copying from/to user question - Christian Brauner

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Christian Brauner <brauner@kernel.org>
To: Jan Kara <jack@suse.cz>,
	 Linus Torvalds <torvalds@linux-foundation.org>,
	Amir Goldstein <amir73il@gmail.com>,
	 Aleksa Sarai <cyphar@cyphar.com>,
	Mike Rapoport <rppt@kernel.org>,
	 Vlastimil Babka <vbabka@suse.cz>,
	Matthew Wilcox <willy@infradead.org>
Cc: linux-mm@kvack.org, linux-fsdevel@vger.kernel.org
Subject: copying from/to user question
Date: Mon, 9 Sep 2024 10:50:04 +0200	[thread overview]
Message-ID: <4psosyj7qxdadmcrt7dpnk4xi2uj2ndhciimqnhzamwwijyxpi@feuo6jqg5y7u> (raw)

Hey,

This is another round of Christian's asking sus questions about kernel
apis. I asked them a few people and generally the answers I got was
"Good question, I don't know." or the reasoning varied a lot. So I take
it I'm not the only one with that question.

I was looking at a potential epoll() bug and it got me thinking about
dos & don'ts for put_user()/copy_from_user() and related helpers as
epoll does acquire the epoll mutex and then goes on to loop over a list
of ready items and calls __put_user() for each item. Granted, it only
puts a __u64 and an integer but still that seems adventurous to me and I
wondered why.

Generally, new vfs apis always try hard to call helpers that copy to or
from userspace without any locks held as my understanding has been that
this is best practice as to avoid risking taking page faults while
holding a mutex or semaphore even though that's supposedly safe.

Is this understanding correct? And aside from best practice is it in
principle safe to copy to or from userspace with sleeping locks held?

next             reply	other threads:[~2024-09-09  8:50 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-09  8:50 Christian Brauner [this message]
2024-09-09  9:18 ` Christian Brauner
2024-09-09 12:14   ` Arnd Bergmann
2024-09-09 14:31     ` Thomas Gleixner
2024-09-09 17:14   ` Linus Torvalds
2024-09-09 14:55 ` Al Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4psosyj7qxdadmcrt7dpnk4xi2uj2ndhciimqnhzamwwijyxpi@feuo6jqg5y7u \
    --to=brauner@kernel.org \
    --cc=amir73il@gmail.com \
    --cc=cyphar@cyphar.com \
    --cc=jack@suse.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=rppt@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=vbabka@suse.cz \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox