Date: Tue, 4 Nov 2014 02:59:17 +1100 (EST) From: Bruce Evans <brde@optusnet.com.au> To: Konstantin Belousov <kostikbel@gmail.com> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, d@delphij.net, Bruce Evans <brde@optusnet.com.au>, Ian Lepore <ian@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, Mark R V Murray <mark@grondar.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r273958 - head/sys/dev/random Message-ID: <20141104024151.M1038@besplex.bde.org> In-Reply-To: <20141103091954.GJ53947@kib.kiev.ua> References: <CAJ-VmomeOwE3LOpehhJ__G=FCoBDRXrrn%2BSfjwPFODts6YYHNQ@mail.gmail.com> <20141102192057.GB53947@kib.kiev.ua> <29A795E1-19E2-49E4-9653-143D3F6F3F12@grondar.org> <20141102194625.GC53947@kib.kiev.ua> <751CD860-95B9-4F68-AE69-976B42823AD0@grondar.org> <54568E41.8030305@delphij.net> <20141102201331.GE53947@kib.kiev.ua> <545693B4.8030602@delphij.net> <1414961583.1200.27.camel@revolution.hippie.lan> <20141103113629.I3149@besplex.bde.org> <20141103091954.GJ53947@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Nov 2014, Konstantin Belousov wrote: > On Mon, Nov 03, 2014 at 11:53:26AM +1100, Bruce Evans wrote: >> On Sun, 2 Nov 2014, Ian Lepore wrote: >> >>> On Sun, 2014-11-02 at 12:27 -0800, Xin Li wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA512 >>>> >>>> Hi, Mark, >>>> >>>> I'd like to propose the attached patch for review. It replaces >>>> tsleep's with sx_sleep's, then checks the return value and quit the loop. >>> >>> It still doesn't handle the partial read/write case Kostik mentioned, >>> but there are plenty of other drivers that don't get that right. >> >> Returning an error for a partial read is good enough for random devices, >> since there is no problem with discarding the input. Upper layers are >> still broken, so this (discarding the input is what happens automatically >> except for ERESTART, EINTR and EWOULDBLOCK. > But usermode buffer is already partially accessed and modified. > Yes, I am picky about it after vn_io_fault() work. Urk. For some reason I was thinking that the uio modifications were in a kernel buffer, so they could be backed out of easily. But surely the user buffer is indeterminate after a read error? Even after success, the region beyond the part read should be specified as indeterminate. Consider an implementation that asks the hardware to DMA into part of the read buffer beyond a (possibly null) region already successfully read. If the DMA fails, you might not know how far it got. The best you can do to recover is to back out of the failed part of the read only. Possibly zero the part that failed for security. For further complications, consider a similar implementations but with multiple DMA channels writing in indeterminate order. If (part of) the buffer is not allowed to be indeterminate after a success or failure, then both the success and the failure cases are broken in the FreeBSD implementation (apart from not handling short I/O's correctly). In the failure case, not backing out of partial I/O's leaves a trashed buffer. In the success case, if it is implemented by a partial backout, the part not backed out of is still trashed. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141104024151.M1038>