Re: [RFC][arm64] possible infinite loop in btrfs search_ioctl()

From: Linus Torvalds
Date: Thu Oct 21 2021 - 22:30:53 EST

Next message: Rongwei Wang: "[PATCH RESEND] mm, thp: bail out early in collapse_file for writeback page"
Previous message: Rajat Jain: "[PATCH 3/3] i2c: enable async suspend/resume on i2c client devices"
In reply to: Catalin Marinas: "Re: [RFC][arm64] possible infinite loop in btrfs search_ioctl()"
Next in thread: Catalin Marinas: "Re: [RFC][arm64] possible infinite loop in btrfs search_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 21, 2021 at 4:42 AM Andreas Gruenbacher <agruenba@xxxxxxxxxx> wrote:
>
> But probing the entire memory range in fault domain granularity in the
> page fault-in functions still doesn't actually make sense. Those
> functions really only need to guarantee that we'll be able to make
> progress eventually. From that point of view, it should be enough to
> probe the first byte of the requested memory range

That's probably fine.

Although it should be more than one byte - "copy_from_user()" might do
word-at-a-time optimizations, so you could have an infinite loop of

(a) copy_from_user() fails because the chunk it tried to get failed partly

(b) fault_in() probing succeeds, because the beginning part is fine

so I agree that the fault-in code doesn't need to do the whole area,
but it needs to at least do some <N bytes, up to length> thing, to
handle the situation where the copy_to/from_user requires more than a
single byte.

Linus

Next message: Rongwei Wang: "[PATCH RESEND] mm, thp: bail out early in collapse_file for writeback page"
Previous message: Rajat Jain: "[PATCH 3/3] i2c: enable async suspend/resume on i2c client devices"
In reply to: Catalin Marinas: "Re: [RFC][arm64] possible infinite loop in btrfs search_ioctl()"
Next in thread: Catalin Marinas: "Re: [RFC][arm64] possible infinite loop in btrfs search_ioctl()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]