| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Mar 2019 16:34:04 -0700
From: John Hubbard <jhubbard@...dia.com>
To: Jerome Glisse <jglisse@...hat.com>
CC: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Dan Williams <dan.j.williams@...el.com>
Subject: Re: [PATCH v2 10/11] mm/hmm: add helpers for driver to safely take
the mmap_sem v2
On 3/28/19 4:24 PM, Jerome Glisse wrote:
> On Thu, Mar 28, 2019 at 04:20:37PM -0700, John Hubbard wrote:
>> On 3/28/19 4:05 PM, Jerome Glisse wrote:
>>> On Thu, Mar 28, 2019 at 03:43:33PM -0700, John Hubbard wrote:
>>>> On 3/28/19 3:40 PM, Jerome Glisse wrote:
>>>>> On Thu, Mar 28, 2019 at 03:25:39PM -0700, John Hubbard wrote:
>>>>>> On 3/28/19 3:08 PM, Jerome Glisse wrote:
>>>>>>> On Thu, Mar 28, 2019 at 02:41:02PM -0700, John Hubbard wrote:
>>>>>>>> On 3/28/19 2:30 PM, Jerome Glisse wrote:
>>>>>>>>> On Thu, Mar 28, 2019 at 01:54:01PM -0700, John Hubbard wrote:
>>>>>>>>>> On 3/25/19 7:40 AM, jglisse@...hat.com wrote:
>>>>>>>>>>> From: Jérôme Glisse <jglisse@...hat.com>
>>>>>> [...]
>>>>>> OK, so let's either drop this patch, or if merge windows won't allow that,
>>>>>> then *eventually* drop this patch. And instead, put in a hmm_sanity_check()
>>>>>> that does the same checks.
>>>>>
>>>>> RDMA depends on this, so does the nouveau patchset that convert to new API.
>>>>> So i do not see reason to drop this. They are user for this they are posted
>>>>> and i hope i explained properly the benefit.
>>>>>
>>>>> It is a common pattern. Yes it only save couple lines of code but down the
>>>>> road i will also help for people working on the mmap_sem patchset.
>>>>>
>>>>
>>>> It *adds* a couple of lines that are misleading, because they look like they
>>>> make things safer, but they don't actually do so.
>>>
>>> It is not about safety, sorry if it confused you but there is nothing about
>>> safety here, i can add a big fat comment that explains that there is no safety
>>> here. The intention is to allow the page fault handler that potential have
>>> hundred of page fault queue up to abort as soon as it sees that it is pointless
>>> to keep faulting on a dying process.
>>>
>>> Again if we race it is _fine_ nothing bad will happen, we are just doing use-
>>> less work that gonna be thrown on the floor and we are just slowing down the
>>> process tear down.
>>>
>>
>> In addition to a comment, how about naming this thing to indicate the above
>> intention? I have a really hard time with this odd down_read() wrapper, which
>> allows code to proceed without really getting a lock. It's just too wrong-looking.
>> If it were instead named:
>>
>> hmm_is_exiting()
>
> What about: hmm_lock_mmap_if_alive() ?
>
That's definitely better, but I want to vote for just doing a check, not
taking any locks.
I'm not super concerned about the exact name, but I really want a routine that
just checks (and optionally asserts, via WARN or BUG), and that's *all*. Then
drivers can scatter that around like pixie dust as they see fit. Maybe right before
taking a lock, maybe in other places. Decoupled from locking.
thanks,
--
John Hubbard
NVIDIA
Powered by blists - more mailing lists