Re: [PATCH 5/6] nfs: check all iov segments for correct memoryaccess rights

From: Andrew Morton
Date: Fri May 19 2006 - 16:08:28 EST

Chuck Lever <cel@xxxxxxxxxxxxxx> wrote:
> Andrew Morton wrote:
> >> + if (unlikely(!access_ok(type, buf, len))) {
> >> + retval = -EFAULT;
> >> + goto out;
> >> + }
> >
> > Now what's up here? Why does NFS, at this level, care about the page's
> > virtual address? get_user_pages() will handle that?
> I guess I'm not clear on what behavior is desired for scatter/gather if
> one of the segments in an iov fails.
> If one of the iov's will cause an EFAULT, how is that reported back to
> the application,

If nothing has yet been transferred to/from userspace, return -EFAULT.

If something has been transferred, return the number of bytes transferred.

> and what happens to the I/O being requested in the
> other segments of the vector?

The filesystem driver needs to handle it somehow.

> When do we use an "all or nothing"
> semantic, and when is it OK for some segments to fail?

Actually, fs/direct-io.c cheats and doesn't implement the correct
semantics. It returns either all-bytes-transferred or -EFOO. The way I
justify that is to point out that returning a partial transfer count
doesn't make a lot of sense when the I/Os could complete in any order -
yes, we know how much data got transferred, but we don't know whereabouts
in the user's memory that data ended up. So the user cannot trust _any_ of

NFS direct-io can do the same.

But access_ok() isn't sufficient. All it tells you is that the virtual
address is a legal one for an application. But we could still get EFAULT
when trying to access it.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at