On Thu, Aug 11, 2016 at 4:03 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> Yes, but... it doesn't need to be a bad region at all. Look: we have a 20Kb
> array of char starting at 0x....3ff. We feed it to write(). [..]
>
> However, _during_ the write the other process had seen something very odd -
> it had mmapped a zero-free file, it knows that nobody had been writing any
> zero-containing data into it, but it had seen zeroes come and go in the
> mmapped area. That "copied 1 byte" is actually "copied 1 byte, zeroed the
> next 4095 bytes".
Yeah, we should probably be better about that. That's not the EFAULT
case, and I agree that what we do there is not pretty.
And yes, I'd be ok with the atomic from-user functions not clearing
the end of the buffer, but we'd have to be very very careful about it.
In particular, the "write_end()" functions would need to distinguish
between the case of "we didn't actually write everything, but the page
was up-to-date" and the "we didn't write everything, and the remainder
_wasn't_ uptodate and now we really need to zero it before unlocking
the page".
There may not be all that many write_end() functions out there, but
still.. The zeroing behavior does guarantee that we never have
uninitialized memory from when a user copy fails.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
