lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Feb 2016 10:52:17 -0800 From: "Luck, Tony" <tony.luck@...el.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Ingo Molnar <mingo@...nel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v11 3/4] x86, mce: Add __mcsafe_copy() On Thu, Feb 18, 2016 at 10:12:42AM -0800, Linus Torvalds wrote: > On Wed, Feb 17, 2016 at 10:20 AM, Tony Luck <tony.luck@...el.com> wrote: > > > > If we faulted during the copy, then 'trapnr' will say which type > > of trap (X86_TRAP_PF or X86_TRAP_MC) and 'remain' says how many > > bytes were not copied. > > So apart from the naming, a couple of questions: > > - I'd like to see the actual *use* case explained, not just what it does. First user is libnvdimm. Dan Williams already has code to use this so that kernel code accessing persistent memory can return -EIO to a user instead of crashing the system if the cpu runs into an uncorrected error during the copy. I would also lkie use this for a machine check aware copy_from_user() which would avoid crashing the kernel when the uncorrected error is in a user page (we can SIGBUS the user just like we do if the user touched the poison themself). copy_to_user() is also interesting if the source address is the page cache. I think we can also avoid crashing the kernel in this case too - but I haven't thought that all the way through. > - why does this use the complex - and slower, on modern machines - > unrolled manual memory copy, when you might as well just use a single > > rep ; movsb > > which not only makes it smaller, but makes the exception fixup trivial. Because current generation cpus don't give a recoverable machine check if we consume with a "rep ; movsb" :-( When we have that we can pick the best copy function based on the capabilities of the cpu we are running on. > - why not make the "bytes remaining" the same as for a user-space > copy (ie return it as the return value)? > > - at that point, it ends up looking a *lot* like uaccess_try/catch, > which gets the error code from current_thread_info()->uaccess_err For my copy_from_user/copy_to_user cases we need to know both the number of remaining bytes and also *why* we stopped copying. We might have #PF, in which case we return -EFAULT to the user, if we have #MC then the recovery path is different (need to offline the page, SIGBUS the user, ...) -Tony
Powered by blists - more mailing lists