Re: [PATCH 5/6] nfs: check all iov segments for correct memoryaccess rights

[Andrew Morton]

Chuck Lever <cel@xxxxxxxxxxxxxx> wrote:
>
> Andrew Morton wrote:
> >> +		if (unlikely(!access_ok(type, buf, len))) {
> >> +			retval = -EFAULT;
> >> +			goto out;
> >> +		}
> > 
> > Now what's up here?  Why does NFS, at this level, care about the page's
> > virtual address?  get_user_pages() will handle that?
> 
> I guess I'm not clear on what behavior is desired for scatter/gather if 
> one of the segments in an iov fails.
> 
> If one of the iov's will cause an EFAULT, how is that reported back to 
> the application,

If nothing has yet been transferred to/from userspace, return -EFAULT.

If something has been transferred, return the number of bytes transferred.

> and what happens to the I/O being requested in the 
> other segments of the vector?

The filesystem driver needs to handle it somehow.

>  When do we use an "all or nothing" 
> semantic, and when is it OK for some segments to fail?

Actually, fs/direct-io.c cheats and doesn't implement the correct
semantics.  It returns either all-bytes-transferred or -EFOO.  The way I
justify that is to point out that returning a partial transfer count
doesn't make a lot of sense when the I/Os could complete in any order -
yes, we know how much data got transferred, but we don't know whereabouts
in the user's memory that data ended up.  So the user cannot trust _any_ of
it.

NFS direct-io can do the same.

But access_ok() isn't sufficient.  All it tells you is that the virtual
address is a legal one for an application.  But we could still get EFAULT
when trying to access it.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/