RE: [PATCH 2/2] futex, x86/mce: Avoid double machine checks

2021-01-08 Thread Luck, Tony 
> Yeah, saw that, but that should be trivially fixable I'm thinking.

Trivial, maybe ... but then follows the audit of other get_user() calls:

git grep get_user\( | wc -l
2003

:-(

-Tony

Re: [PATCH 2/2] futex, x86/mce: Avoid double machine checks

2021-01-08 Thread Peter Zijlstra 
On Fri, Jan 08, 2021 at 11:08:58PM +, Luck, Tony wrote:
> > I think this is horrid; why can't we have it return something different
> > then -EFAULT instead?
> 
> I did consider this ... but it appears that architectures aren't unified in 
> the
> return value from get_user()

But surely none are currently returning -EMEMERR or whatever name we
come up with.

> Here's another function involved in the futex call chain leading to this:
> 
> static int get_futex_value_locked(u32 *dest, u32 __user *from)
> {
> int ret;
> 
> pagefault_disable();
> ret = __get_user(*dest, from);
> pagefault_enable();
> 
> return ret ? -EFAULT : 0;
> }
> 
> It seems like the expectation here is just "zero or not" and we
> don't care what the "not" value is ... just turn it into -EFAULT.

Yeah, saw that, but that should be trivially fixable I'm thinking.

RE: [PATCH 2/2] futex, x86/mce: Avoid double machine checks

2021-01-08 Thread Luck, Tony 
> I think this is horrid; why can't we have it return something different
> then -EFAULT instead?

I did consider this ... but it appears that architectures aren't unified in the
return value from get_user()

Here's another function involved in the futex call chain leading to this:

static int get_futex_value_locked(u32 *dest, u32 __user *from)
{
int ret;

pagefault_disable();
ret = __get_user(*dest, from);
pagefault_enable();

return ret ? -EFAULT : 0;
}

It seems like the expectation here is just "zero or not" and we
don't care what the "not" value is ... just turn it into -EFAULT.

-Tony

Re: [PATCH 2/2] futex, x86/mce: Avoid double machine checks

2021-01-08 Thread Peter Zijlstra 
On Fri, Jan 08, 2021 at 02:22:51PM -0800, Tony Luck wrote:
> futex_wait_setup() first tries to read the user value with page faults
> disabled (because it holds a lock, and so cannot sleep). If that read
> fails it drops the lock and tries again.
> 
> But there are now two reasons why the user space read can fail. Either:
> 1) legacy case of a page fault, in which case it is reasonable to retry
> 2) machine check on the user address, bad idea to re-read
> 
> Add some infrastructure to differentiate these cases.

> --- a/kernel/futex.c
> +++ b/kernel/futex.c
> @@ -2658,6 +2658,9 @@ static int futex_wait_setup(u32 __user *uaddr, u32 val, 
> unsigned int flags,
>   if (ret) {
>   queue_unlock(*hb);
>  
> + if (arch_memory_failure(uaddr))
> + return ret;
> +
>   ret = get_user(uval, uaddr);
>   if (ret)
>   return ret;


I think this is horrid; why can't we have it return something different
then -EFAULT instead?