RE: [PATCH 2/2] futex, x86/mce: Avoid double machine checks
> Yeah, saw that, but that should be trivially fixable I'm thinking. Trivial, maybe ... but then follows the audit of other get_user() calls: git grep get_user\( | wc -l 2003 :-( -Tony
Re: [PATCH 2/2] futex, x86/mce: Avoid double machine checks
On Fri, Jan 08, 2021 at 11:08:58PM +, Luck, Tony wrote: > > I think this is horrid; why can't we have it return something different > > then -EFAULT instead? > > I did consider this ... but it appears that architectures aren't unified in > the > return value from get_user() But surely none are currently returning -EMEMERR or whatever name we come up with. > Here's another function involved in the futex call chain leading to this: > > static int get_futex_value_locked(u32 *dest, u32 __user *from) > { > int ret; > > pagefault_disable(); > ret = __get_user(*dest, from); > pagefault_enable(); > > return ret ? -EFAULT : 0; > } > > It seems like the expectation here is just "zero or not" and we > don't care what the "not" value is ... just turn it into -EFAULT. Yeah, saw that, but that should be trivially fixable I'm thinking.
RE: [PATCH 2/2] futex, x86/mce: Avoid double machine checks
> I think this is horrid; why can't we have it return something different > then -EFAULT instead? I did consider this ... but it appears that architectures aren't unified in the return value from get_user() Here's another function involved in the futex call chain leading to this: static int get_futex_value_locked(u32 *dest, u32 __user *from) { int ret; pagefault_disable(); ret = __get_user(*dest, from); pagefault_enable(); return ret ? -EFAULT : 0; } It seems like the expectation here is just "zero or not" and we don't care what the "not" value is ... just turn it into -EFAULT. -Tony
Re: [PATCH 2/2] futex, x86/mce: Avoid double machine checks
On Fri, Jan 08, 2021 at 02:22:51PM -0800, Tony Luck wrote: > futex_wait_setup() first tries to read the user value with page faults > disabled (because it holds a lock, and so cannot sleep). If that read > fails it drops the lock and tries again. > > But there are now two reasons why the user space read can fail. Either: > 1) legacy case of a page fault, in which case it is reasonable to retry > 2) machine check on the user address, bad idea to re-read > > Add some infrastructure to differentiate these cases. > --- a/kernel/futex.c > +++ b/kernel/futex.c > @@ -2658,6 +2658,9 @@ static int futex_wait_setup(u32 __user *uaddr, u32 val, > unsigned int flags, > if (ret) { > queue_unlock(*hb); > > + if (arch_memory_failure(uaddr)) > + return ret; > + > ret = get_user(uval, uaddr); > if (ret) > return ret; I think this is horrid; why can't we have it return something different then -EFAULT instead?