lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 22 Jun 2021 16:20:40 +0100
From:   David Howells <>
cc:, Ted Ts'o <>,
        Dave Hansen <>,
        Andrew Morton <>,,,,,,
Subject: Do we need to unrevert "fs: do not prefault sys_write() user buffer pages"?

Hi Linus,

I've been looking at generic_perform_write() with an eye to adapting a version
for network filesystems in general.  I'm wondering if it's actually safe or
whether it needs 00a3d660cbac05af34cca149cb80fb611e916935 reverting, which is
itself a revert of 998ef75ddb5709bbea0bf1506cd2717348a3c647.

Anyway, I was looking at this bit:

	bytes = min_t(unsigned long, PAGE_SIZE - offset,
	if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
		status = -EFAULT;

	if (fatal_signal_pending(current)) {
		status = -EINTR;

	status = a_ops->write_begin(file, mapping, pos, bytes, flags,
					&page, &fsdata);
	if (unlikely(status < 0))

	if (mapping_writably_mapped(mapping))

	copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);

and wondering if the iov_iter_fault_in_readable() is actually effective.  Yes,
it can make sure that the page we're intending to modify is dragged into the
pagecache and marked uptodate so that it can be read from, but is it possible
for the page to then get reclaimed before we get to
iov_iter_copy_from_user_atomic()?  a_ops->write_begin() could potentially take
a long time, say if it has to go and get a lock/lease from a server.

Also, I've been thinking about Willy's folio/THP stuff that allows bunches of
pages to be glued together into single objects for efficiency.  This is
problematic with the above code because the faultahead is limited to a maximum
of PAGE_SIZE, but we might be wanting to modify a larger object than that.


Powered by blists - more mailing lists