| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42c317bc-6212-caef-687e-84e8f009d8b5@nvidia.com>
Date: Thu, 17 Sep 2020 10:47:26 -0700
From: John Hubbard <jhubbard@...dia.com>
To: Ira Weiny <ira.weiny@...el.com>,
Dan Carpenter <dan.carpenter@...cle.com>
CC: Souptick Joarder <jrdr.linux@...il.com>,
<mporter@...nel.crashing.org>, <alex.bou9@...il.com>,
<akpm@...ux-foundation.org>, <gustavoars@...nel.org>,
<madhuparnabhowmik10@...il.com>, <linux-kernel@...r.kernel.org>,
"Matthew Wilcox" <willy@...radead.org>
Subject: Re: [linux-next PATCH] rapidio: Fix error handling path
On 9/17/20 10:34 AM, Ira Weiny wrote:
> On Thu, Sep 17, 2020 at 03:39:51PM +0300, Dan Carpenter wrote:
>> On Wed, Sep 16, 2020 at 01:02:32PM +0300, Dan Carpenter wrote:
>>> On Wed, Sep 16, 2020 at 09:12:17AM +0530, Souptick Joarder wrote:
>>>> There is an error when pin_user_pages_fast() returns -ERRNO and
>>>> inside error handling path driver end up calling unpin_user_pages()
>>>> with -ERRNO which is not correct.
>>>>
>>>> This patch will fix the problem.
>>>
>>> There are a few ways we could prevent bug in the future.
>>>
>>> 1) This could have been caught with existing static analysis tools
>>> which warn about when a value is set but not used.
>>>
>>> 2) I've created a Smatch check which warngs about:
>>>
>>> drivers/rapidio/devices/rio_mport_cdev.c:955 rio_dma_transfer() warn: unpinning negative pages 'nr_pages'
>>>
>>> I'll test it out tonight and see how well it works. I don't
>>> immediately see any other bugs allthough Smatch doesn't like the code
>>> in siw_umem_release(). It uses "min_t(int" which suggests that
>>> negative pages are okay.
>>>
>>> int to_free = min_t(int, PAGES_PER_CHUNK, num_pages);
>>>
>>
>> I only found one bug but I'm going to add unpin_user_pages_dirty_lock()
>> to the mix a retest. There were a few other false positives. In
>> reviewing the code, I noticed that orangefs_bufmap_map() is also buggy.
>>
>> I sort of feel like returning partial successes is not working. We
>> could easily make a wrapper which either pins everything or it returns
>> an error code.
Yes we could. And I have the same feeling about this API. It's generated a
remarkable amount of bug fixes, several of which ended up being partial or
wrong in themselves. And mostly this is due to the complicated tristate
return code: instead of 0 or -ERRNO, it also can return "N pages that is
less than what you requested", and there are no standard helpers in the kernel
to make that easier to deal with.
>
> I guess the question is are there drivers which will keep working (or limp
> along?) on partial pins? A quick search of a driver I thought did this does
> not apparently any more... So it sounds good to me from 30,000 feet! :-D
It sounds good to me too--and from just a *few hundred feet* (having touched most
of the call sites at some point)! haha :)
I think the wrapper should be short-term, though, just until all the callers
are converted to the simpler API. Then change the core gup/pup calls to the simpler
API. There are more than enough gup/pup API entry points as it is, that's for sure.
thanks,
--
John Hubbard
NVIDIA
Powered by blists - more mailing lists