From: Linus Torvalds <torvalds@linux-foundation.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Williams <dan.j.williams@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>,
LKML <linux-kernel@vger.kernel.org>,
"the arch/x86 maintainers" <x86@kernel.org>
Subject: Re: [patch 01/10] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user()
Date: Mon, 30 Aug 2021 15:00:06 -0700 [thread overview]
Message-ID: <CAHk-=wh57tMaJxcH=kWE4xdKLjayKSDEVvMwHG4fKZ5tUHF6mg@mail.gmail.com> (raw)
In-Reply-To: <YS1OE6FRi4ZwEF8j@zeniv-ca.linux.org.uk>
On Mon, Aug 30, 2021 at 2:33 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> There's a place where we care about #PF vs. #MC (see upthread)...
Interestingly (or perhaps not), that case is a problem case in general
for "fault_in_pages_readable()".
That function will only access data every PAGE_SIZE bytes, but if we
have other exceptions that can happen at a cacheline granularity, the
whole "retry after faulting pages in" may fail.
So that kind of
- try to copy from user space
- if that fails, do fault_in_pages_readable() and retry
loop can loop forever.
restore_fpregs_from_user() is odd and special in trying to deal with
it by looking at the error code. I'm n ot convinced it's the right
thing to do, since it just means that all the other places we do this
can be problematic.
But since the Intel machine check stuff is so misdesigned and doesn't
work on any normal machines, most people can't test any of this, none
of this matters, and it's only broken on those "serious enterprise
machines" setups that people think are better, but are actually just
almost entirely untested and thus don't work right.
I'm not sure what the right model here is. We might need to make
fault_in_pages_readable() do things a cacheline at a time, at which
point those repeat loops start working, and the error code thing
becomes pointless.
What I _am_ sure about is that the error code model doesn't work. It
may work in that one special case, but that just means that all the
non-special cases are broken.
So I'll argue that it's a fundamentally broken model, and that
_ASM_EXTABLE_FAULT thing is not just confusing, but actively hurtful.
Linus
next prev parent reply other threads:[~2021-08-30 22:00 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 16:27 [patch 00/10] x86/fpu: Clean up error handling in sigframe related code Thomas Gleixner
2021-08-30 16:27 ` [patch 01/10] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user() Thomas Gleixner
2021-08-30 19:33 ` Borislav Petkov
2021-08-30 20:07 ` Borislav Petkov
2021-08-30 20:09 ` Thomas Gleixner
2021-08-30 21:02 ` Al Viro
2021-08-30 21:26 ` Linus Torvalds
2021-08-30 21:30 ` Al Viro
2021-08-30 22:00 ` Linus Torvalds [this message]
2021-08-30 22:12 ` Thomas Gleixner
2021-08-30 22:26 ` Linus Torvalds
2021-08-31 0:06 ` Al Viro
2021-08-31 0:34 ` Thomas Gleixner
2021-08-31 7:39 ` Borislav Petkov
2021-08-31 18:39 ` Luck, Tony
2021-09-01 7:27 ` Borislav Petkov
2021-08-30 22:01 ` Thomas Gleixner
2021-08-30 22:11 ` Linus Torvalds
2021-09-01 12:00 ` Thomas Gleixner
2021-09-01 15:52 ` Thomas Gleixner
2021-09-01 16:47 ` Sean Christopherson
2021-09-01 19:22 ` Thomas Gleixner
2021-09-01 19:22 ` Dave Hansen
2021-09-02 13:08 ` Jarkko Sakkinen
2021-09-02 14:08 ` Thomas Gleixner
2021-09-03 6:00 ` Jarkko Sakkinen
2021-09-03 6:05 ` Jarkko Sakkinen
2021-08-30 16:27 ` [patch 02/10] x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe() Thomas Gleixner
2021-08-30 16:27 ` [patch 03/10] x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe() Thomas Gleixner
2021-08-30 16:27 ` [patch 04/10] x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean Thomas Gleixner
2021-08-30 16:27 ` [patch 05/10] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers " Thomas Gleixner
2021-08-30 16:27 ` [patch 06/10] x86/signal: Change return type of restore_sigcontext() " Thomas Gleixner
2021-08-30 16:27 ` [patch 07/10] x86/fpu/signal: Change return type of fpu__restore_sig() " Thomas Gleixner
2021-08-30 16:27 ` [patch 08/10] x86/fpu/signal: Change return type of __fpu_restore_sig() " Thomas Gleixner
2021-08-30 16:27 ` [patch 09/10] x86/fpu/signal: Change return code of check_xstate_in_sigframe() " Thomas Gleixner
2021-08-30 16:27 ` [patch 10/10] x86/fpu/signal: Change return code of restore_fpregs_from_user() " Thomas Gleixner
2021-08-30 17:39 ` [patch 00/10] x86/fpu: Clean up error handling in sigframe related code Linus Torvalds
2021-08-30 18:51 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wh57tMaJxcH=kWE4xdKLjayKSDEVvMwHG4fKZ5tUHF6mg@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).