24 Jan 2024 13:54:51 -0800 (PST)
X-Received: by 2002:a05:600c:8607:b0:40e:5451:be1a with SMTP id
 ha7-20020a05600c860700b0040e5451be1amr1409393wmb.82.1706133290734; Wed, 24
 Jan 2024 13:54:50 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <75e9fd7b08562ad9b456a5bdaacb7cc220311cc9.camel@xry111.site>
 <mvmplxraqmd.fsf@suse.de> <9481b6d9d015aea25d8f2563bf7bd6f6462f758f.camel@xry111.site>
 <0be1203c9df55432548c92281c8392dfa2f7d6bf.camel@xry111.site> <e8583a3ab0522b4e75ba0ada47b6f093b186fa81.camel@xry111.site>
In-Reply-To: <e8583a3ab0522b4e75ba0ada47b6f093b186fa81.camel@xry111.site>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed, 24 Jan 2024 13:54:34 -0800
X-Gmail-Original-Message-ID: <CAHk-=wgVrw+8P68Sy2krcc3QFbm_eu_DRs0-i7mct_0BDORZuA@mail.gmail.com>
Message-ID: <CAHk-=wgVrw+8P68Sy2krcc3QFbm_eu_DRs0-i7mct_0BDORZuA@mail.gmail.com>
Subject: Re: Strange EFAULT on mips64el returned by syscall when another
 thread is forking
To: Xi Ruoyao <xry111@xry111.site>
Cc: Andreas Schwab <schwab@suse.de>, Ben Hutchings <ben@decadent.org.uk>, linux-mips@vger.kernel.org, 
	linux-kernel@vger.kernel.org, Jiaxun Yang <jiaxun.yang@flygoat.com>, 
	Thomas Bogendoerfer <tsbogend@alpha.franken.de>, libc-alpha@sourceware.org
Content-Type: text/plain; charset="UTF-8"

On Wed, 24 Jan 2024 at 13:33, Xi Ruoyao <xry111@xry111.site> wrote:
>
> Re-posting the broken test case for Ben (I also added a waitpid call to
> prevent PID exhaustion):

Funky, funky.

>       ssize_t ret = read (fd, buf, 7);
>       if (ret == -1 && errno == EFAULT)
>         abort ();

So I think I have a clue:

> and the "interesting" aspects:
>
> 1. If I change the third parameter of "read" to any value >= 8, it no
> longer fails.  But it fails with any integer in [1, 8).

One change (the only one, really), is that now that MIPS uses
lock_mm_and_find_vma(), it also has this code:

        if (regs && !user_mode(regs)) {
                unsigned long ip = instruction_pointer(regs);
                if (!search_exception_tables(ip))
                        return false;
        }

in case the mmap trylock fails.

That code protects against the deadlock case of "we hold the mmap
lock, and take a kernel page fault due to a bug, and that page fault
happens to be to user space, and the page fault code then deadlocks on
the mmap lock".

It's a rare bug, but it's so nasty to debug that x86 has had that code
pretty much forever, and the lock_mm_and_find_vma() helper got it that
way. MIPS was clearly expecting kernel debugging to happen on other
platforms ;)

And I think the "fails with any integer in [1, 8)" is because the MIPS
"copy_from_user()" code is likely doing something special for those
small copies.

And I note that the MIPS extable.c code uses

        fixup = search_exception_tables(exception_epc(regs));

Note the difference: lock_mm_and_find_vma() uses
instruction_pointer(regs), extable.c uses exception_epc(regs).

The former is just "((regs)->cp0_epc)", while the latter is some
complex mess due to MIPS delay slots and isa16.

My *suspicion* is that instruction_pointer() needs to be fixed to do
the same full exception_epc() thing.

But honestly, I absolutely detest delay slots and refuse to touch
anything MIPS for that reason,.

And there could certainly be something else going on too. But that odd
size limitation, and the fact that it only happens on MIPS, does make
me think the above analysis is right.

I guess you could test it by changing the two cases of
'instruction_pointer(regs)' in mm/memory.c to use exception_epc(regs)
instead. It will only build on MIPS, but for *testing* that theory
out, it's fine.

Over to MIPS people..

                        Linus