x86, powerpc: Rename memcpy_mcsafe() to copy_mc_to_{user, kernel}()
In reaction to a proposal to introduce a memcpy_mcsafe_fast() implementation Linus points out that memcpy_mcsafe() is poorly named relative to communicating the scope of the interface. Specifically what addresses are valid to pass as source, destination, and what faults / exceptions are handled. Of particular concern is that even though x86 might be able to handle the semantics of copy_mc_to_user() with its common copy_user_generic() implementation other archs likely need / want an explicit path for this case: On Fri, May 1, 2020 at 11:28 AM Linus Torvalds <torvalds@linux-foundation.org> wrote: > > On Thu, Apr 30, 2020 at 6:21 PM Dan Williams <dan.j.williams@intel.com> wrote: > > > > However now I see that copy_user_generic() works for the wrong reason. > > It works because the exception on the source address due to poison > > looks no different than a write fault on the user address to the > > caller, it's still just a short copy. So it makes copy_to_user() work > > for the wrong reason relative to the name. > > Right. > > And it won't work that way on other architectures. On x86, we have a > generic function that can take faults on either side, and we use it > for both cases (and for the "in_user" case too), but that's an > artifact of the architecture oddity. > > In fact, it's probably wrong even on x86 - because it can hide bugs - > but writing those things is painful enough that everybody prefers > having just one function. Replace a single top-level memcpy_mcsafe() with either copy_mc_to_user(), or copy_mc_to_kernel(). Introduce an x86 copy_mc_fragile() name as the rename for the low-level x86 implementation formerly named memcpy_mcsafe(). It is used as the slow / careful backend that is supplanted by a fast copy_mc_generic() in a follow-on patch. One side-effect of this reorganization is that separating copy_mc_64.S to its own file means that perf no longer needs to track dependencies for its memcpy_64.S benchmarks. [ bp: Massage a bit. ] Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Tony Luck <tony.luck@intel.com> Acked-by: Michael Ellerman <mpe@ellerman.id.au> Cc: <stable@vger.kernel.org> Link: http://lore.kernel.org/r/CAHk-=wjSqtXAqfUJxFtWNwmguFASTgB0dz1dT3V-78Quiezqbg@mail.gmail.com Link: https://lkml.kernel.org/r/160195561680.2163339.11574962055305783722.stgit@dwillia2-desk3.amr.corp.intel.com
This commit is contained in:
Dan Williams
committed by
Borislav Petkov
Borislav Petkov
parent
ed9705e4ad
commit
ec6347bb43
@ -637,30 +637,30 @@ size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
|
||||
}
|
||||
EXPORT_SYMBOL(_copy_to_iter);
|
||||
|
||||
#ifdef CONFIG_ARCH_HAS_UACCESS_MCSAFE
|
||||
static int copyout_mcsafe(void __user *to, const void *from, size_t n)
|
||||
#ifdef CONFIG_ARCH_HAS_COPY_MC
|
||||
static int copyout_mc(void __user *to, const void *from, size_t n)
|
||||
{
|
||||
if (access_ok(to, n)) {
|
||||
instrument_copy_to_user(to, from, n);
|
||||
n = copy_to_user_mcsafe((__force void *) to, from, n);
|
||||
n = copy_mc_to_user((__force void *) to, from, n);
|
||||
}
|
||||
return n;
|
||||
}
|
||||
|
||||
static unsigned long memcpy_mcsafe_to_page(struct page *page, size_t offset,
|
||||
static unsigned long copy_mc_to_page(struct page *page, size_t offset,
|
||||
const char *from, size_t len)
|
||||
{
|
||||
unsigned long ret;
|
||||
char *to;
|
||||
|
||||
to = kmap_atomic(page);
|
||||
ret = memcpy_mcsafe(to + offset, from, len);
|
||||
ret = copy_mc_to_kernel(to + offset, from, len);
|
||||
kunmap_atomic(to);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static size_t copy_pipe_to_iter_mcsafe(const void *addr, size_t bytes,
|
||||
static size_t copy_mc_pipe_to_iter(const void *addr, size_t bytes,
|
||||
struct iov_iter *i)
|
||||
{
|
||||
struct pipe_inode_info *pipe = i->pipe;
|
||||
@ -678,7 +678,7 @@ static size_t copy_pipe_to_iter_mcsafe(const void *addr, size_t bytes,
|
||||
size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
|
||||
unsigned long rem;
|
||||
|
||||
rem = memcpy_mcsafe_to_page(pipe->bufs[i_head & p_mask].page,
|
||||
rem = copy_mc_to_page(pipe->bufs[i_head & p_mask].page,
|
||||
off, addr, chunk);
|
||||
i->head = i_head;
|
||||
i->iov_offset = off + chunk - rem;
|
||||
@ -695,18 +695,17 @@ static size_t copy_pipe_to_iter_mcsafe(const void *addr, size_t bytes,
|
||||
}
|
||||
|
||||
/**
|
||||
* _copy_to_iter_mcsafe - copy to user with source-read error exception handling
|
||||
* _copy_mc_to_iter - copy to iter with source memory error exception handling
|
||||
* @addr: source kernel address
|
||||
* @bytes: total transfer length
|
||||
* @iter: destination iterator
|
||||
*
|
||||
* The pmem driver arranges for filesystem-dax to use this facility via
|
||||
* dax_copy_to_iter() for protecting read/write to persistent memory.
|
||||
* Unless / until an architecture can guarantee identical performance
|
||||
* between _copy_to_iter_mcsafe() and _copy_to_iter() it would be a
|
||||
* performance regression to switch more users to the mcsafe version.
|
||||
* The pmem driver deploys this for the dax operation
|
||||
* (dax_copy_to_iter()) for dax reads (bypass page-cache and the
|
||||
* block-layer). Upon #MC read(2) aborts and returns EIO or the bytes
|
||||
* successfully copied.
|
||||
*
|
||||
* Otherwise, the main differences between this and typical _copy_to_iter().
|
||||
* The main differences between this and typical _copy_to_iter().
|
||||
*
|
||||
* * Typical tail/residue handling after a fault retries the copy
|
||||
* byte-by-byte until the fault happens again. Re-triggering machine
|
||||
@ -717,23 +716,22 @@ static size_t copy_pipe_to_iter_mcsafe(const void *addr, size_t bytes,
|
||||
* * ITER_KVEC, ITER_PIPE, and ITER_BVEC can return short copies.
|
||||
* Compare to copy_to_iter() where only ITER_IOVEC attempts might return
|
||||
* a short copy.
|
||||
*
|
||||
* See MCSAFE_TEST for self-test.
|
||||
*/
|
||||
size_t _copy_to_iter_mcsafe(const void *addr, size_t bytes, struct iov_iter *i)
|
||||
size_t _copy_mc_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
|
||||
{
|
||||
const char *from = addr;
|
||||
unsigned long rem, curr_addr, s_addr = (unsigned long) addr;
|
||||
|
||||
if (unlikely(iov_iter_is_pipe(i)))
|
||||
return copy_pipe_to_iter_mcsafe(addr, bytes, i);
|
||||
return copy_mc_pipe_to_iter(addr, bytes, i);
|
||||
if (iter_is_iovec(i))
|
||||
might_fault();
|
||||
iterate_and_advance(i, bytes, v,
|
||||
copyout_mcsafe(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
|
||||
copyout_mc(v.iov_base, (from += v.iov_len) - v.iov_len,
|
||||
v.iov_len),
|
||||
({
|
||||
rem = memcpy_mcsafe_to_page(v.bv_page, v.bv_offset,
|
||||
(from += v.bv_len) - v.bv_len, v.bv_len);
|
||||
rem = copy_mc_to_page(v.bv_page, v.bv_offset,
|
||||
(from += v.bv_len) - v.bv_len, v.bv_len);
|
||||
if (rem) {
|
||||
curr_addr = (unsigned long) from;
|
||||
bytes = curr_addr - s_addr - rem;
|
||||
@ -741,8 +739,8 @@ size_t _copy_to_iter_mcsafe(const void *addr, size_t bytes, struct iov_iter *i)
|
||||
}
|
||||
}),
|
||||
({
|
||||
rem = memcpy_mcsafe(v.iov_base, (from += v.iov_len) - v.iov_len,
|
||||
v.iov_len);
|
||||
rem = copy_mc_to_kernel(v.iov_base, (from += v.iov_len)
|
||||
- v.iov_len, v.iov_len);
|
||||
if (rem) {
|
||||
curr_addr = (unsigned long) from;
|
||||
bytes = curr_addr - s_addr - rem;
|
||||
@ -753,8 +751,8 @@ size_t _copy_to_iter_mcsafe(const void *addr, size_t bytes, struct iov_iter *i)
|
||||
|
||||
return bytes;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(_copy_to_iter_mcsafe);
|
||||
#endif /* CONFIG_ARCH_HAS_UACCESS_MCSAFE */
|
||||
EXPORT_SYMBOL_GPL(_copy_mc_to_iter);
|
||||
#endif /* CONFIG_ARCH_HAS_COPY_MC */
|
||||
|
||||
size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user