Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior

[PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
[PATCH v2 02/10] arm64: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
Re: [PATCH v2 02/10] arm64: uaccess s/might_sleep/might_fault/ · Catalin Marinas <catalin.marinas@arm.com> · 2013-05-16
[PATCH v2 04/10] m32r: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
[PATCH v2 05/10] microblaze: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
[PATCH v2 03/10] frv: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
[PATCH v2 06/10] mn10300: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
[PATCH v2 07/10] powerpc: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
Re: [PATCH v2 07/10] powerpc: uaccess s/might_sleep/might_fault/ · Arnd Bergmann <arnd@arndb.de> · 2013-05-22
Re: [PATCH v2 07/10] powerpc: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-22
Re: [PATCH v2 07/10] powerpc: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-24
Re: [PATCH v2 07/10] powerpc: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-24
Re: [PATCH v2 07/10] powerpc: uaccess s/might_sleep/might_fault/ · Arnd Bergmann <arnd@arndb.de> · 2013-05-24
[PATCH v2 08/10] tile: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
Re: [PATCH v2 08/10] tile: uaccess s/might_sleep/might_fault/ · Chris Metcalf <hidden> · 2013-05-16
[PATCH v2 09/10] x86: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
[PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Peter Zijlstra <peterz@infradead.org> · 2013-05-16
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-19
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Steven Rostedt <rostedt@goodmis.org> · 2013-05-19
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-19
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Steven Rostedt <rostedt@goodmis.org> · 2013-05-19
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-19
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Steven Rostedt <rostedt@goodmis.org> · 2013-05-19
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-19
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Peter Zijlstra <peterz@infradead.org> · 2013-05-21
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Peter Zijlstra <peterz@infradead.org> · 2013-05-21
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-22
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Peter Zijlstra <peterz@infradead.org> · 2013-05-22
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-22
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · Peter Zijlstra <peterz@infradead.org> · 2013-05-21
Re: [PATCH v2 10/10] kernel: might_fault does not imply might_sleep · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-22
[PATCH v2 01/10] asm-generic: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-16
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · Arnd Bergmann <arnd@arndb.de> · 2013-05-22
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-22
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · Peter Zijlstra <peterz@infradead.org> · 2013-05-22
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-22
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · Peter Zijlstra <peterz@infradead.org> · 2013-05-22
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · Russell King - ARM Linux <hidden> · 2013-05-22
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · Arnd Bergmann <arnd@arndb.de> · 2013-05-22
Re: [PATCH v2 00/10] uaccess: better might_sleep/might_fault behavior · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-22
[PATCH v3 07/11] powerpc: uaccess s/might_sleep/might_fault/ · "Michael S. Tsirkin" <mst@redhat.com> · 2013-05-24

From: "Michael S. Tsirkin" <mst@redhat.com>
Date: 2013-05-22 09:59:43
Also in: kvm, linux-arch, linux-arm-kernel, linux-mm, lkml

On Wed, May 22, 2013 at 11:25:36AM +0200, Arnd Bergmann wrote:

On Thursday 16 May 2013, Michael S. Tsirkin wrote:

quoted

This improves the might_fault annotations used
by uaccess routines:

1. The only reason uaccess routines might sleep
   is if they fault. Make this explicit for
   all architectures.
2. Accesses (e.g through socket ops) to kernel memory
   with KERNEL_DS like net/sunrpc does will never sleep.
   Remove an unconditinal might_sleep in the inline
   might_fault in kernel.h
   (used when PROVE_LOCKING is not set).
3. Accesses with pagefault_disable return EFAULT
   but won't cause caller to sleep.
   Check for that and avoid might_sleep when
   PROVE_LOCKING is set.

I'd like these changes to go in for the benefit of
the vhost driver where we want to call socket ops
under a spinlock, and fall back on slower thread handler
on error.

Hi Michael,

I have recently stumbled over a related topic, which is the highly
inconsistent placement of might_fault() or might_sleep() in certain
classes of uaccess functions. Your patches seem completely reasonable,
but it would be good to also fix the other problem, at least on
the architectures we most care about.

Given the most commonly used functions and a couple of architectures
I'm familiar with, these are the ones that currently call might_fault()

			x86-32	x86-64	arm	arm64	powerpc	s390	generic
copy_to_user		-	x	-	-	-	x	x
copy_from_user		-	x	-	-	-	x	x
put_user		x	x	x	x	x	x	x
get_user		x	x	x	x	x	x	x
__copy_to_user		x	x	-	-	x	-	-
__copy_from_user	x	x	-	-	x	-	-
__put_user		-	-	x	-	x	-	-
__get_user		-	-	x	-	x	-	-

WTF?

Yea.

Calling might_fault() for every __get_user/__put_user is rather expensive
because it turns what should be a single instruction (plus fixup) into an
external function call.

You mean _cond_resched with CONFIG_PREEMPT_VOLUNTARY? Or do you
mean when we build with PROVE_LOCKING?

My feeling is that we should do might_fault() only in access_ok() to get
the right balance.

	Arnd

Well access_ok is currently non-blocking I think - we'd have to audit
all callers. There are some 200 of these in drivers and some
1000 total so ... a bit risky.

-- 
MST

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help