[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190226075444.GO13653@xz-x1>
Date: Tue, 26 Feb 2019 15:54:44 +0800
From: Peter Xu <peterx@...hat.com>
To: Mike Rapoport <rppt@...ux.ibm.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
David Hildenbrand <david@...hat.com>,
Hugh Dickins <hughd@...gle.com>,
Maya Gokhale <gokhale2@...l.gov>,
Jerome Glisse <jglisse@...hat.com>,
Pavel Emelyanov <xemul@...tuozzo.com>,
Johannes Weiner <hannes@...xchg.org>,
Martin Cracauer <cracauer@...s.org>, Shaohua Li <shli@...com>,
Marty McFadden <mcfadden8@...l.gov>,
Andrea Arcangeli <aarcange@...hat.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Denis Plotnikov <dplotnikov@...tuozzo.com>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
Mel Gorman <mgorman@...e.de>,
"Kirill A . Shutemov" <kirill@...temov.name>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
Rik van Riel <riel@...hat.com>
Subject: Re: [PATCH v2 20/26] userfaultfd: wp: support write protection for
userfault vma range
On Tue, Feb 26, 2019 at 09:46:12AM +0200, Mike Rapoport wrote:
[...]
> > > > > > +int mwriteprotect_range(struct mm_struct *dst_mm, unsigned long start,
> > > > > > + unsigned long len, bool enable_wp, bool *mmap_changing)
> > > > > > +{
> > > > > > + struct vm_area_struct *dst_vma;
> > > > > > + pgprot_t newprot;
> > > > > > + int err;
> > > > > > +
> > > > > > + /*
> > > > > > + * Sanitize the command parameters:
> > > > > > + */
> > > > > > + BUG_ON(start & ~PAGE_MASK);
> > > > > > + BUG_ON(len & ~PAGE_MASK);
> > > > > > +
> > > > > > + /* Does the address range wrap, or is the span zero-sized? */
> > > > > > + BUG_ON(start + len <= start);
> > > > >
> > > > > I'd replace these BUG_ON()s with
> > > > >
> > > > > if (WARN_ON())
> > > > > return -EINVAL;
> > > >
> > > > I believe BUG_ON() is used because these parameters should have been
> > > > checked in userfaultfd_writeprotect() already by the common
> > > > validate_range() even before calling mwriteprotect_range(). So I'm
> > > > fine with the WARN_ON() approach but I'd slightly prefer to simply
> > > > keep the patch as is to keep Jerome's r-b if you won't disagree. :)
> > >
> > > Right, userfaultfd_writeprotect() should check these parameters and if it
> > > didn't it was a bug indeed. But still, it's not severe enough to crash the
> > > kernel.
> > >
> > > I hope Jerome wouldn't mind to keep his r-b with s/BUG_ON/WARN_ON ;-)
> > >
> > > With this change you can also add
> > >
> > > Reviewed-by: Mike Rapoport <rppt@...ux.ibm.com>
> >
> > Thanks! Though before I change anything... please note that the
> > BUG_ON()s are really what we've done in existing MISSING code. One
> > example is userfaultfd_copy() which did validate_range() first, then
> > in __mcopy_atomic() we've used BUG_ON()s. They make sense to me
> > becauase userspace should never be able to trigger it. And if we
> > really want to change the BUG_ON()s in this patch, IMHO we probably
> > want to change the other BUG_ON()s as well, then that can be a
> > standalone patch or patchset to address another issue...
>
> Yeah, we have quite a lot of them, so doing the replacement in a separate
> patch makes perfect sense.
>
> > (and if we really want to use WARN_ON, I would prefer WARN_ON_ONCE, or
> > directly return the errors to avoid DOS).
>
> Agree.
>
> > I'll see how you'd prefer to see how I should move on with this patch.
>
> Let's keep this patch as is and make the replacement on top of the WP
> series. Feel free to add r-b.
Great! I'll do. Thanks,
--
Peter Xu
Powered by blists - more mailing lists