From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5222C48BF6 for ; Thu, 29 Feb 2024 08:13:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 734856B009B; Thu, 29 Feb 2024 03:13:28 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6E55E6B009C; Thu, 29 Feb 2024 03:13:28 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5ABE46B009D; Thu, 29 Feb 2024 03:13:28 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 490466B009B for ; Thu, 29 Feb 2024 03:13:28 -0500 (EST) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 0AB3DC0FF4 for ; Thu, 29 Feb 2024 08:13:28 +0000 (UTC) X-FDA: 81844126896.15.FA0C50F Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) by imf30.hostedemail.com (Postfix) with ESMTP id CA78C80013 for ; Thu, 29 Feb 2024 08:13:24 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf30.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1709194406; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EyuX8QX9k23nQ0uZ7Rp7MwRzDLda1XtvWJqedHhJVDk=; b=8dyZKlIUJfZFMv8yoBUp885XX4DhmXLWk0uBc7xu2wId3mZd517AnzwMD5ln2MNy0lTzEl DdeYZWeEN5UXPa1wWJ5DMxvE88yO+gcxFeLkYptCBnCX+7rEv1OWODJCqohPsAf6EnG0AB ef+li6KRCwzdKcMZyiFu3k3cLKMv11A= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf30.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709194406; a=rsa-sha256; cv=none; b=DyB5IkvErJHe1Ws2V+tfUqbWt597Yzljfs9C+lAXoCUUUJN/EsWEKpk+LJpHV5aJ8bTrUN jBEdUdE3KeeeYM4xvB8eaNpoXgpm1gDsVBC5vJvE9i/uRdGtVaV80t3yH+3JlhvPohLJCz 1pev4Goqjicd54kZuv3JPCKUr4dWg90= Received: from mail.maildlp.com (unknown [172.19.163.17]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4TlkTK1Ntcz1xppT; Thu, 29 Feb 2024 16:11:49 +0800 (CST) Received: from kwepemm600017.china.huawei.com (unknown [7.193.23.234]) by mail.maildlp.com (Postfix) with ESMTPS id 4AB2F1A0172; Thu, 29 Feb 2024 16:13:20 +0800 (CST) Received: from [10.174.179.234] (10.174.179.234) by kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 29 Feb 2024 16:13:19 +0800 Message-ID: Date: Thu, 29 Feb 2024 16:13:18 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [bug report] dead loop in generic_perform_write() //Re: [PATCH v7 07/12] iov_iter: Convert iterate*() to inline funcs To: Linus Torvalds , Alexander Viro CC: David Howells , Jens Axboe , Al Viro , Christoph Hellwig , Christian Brauner , David Laight , Matthew Wilcox , Jeff Layton , , , , , , Kefeng Wang References: <20230925120309.1731676-1-dhowells@redhat.com> <20230925120309.1731676-8-dhowells@redhat.com> <4e80924d-9c85-f13a-722a-6a5d2b1c225a@huawei.com> From: Tong Tiangen In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.179.234] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To kwepemm600017.china.huawei.com (7.193.23.234) X-Rspam-User: X-Stat-Signature: t7576dfcfahc5ewdpsoazw9pgrh5oy7o X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: CA78C80013 X-HE-Tag: 1709194404-745140 X-HE-Meta: U2FsdGVkX186Ze1yMZX0LwKBvwBs7oqCzIckF+cKGtcrb5a00fnkfFA8q3fAMDEto/6/OsqsD99RhJh9SS7gZy1s8gtJcoN938Jc6SAUL2z2cOz1EsX4X7jiWkjeDv2dVaIauscx+gNzGAD7cNB7VPNN++4ntSK3782geWJO9z8iSLKzqRPE99Y+08xYbnmy6Xv1jgJC7Ia/Y//OtbsU6y/cPHJBHyM2nJF1WYfvap+Zh2CaSlVDjTZKzojmH1KRsmCb1pEy1acwW6YjcetMM83BmgkhbM4DW6SgJPX3xXlLFYTMd7OitNYa0WLKT5J2ypUIwckunudOVLKYw9XF7L9tSsjiZV7TJeDq18s5UyR5rxIyEtQ9ZLnDSvWzUW8COyfBCM0by30r3+tewBgUBQDU8maOAw/aybC18CUDtIp27ddeeJuqOayafFiTdv3ft8yztA13j/QUqbx8jfF2LQZQXAjsS8nqjypAOhd4Nb/Koo/UStdUI/2qsCd8MahW67zUnRFSmVLfx/kQaHjixPbK3Gs8xljg4+3T7tvh/de86kbR4kHlZ6JXsPNLuw+2WLKE9ZFkU7rSLbkspHnCRYc4RbGnFuwdw6actYlF7UEkvGq/YDXI/tBUonnkNxe/C3jghXsF9j/H1SV+ZYF220ZfbP+ZFg4lZuA04/GyXjtjf21qqSFdu4GKEa+C0V5q0uCtvDXFrwuLsslylgMUi2bf10Kz4bCndQmz43iHCXPNS+pgS7JCllM5ZS/Tn0i3MjPtWIJ++xCQodLq2WqIMpOgP3RXeRnQe+qc5sKboNCUgkw7ld3OWsuD8ZuZKSOR2G0hf+JFbIBG82qRcpEhfHrZUH5jkbR7ZxbIs/iSOX5eZH7lu+a7shMfr7ekZ8ZAeQrZb7E27UV/twCfsgRaZALjmTlLoYiPpTsfDOKKjRwjwEUn/e2hx5pjvGIn0bg1izd3vQhKoPxnf8vZX4N m7XSBuAV dUd+vMNL1NKEoLyuWEqzQvobIWV1felBBZD4ZMO4s10cjpj1a2W2DAARSiIjs59Mwgh+MrHNNVwtsQ4i1bG+FacD0mVDN1yFmvzJ1OCbNEWzf44taCRn5nfQ5Vgyl2nKDeUDcO8r4cuQ4mlHCHNLNBrx9K2c7VW7kaJOdLuDNzoKCBgcAyoYxOpXvbXPZdqETHv/pMIVWoyV0a8XBaQFyMrzd84DrbkeOtuKVb2UgKmmg/wZ9N7B6QnzjDd2MP6itqhnIM7hyZrDsC68= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: 在 2024/2/29 6:57, Linus Torvalds 写道: > On Wed, 28 Feb 2024 at 13:21, Linus Torvalds > wrote: >> >> Hmm. If the copy doesn't succeed and make any progress at all, then >> the code in generic_perform_write() after the "goto again" >> >> //[4] >> if (unlikely(fault_in_iov_iter_readable(i, bytes) == >> bytes)) { >> >> should break out of the loop. > > Ahh. I see the problem. Or at least part of it. > > The iter is an ITER_BVEC. > > And fault_in_iov_iter_readable() "knows" that an ITER_BVEC cannot > fail. Because obviously it's a kernel address, so no user page fault. > > But for the machine check case, ITER_BVEC very much can fail. > > This should never have worked in the first place. > > What a crock. > > Do we need to make iterate_bvec() always succeed fully, and make > copy_mc_to_kernel() zero out the end? > > Linus > . Hi Linus: See the logic before this patch, always success (((void)(K),0)) is returned for three types: ITER_BVEC, ITER_KVEC and ITER_XARRAY. ------------------------------------------------------------------- -#define __iterate_and_advance(i, n, base, len, off, I, K) { \ - if (unlikely(i->count < n)) \ - n = i->count; \ - if (likely(n)) { \ - if (likely(iter_is_ubuf(i))) { \ [...] \ - iterate_buf(i, n, base, len, off, \ - i->ubuf, (I)) \ - } else if (likely(iter_is_iovec(i))) { \ [...] \ - iterate_iovec(i, n, base, len, off, \ - iov, (I)) \ - i->nr_segs -= iov - iter_iov(i); \ - i->__iov = iov; \ - } else if (iov_iter_is_bvec(i)) { \ [...] \ - iterate_bvec(i, n, base, len, off, \ - bvec, (K)) \ - i->nr_segs -= bvec - i->bvec; \ - i->bvec = bvec; \ - } else if (iov_iter_is_kvec(i)) { \ [...] \ - iterate_iovec(i, n, base, len, off, \ - kvec, (K)) \ [...] \ - } else if (iov_iter_is_xarray(i)) { \ [...] \ - iterate_xarray(i, n, base, len, off, \ - (K)) \ - } \ - i->count -= n; \ - } \ -} -#define iterate_and_advance(i, n, base, len, off, I, K) \ - __iterate_and_advance(i, n, base, len, off, I, ((void)(K),0)) ------------------------------------------------------------------- Maybe we're all gonna fix it back? as follows: ------------------------------------------------------------------- --- a/include/linux/iov_iter.h +++ b/include/linux/iov_iter.h @@ -246,11 +246,11 @@ size_t iterate_and_advance2(struct iov_iter *iter, size_t len, void *priv, if (likely(iter_is_iovec(iter))) return iterate_iovec(iter, len, priv, priv2, ustep); if (iov_iter_is_bvec(iter)) - return iterate_bvec(iter, len, priv, priv2, step); + return iterate_bvec(iter, len, priv, priv2, ((void *)step, 0)); if (iov_iter_is_kvec(iter)) - return iterate_kvec(iter, len, priv, priv2, step); + return iterate_kvec(iter, len, priv, priv2, ((void *)step, 0)); if (iov_iter_is_xarray(iter)) - return iterate_xarray(iter, len, priv, priv2, step); + return iterate_xarray(iter, len, priv, priv2, ((void *)step, 0)); return iterate_discard(iter, len, priv, priv2, step); } diff --git a/lib/iov_iter.c b/lib/iov_iter.c index e0aa6b440ca5..fabd5b1b97c7 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -257,7 +257,7 @@ static size_t __copy_from_iter_mc(void *addr, size_t bytes, struct iov_iter *i) bytes = i->count; if (unlikely(!bytes)) return 0; - return iterate_bvec(i, bytes, addr, NULL, memcpy_from_iter_mc); + return iterate_bvec(i, bytes, addr, NULL, ((void *)memcpy_from_iter_mc, 0)); } static __always_inline ------------------------------------------------------------------- Hi, maintainer Alexander, what do you think ? :) Thanks, Tong.