From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 81DCB2007E7EE for ; Tue, 1 May 2018 16:28:22 -0700 (PDT) Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 05DED2370A for ; Tue, 1 May 2018 23:28:22 +0000 (UTC) Received: by mail-wm0-f48.google.com with SMTP id i3so21138692wmf.3 for ; Tue, 01 May 2018 16:28:21 -0700 (PDT) MIME-Version: 1.0 References: <152520750404.36522.15462513519590065300.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: From: Andy Lutomirski Date: Tue, 01 May 2018 23:28:10 +0000 Message-ID: Subject: Re: [PATCH 0/6] use memcpy_mcsafe() for copy_to_iter() List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" To: Dan Williams Cc: Tony Luck , linux-nvdimm , Peter Zijlstra , X86 ML , LKML , Ingo Molnar , Borislav Petkov , Al Viro , Thomas Gleixner , Linus Torvalds , Andrew Morton List-ID: On Tue, May 1, 2018 at 4:02 PM Dan Williams wrote: > On Tue, May 1, 2018 at 2:05 PM, Linus Torvalds > wrote: > > On Tue, May 1, 2018 at 1:55 PM Dan Williams > > wrote: > > > >> The result of the bypass is that the kernel treats machine checks during > >> read as system fatal (reboot) when they could simply be flagged as an > >> I/O error, similar to performing reads through the pmem driver. Prevent > >> this fatal condition by deploying memcpy_mcsafe() in the fsdax read > >> path. > > > > How about just changing the rules, and go the old "Don't do that then" way? > > > > IOW, get rid of the whole idea that MCS errors should be fatal. It's wrong > > and pointless anyway. > > > > The while approach seems fundamentally buggered, if you ever want to mmap > > one of these things. And don't you want that? > > > > So why continue down a fundamentally broken path? > I'm confused. Are you talking about getting rid of the block-layer > bypass or changing how MCS errors are handled? If it's the former I've > gotten push back in the past trying to remove the bypass, but I feel > better about my chances to slay that beast wielding the +5 Hammer of > Linus. If it's the latter, MCS error handling, I don't see how get > around something like copy_to_iter_mcsafe(). > You mention mmap. Yes, we want the predominant access model to be > dax-mmap for Persistent Memory, but there's still the question about > what to do with media errors. To date we are trying to mirror the > error handling model for System Memory, i.e. SIGBUS to the process > that consumed the error. Is that error handling model also problematic > in your view? I'm not sure exactly what you mean here, but my understanding of the status quo is that memory errors in user code are non-fatal but that memory errors in kernel code are fatal unless there's an appropriate extable entry. The old iov_iter code assumes that memcpy() on kernel addresses can't fail. I'm not sure how else it could work. _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751761AbeEAX2X (ORCPT ); Tue, 1 May 2018 19:28:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:46532 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751140AbeEAX2W (ORCPT ); Tue, 1 May 2018 19:28:22 -0400 X-Google-Smtp-Source: AB8JxZrJn70+/xVQKd2Jup2GsHIA/BPKu2CUaxSYw5bpk0Jk6wwcCFxlOsFgVLXB4paV3/e4LQJ10f2HLO2pB7tVz2Y= MIME-Version: 1.0 References: <152520750404.36522.15462513519590065300.stgit@dwillia2-desk3.amr.corp.intel.com> In-Reply-To: From: Andy Lutomirski Date: Tue, 01 May 2018 23:28:10 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 0/6] use memcpy_mcsafe() for copy_to_iter() To: Dan Williams Cc: Linus Torvalds , linux-nvdimm , Tony Luck , Peter Zijlstra , Borislav Petkov , X86 ML , Thomas Gleixner , Ingo Molnar , Al Viro , Andrew Morton , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 1, 2018 at 4:02 PM Dan Williams wrote: > On Tue, May 1, 2018 at 2:05 PM, Linus Torvalds > wrote: > > On Tue, May 1, 2018 at 1:55 PM Dan Williams > > wrote: > > > >> The result of the bypass is that the kernel treats machine checks during > >> read as system fatal (reboot) when they could simply be flagged as an > >> I/O error, similar to performing reads through the pmem driver. Prevent > >> this fatal condition by deploying memcpy_mcsafe() in the fsdax read > >> path. > > > > How about just changing the rules, and go the old "Don't do that then" way? > > > > IOW, get rid of the whole idea that MCS errors should be fatal. It's wrong > > and pointless anyway. > > > > The while approach seems fundamentally buggered, if you ever want to mmap > > one of these things. And don't you want that? > > > > So why continue down a fundamentally broken path? > I'm confused. Are you talking about getting rid of the block-layer > bypass or changing how MCS errors are handled? If it's the former I've > gotten push back in the past trying to remove the bypass, but I feel > better about my chances to slay that beast wielding the +5 Hammer of > Linus. If it's the latter, MCS error handling, I don't see how get > around something like copy_to_iter_mcsafe(). > You mention mmap. Yes, we want the predominant access model to be > dax-mmap for Persistent Memory, but there's still the question about > what to do with media errors. To date we are trying to mirror the > error handling model for System Memory, i.e. SIGBUS to the process > that consumed the error. Is that error handling model also problematic > in your view? I'm not sure exactly what you mean here, but my understanding of the status quo is that memory errors in user code are non-fatal but that memory errors in kernel code are fatal unless there's an appropriate extable entry. The old iov_iter code assumes that memcpy() on kernel addresses can't fail. I'm not sure how else it could work.