From: arnd@arndb.de (Arnd Bergmann)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH, RESEND] xen: allocate gntdev_copy_batch dynamically
Date: Thu, 25 Feb 2016 22:25:18 +0100 [thread overview]
Message-ID: <1456435523-287763-1-git-send-email-arnd@arndb.de> (raw)
struct gntdev_copy_batch is arguably too large to fit on the kernel stack,
and we get a warning about the stack usage in gntdev_ioctl_grant_copy:
drivers/xen/gntdev.c:949:1: error: the frame size of 1240 bytes is larger than 1024 bytes
This changes the code to us a dynamic allocation instead.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: a4cdb556cae0 ("xen/gntdev: add ioctl for grant copy")
---
drivers/xen/gntdev.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
I sent this in January, Boris sent an almost identical patch
as http://www.gossamer-threads.com/lists/xen/devel/414056
but the bug remains present in mainline and linux-next as of
Feb 25.
Could you apply one of the patches before the bug makes it
into v4.5?
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index dc495383ad73..cc753b3a7154 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -915,15 +915,16 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_batch *batch,
static long gntdev_ioctl_grant_copy(struct gntdev_priv *priv, void __user *u)
{
struct ioctl_gntdev_grant_copy copy;
- struct gntdev_copy_batch batch;
+ struct gntdev_copy_batch *batch;
unsigned int i;
int ret = 0;
if (copy_from_user(©, u, sizeof(copy)))
return -EFAULT;
- batch.nr_ops = 0;
- batch.nr_pages = 0;
+ batch = kzalloc(sizeof(*batch), GFP_KERNEL);
+ if (!batch)
+ return -ENOMEM;
for (i = 0; i < copy.count; i++) {
struct gntdev_grant_copy_segment seg;
@@ -933,18 +934,20 @@ static long gntdev_ioctl_grant_copy(struct gntdev_priv *priv, void __user *u)
goto out;
}
- ret = gntdev_grant_copy_seg(&batch, &seg, ©.segments[i].status);
+ ret = gntdev_grant_copy_seg(batch, &seg, ©.segments[i].status);
if (ret < 0)
goto out;
cond_resched();
}
- if (batch.nr_ops)
- ret = gntdev_copy(&batch);
+ if (batch->nr_ops)
+ ret = gntdev_copy(batch);
+ kfree(batch);
return ret;
out:
- gntdev_put_pages(&batch);
+ gntdev_put_pages(batch);
+ kfree(batch);
return ret;
}
--
2.7.0
WARNING: multiple messages have this Message-ID (diff)
From: Arnd Bergmann <arnd@arndb.de>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
David Vrabel <david.vrabel@citrix.com>
Cc: linux-arm-kernel@lists.infradead.org,
Arnd Bergmann <arnd@arndb.de>,
xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org
Subject: [PATCH, RESEND] xen: allocate gntdev_copy_batch dynamically
Date: Thu, 25 Feb 2016 22:25:18 +0100 [thread overview]
Message-ID: <1456435523-287763-1-git-send-email-arnd@arndb.de> (raw)
struct gntdev_copy_batch is arguably too large to fit on the kernel stack,
and we get a warning about the stack usage in gntdev_ioctl_grant_copy:
drivers/xen/gntdev.c:949:1: error: the frame size of 1240 bytes is larger than 1024 bytes
This changes the code to us a dynamic allocation instead.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: a4cdb556cae0 ("xen/gntdev: add ioctl for grant copy")
---
drivers/xen/gntdev.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
I sent this in January, Boris sent an almost identical patch
as http://www.gossamer-threads.com/lists/xen/devel/414056
but the bug remains present in mainline and linux-next as of
Feb 25.
Could you apply one of the patches before the bug makes it
into v4.5?
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index dc495383ad73..cc753b3a7154 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -915,15 +915,16 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_batch *batch,
static long gntdev_ioctl_grant_copy(struct gntdev_priv *priv, void __user *u)
{
struct ioctl_gntdev_grant_copy copy;
- struct gntdev_copy_batch batch;
+ struct gntdev_copy_batch *batch;
unsigned int i;
int ret = 0;
if (copy_from_user(©, u, sizeof(copy)))
return -EFAULT;
- batch.nr_ops = 0;
- batch.nr_pages = 0;
+ batch = kzalloc(sizeof(*batch), GFP_KERNEL);
+ if (!batch)
+ return -ENOMEM;
for (i = 0; i < copy.count; i++) {
struct gntdev_grant_copy_segment seg;
@@ -933,18 +934,20 @@ static long gntdev_ioctl_grant_copy(struct gntdev_priv *priv, void __user *u)
goto out;
}
- ret = gntdev_grant_copy_seg(&batch, &seg, ©.segments[i].status);
+ ret = gntdev_grant_copy_seg(batch, &seg, ©.segments[i].status);
if (ret < 0)
goto out;
cond_resched();
}
- if (batch.nr_ops)
- ret = gntdev_copy(&batch);
+ if (batch->nr_ops)
+ ret = gntdev_copy(batch);
+ kfree(batch);
return ret;
out:
- gntdev_put_pages(&batch);
+ gntdev_put_pages(batch);
+ kfree(batch);
return ret;
}
--
2.7.0
next reply other threads:[~2016-02-25 21:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-25 21:25 Arnd Bergmann [this message]
2016-02-25 21:25 ` [PATCH, RESEND] xen: allocate gntdev_copy_batch dynamically Arnd Bergmann
2016-02-26 13:44 ` Boris Ostrovsky
2016-02-26 13:44 ` Boris Ostrovsky
2016-02-26 13:44 ` Boris Ostrovsky
-- strict thread matches above, loose matches on Subject: below --
2016-02-25 21:25 Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1456435523-287763-1-git-send-email-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.