Re: Hang on large copy_from_user with PREEMPT_NONE

From: Borislav Petkov
Date: Mon Apr 06 2015 - 12:54:50 EST

On Mon, Apr 06, 2015 at 10:51:42AM -0400, Sasha Levin wrote:
> > Btw, what's happening to that user pointer in %rdi, is it kosher?
> Probably not. Trinity passes random addresses into that syscall, so it's probably one of it's magic
> values.

So what is the expectation? If that pointer goes away from under us,
userspace is supposed to get some signal instead of hanging?

> I've attached dmesg with debug-alternative, and my .config. vmlinux is pretty
> large (1GB compressed) so hopefully the config would be enough - let me know
> if it isn't.

Thanks, I'll give it a try and do some staring tomorrow. Still a holiday
today here :-)

> > Btw, that zerorest is being tested on every loop iteration! AFAICT,
> >
> > if (!zerorest) {
> > clac();
> > return len;
> > }
> >
> > before the loop should be nicer. Or am I missing something?
> Looks good to me. I suspect the compiler optimizes that anyway though.

Yeah, doesn't look like it. See the

e: 85 c9 test %ecx,%ecx



testl %esi, %esi # __pu_err
je .L34 #,
testl %ecx, %ecx # zerorest <---
je .L33 #,
movl %edx, %eax # len, len
xorl %r8d, %r8d # tmp194
jmp .L27 #
.p2align 4,,7
.p2align 3
decl %eax # len
movq %rsi, %rdi # to, to
je .L33 #,
leaq 1(%rdi), %rsi #, to

and my asm is not so different from yours so that I can match your asm
with the .s output here.

Anyway, that's a different story, I'll do a fix for it.


