From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5F571C433EF for ; Thu, 25 Nov 2021 21:30:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=I5O5bZGDS6BRJeMvgDbnjTSpNaH9MdfzhiT7ovh6bjw=; b=fDy2A1vwD7I7JJ QnTxJejlALJWDfxhRgvIyO+nwliPueaJ5EDQj8f1/LJvnJy2QcTDiOwBSrrcz8ije3TZ8KqDRrtxN ltnwNL0IVDpSWAyUBAL6ZksEt5SRKcZCo+7yRpr1lHHXIk3aS3zFWm8WQRZVMmJ39a11zL9s50Nl9 osnfMSZ5/7ms2UuWusGRMpgDWXgU+Y6JR7qPz8qg5UDzpsViZPcUcIl7a63KRYNdolwSLS/jbtEy8 BulxrH65+w7Q58q8QVDlPW6ZE64H4qMLdEGQmWXzIRQs5XM7VUo4NxHx0xA6EFvwlF3cCv7/SVOWe M+qhOTWlnidgj3vmBw6A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mqMIy-008kRc-SZ; Thu, 25 Nov 2021 21:29:21 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mqMIm-008kOj-1Z for linux-arm-kernel@lists.infradead.org; Thu, 25 Nov 2021 21:29:10 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8AE0A60527; Thu, 25 Nov 2021 21:29:04 +0000 (UTC) Date: Thu, 25 Nov 2021 21:29:01 +0000 From: Catalin Marinas To: Matthew Wilcox Cc: Linus Torvalds , Josef Bacik , David Sterba , Andreas Gruenbacher , Al Viro , Andrew Morton , Will Deacon , linux-fsdevel , Linux Kernel Mailing List , Linux ARM , linux-btrfs Subject: Re: [PATCH 3/3] btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page faults Message-ID: References: <20211124192024.2408218-1-catalin.marinas@arm.com> <20211124192024.2408218-4-catalin.marinas@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211125_132908_175001_CB7CF9C0 X-CRM114-Status: GOOD ( 29.74 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Nov 25, 2021 at 09:02:29PM +0000, Matthew Wilcox wrote: > On Thu, Nov 25, 2021 at 08:43:57PM +0000, Catalin Marinas wrote: > > > I really believe that the fix is to make the read/write probing just > > > be more aggressive. > > > > > > Make the read/write probing require that AT LEAST bytes be > > > readable/writable at the beginning, where 'n' is 'min(len,ALIGN)', and > > > ALIGN is whatever size that copy_from/to_user_xyz() might require just > > > because it might do multi-byte accesses. > > > > > > In fact, make ALIGN be perhaps something reasonable like 512 bytes or > > > whatever, and then you know you can handle the btrfs "copy a whole > > > structure and reset if that fails" case too. > > > > IIUC what you are suggesting, we still need changes to the btrfs loop > > similar to willy's but that should work fine together with a slightly > > more aggressive fault_in_writable(). > > > > A probing of at least sizeof(struct btrfs_ioctl_search_key) should > > suffice without any loop changes and 512 would cover it but it doesn't > > look generic enough. We could pass a 'probe_prefix' argument to > > fault_in_exact_writeable() to only probe this and btrfs would just > > specify the above sizeof(). > > How about something like this? > > +++ b/mm/gup.c > @@ -1672,6 +1672,13 @@ size_t fault_in_writeable(char __user *uaddr, size_t size) > > if (unlikely(size == 0)) > return 0; > + if (SUBPAGE_PROBE_INTERVAL) { > + while (uaddr < PAGE_ALIGN((unsigned long)uaddr)) { > + if (unlikely(__put_user(0, uaddr) != 0)) > + goto out; > + uaddr += SUBPAGE_PROBE_INTERVAL; > + } > + } > if (!PAGE_ALIGNED(uaddr)) { > if (unlikely(__put_user(0, uaddr) != 0)) > return size; > > ARM then defines SUBPAGE_PROBE_INTERVAL to be 16 and the rest of us > leave it as 0. That way we probe all the way to the end of the current > page and the start of the next page. It doesn't help if the copy_to_user() fault happens 16 bytes into the second page for example. The fault_in() passes, copy_to_user() fails and the loop restarts from the same place. With sub-page faults, the page boundary doesn't have any relevance. We want to probe the beginning of the buffer that's at least as big as the loop rewind size even if it goes past a page boundary. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel