[Intel-gfx] [PATCH v12 2/3] drm/i915: add syncobj timeline support
Linus Torvalds
torvalds at linux-foundation.org
Wed Jul 29 17:51:23 UTC 2020
On Wed, Jul 29, 2020 at 5:24 AM Daniel Vetter <daniel at ffwll.ch> wrote:
>
> Do we have a access_ok_array or so? Instead of duplicating overflow checks
> everywhere and getting it all wrong ...
I really really think you should get away from access_ok() entirely.
Please just get rid of it, and use "copy_from_user()" instead.
Seriously.
access_ok() is completely wrong, because
(a) it doesn't actually protect from any fault returns, it only doe
sthe high-level check of "is the pointer even ok".
So you can't say "ok, I did access_ok(), so I don't have to check the
return value", and you're actually making the source code more
complicated, and only introducing the possibility of bugs.
Overflow is just _one_ such bug. Missing the access_ok() entirely
because it was in some caller but not another is another common bug.
(b) it no longer even makes the code faster.
It never really did for the the copy_to/from_user() case _anyway_, it
was always for the "I will now do several get/put_user() accesses and
I only want to do the range check once".
And that has simply not been true for the last few CPU generations -
because the cost isn't in the range check any more. Now allk the real
costs are about CLAC/STAC. The range check takes two cycles and
schedules well (so it's generally not even visible). The CLAC/STAC
takes 30+ cycles, and stalls the pipeline.
>Similar I guess for copy_from/to_user_array.
No. I refuse to add complexity onto the garbage that is access_ok().
Just remove it. It's not helping. People who think it's helping
haven't actually looked at profiles, or are working with hardware that
is no longer relevant.
Linus
More information about the Intel-gfx
mailing list