Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2843932lqp; Mon, 25 Mar 2024 10:46:25 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV50Pv0lf72nsJEFKTAT160b+IUmdWH6V5aLPRCGw7pn3nYa3nMPqUCKmkpNE90XHDGw5i/sfWvD7+UwdpjKJELYUUSAyKwDKEorlG2Wg== X-Google-Smtp-Source: AGHT+IG9DJyP5IQNPvG6HZZ9fXdI+ooFu3yeOxJ5HORt1RIv/WQJMVoivOjZV5QlEytx/hR7O2tw X-Received: by 2002:a05:6a00:4607:b0:6e8:f708:4b09 with SMTP id ko7-20020a056a00460700b006e8f7084b09mr7967292pfb.15.1711388785344; Mon, 25 Mar 2024 10:46:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711388785; cv=pass; d=google.com; s=arc-20160816; b=kFuaETn9oqOzaelq/+dx4bL27QnZ5XZNMa3Ahxr/kruf+IwQ2MiMJ3MyT1F/694Uv9 6tqbeHwTDjmI9mft6lwLutaaydsydgTGCWjhAMEiSDU7ae/xY/Rdi55P1p67TPcw/FyQ KIQ/edkmgZgUOub6jz1YHYiOk7th4b8tSJP7/TWxYyAZr96zkmOPBKzEraXD1hgbG2JS iN4h/7LVYkzkqV8G5tAdzhYYY0LT6je7bAO7gk5C5agasPh8njw1Nbz4lTcIPXioz3xB zKvSTz2UGd5JqQG1U1jEB3/fYtI54eZawqOO4u1/kCzLUbubqoslapvWBBw3F5eUYgQi tAFQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=DFbuwIydiwblNB3N+oEuqCt8ZgRDKpIAwf/DolfyAHA=; fh=BgcDyirxyVKtljuGAqMpch7MyXfWd/G5+wTN6JIqxtM=; b=eplKyXRH4KHUFl3WzpgBhfrBNCtkbDiHQkZnMtGX/jZLpocqTDXvWXumhWDH4ys2IQ x9NPa2J1sxiZn8W0kdyCSsJgtMhEoU2tb0KZcsP5QmAgKxwoTXVIwtZz7g5rEJ9j8CVy 9ajR43MGsjEYth1gPendaam5GmruRFnAj0bUoimcNBguCDF19iIUyS031+/s8Lqgw+ds 3/ileWVkiAYMmwLY5NRcqJlvWNRxzsMvOgQlRexOhT9xx9u2grvYZLfLerrs3cXDYYYQ DiAhEmIFUSSFf+KzGSY865ZHfdMHLBm+7GsMjdytFyzWg4o1bnIaHubHqB1QlD1IpR9z zSRA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-117487-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-117487-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id b7-20020a631b47000000b005dc80f256ccsi4449912pgm.849.2024.03.25.10.46.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 10:46:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-117487-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-117487-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-117487-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A1E72304188 for ; Mon, 25 Mar 2024 17:37:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BE7601474B9; Mon, 25 Mar 2024 16:40:34 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EC64512B143 for ; Mon, 25 Mar 2024 16:40:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711384834; cv=none; b=Mq5THbbQksRVDl7AXhiQhmBx7sBFgyFcrricyIGjjzgjkNaokmumCVUHF1zGP9aS3WhRptdwCh+qqKUlyVoaCGAIoHRIseOYtLGVrHYr6Ea7WinIcs3i8MY89zPTPtjmOjMpZ/a1xRImuJHzKZTxz3uwgINQvNr5o9YOdi4i6vQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711384834; c=relaxed/simple; bh=3JD2cP34z98jlVGvzHKp989vlhvR8mbop7iAsu3vAbM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=f9Jj8t+MYEfC5ruUodgIjZlyGfECpJkeYOcUSAcex5O91Pv2V0oDP9cJpZ/KacEOfFHg0rxlIUqONImxYfi8zRUxzR25E/900O6tUtSHEW+n7obA+NBRGYdmtn0OmGCCVxHDkoYL494yPRsYgDN365+NGsgmCurqhWj8aEULnJ4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9CABC2F4; Mon, 25 Mar 2024 09:41:03 -0700 (PDT) Received: from FVFF77S0Q05N (unknown [10.57.16.150]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id ECE4F3F64C; Mon, 25 Mar 2024 09:40:26 -0700 (PDT) Date: Mon, 25 Mar 2024 16:39:12 +0000 From: Mark Rutland To: Alexandre Ghiti Cc: David Laight , Samuel Holland , Alexandre Ghiti , Palmer Dabbelt , "linux-riscv@lists.infradead.org" , Albert Ou , Andrew Morton , Charlie Jenkins , Guo Ren , Jisheng Zhang , Kemeng Shi , "Matthew Wilcox (Oracle)" , "Mike Rapoport (IBM)" , Paul Walmsley , Xiao Wang , Yangyu Chen , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] riscv: Define TASK_SIZE_MAX for __access_ok() Message-ID: References: <20240313180010.295747-1-samuel.holland@sifive.com> <88de4a1a-047e-4be9-b5b0-3e53434dc022@sifive.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Mar 25, 2024 at 08:30:37AM +0100, Alexandre Ghiti wrote: > Hi David, > > On 24/03/2024 20:42, David Laight wrote: > > ... > > > The use of alternatives allows to return right away if the buffer is > > > beyond the usable user address space, and it's not just "slightly > > > faster" for some cases (a very large buffer with only a few bytes being > > > beyond the limit or someone could fault-in all the user pages and fail > > > very late...etc). access_ok() is here to guarantee that such situations > > > don't happen, so actually it makes more sense to use an alternative to > > > avoid that. > > Is it really worth doing ANY optimisations for the -EFAULT path? > > They really don't happen. > > > > The only fault path that matters is the one that has to page in > > data from somewhere. > > Which is completely avoided with a strict definition of access_ok(). I see > access_ok() as an already existing optimization of fault paths by avoiding > them entirely when they are bound to happen. I think the point that David is making is that address+size pairs that'd fail access_ok() *should* be rare, and hence it's a better trade-off to occasionally handle faults for those if it makes the common case of successful access_ok() smaller or faster. For any well-behaved userspace applications, access_ok() should practically never fail, since userspace should be passing good address+size pairs as arguments to syscalls. Using a compile-time constant TASK_SIZE_MAX allows the compiler to generate much better code for access_ok(), and on arm64 we use a compile-time constant even when our page table depth can change at runtime (and when native/compat task sizes differ). The only abosolute boundary that needs to be maintained is that access_ok() fails for kernel addresses. Mark.