From: Nick Piggin <npiggin@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
Nick Piggin <npiggin@suse.de>,
Linux Memory Management <linux-mm@kvack.org>
Subject: [patch 4/5] mm: extra remap_vmalloc_range check
Date: Fri, 21 Apr 2006 08:43:50 +0200 (CEST) [thread overview]
Message-ID: <20060301045943.12434.6178.sendpatchset@linux.site> (raw)
In-Reply-To: <20060301045901.12434.54077.sendpatchset@linux.site>
Add a flag to ensure all remap_vmalloc_range memory has been allocated
with the vmalloc _user variants, so data does not get leaked.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Index: linux-2.6/include/linux/vmalloc.h
===================================================================
--- linux-2.6.orig/include/linux/vmalloc.h
+++ linux-2.6/include/linux/vmalloc.h
@@ -8,6 +8,7 @@
#define VM_IOREMAP 0x00000001 /* ioremap() and friends */
#define VM_ALLOC 0x00000002 /* vmalloc() */
#define VM_MAP 0x00000004 /* vmap()ed pages */
+#define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */
/* bits [20..32] reserved for arch specific ioremap internals */
/*
Index: linux-2.6/drivers/media/video/et61x251/et61x251_core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/et61x251/et61x251_core.c
+++ linux-2.6/drivers/media/video/et61x251/et61x251_core.c
@@ -133,7 +133,8 @@ et61x251_request_buffers(struct et61x251
cam->nbuffers = count;
while (cam->nbuffers > 0) {
- if ((buff = vmalloc_32(cam->nbuffers * PAGE_ALIGN(imagesize))))
+ if ((buff = vmalloc_32_user(cam->nbuffers *
+ PAGE_ALIGN(imagesize))))
break;
cam->nbuffers--;
}
Index: linux-2.6/drivers/media/video/sn9c102/sn9c102_core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/sn9c102/sn9c102_core.c
+++ linux-2.6/drivers/media/video/sn9c102/sn9c102_core.c
@@ -149,7 +149,7 @@ sn9c102_request_buffers(struct sn9c102_d
cam->nbuffers = count;
while (cam->nbuffers > 0) {
- if ((buff = vmalloc_32(cam->nbuffers * PAGE_ALIGN(imagesize))))
+ if ((buff = vmalloc_32_user(cam->nbuffers * PAGE_ALIGN(imagesize))))
break;
cam->nbuffers--;
}
Index: linux-2.6/drivers/media/video/zc0301/zc0301_core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/zc0301/zc0301_core.c
+++ linux-2.6/drivers/media/video/zc0301/zc0301_core.c
@@ -136,7 +136,7 @@ zc0301_request_buffers(struct zc0301_dev
cam->nbuffers = count;
while (cam->nbuffers > 0) {
- if ((buff = vmalloc_32(cam->nbuffers * PAGE_ALIGN(imagesize))))
+ if ((buff = vmalloc_32_user(cam->nbuffers * PAGE_ALIGN(imagesize))))
break;
cam->nbuffers--;
}
Index: linux-2.6/mm/vmalloc.c
===================================================================
--- linux-2.6.orig/mm/vmalloc.c
+++ linux-2.6/mm/vmalloc.c
@@ -524,7 +524,16 @@ EXPORT_SYMBOL(vmalloc);
*/
void *vmalloc_user(unsigned long size)
{
- return __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL);
+ struct vm_struct *area;
+ void *ret;
+
+ ret = __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL);
+ write_lock(&vmlist_lock);
+ area = __find_vm_area(ret);
+ area->flags |= VM_USERMAP;
+ write_unlock(&vmlist_lock);
+
+ return ret;
}
EXPORT_SYMBOL(vmalloc_user);
@@ -591,7 +600,16 @@ EXPORT_SYMBOL(vmalloc_32);
*/
void *vmalloc_32_user(unsigned long size)
{
- return __vmalloc(size, GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL);
+ struct vm_struct *area;
+ void *ret;
+
+ ret = __vmalloc(size, GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL);
+ write_lock(&vmlist_lock);
+ area = __find_vm_area(ret);
+ area->flags |= VM_USERMAP;
+ write_unlock(&vmlist_lock);
+
+ return ret;
}
EXPORT_SYMBOL(vmalloc_32_user);
@@ -700,6 +718,9 @@ int remap_vmalloc_range(struct vm_area_s
if (!area)
goto out_einval_locked;
+ if (!(area->flags & VM_USERMAP))
+ goto out_einval_locked;
+
if (usize + (pgoff << PAGE_SHIFT) > area->size - PAGE_SIZE)
goto out_einval_locked;
read_unlock(&vmlist_lock);
Index: linux-2.6/drivers/media/video/em28xx/em28xx-core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/em28xx/em28xx-core.c
+++ linux-2.6/drivers/media/video/em28xx/em28xx-core.c
@@ -79,10 +79,8 @@ u32 em28xx_request_buffers(struct em28xx
dev->num_frames = count;
while (dev->num_frames > 0) {
- if ((buff = vmalloc_32(dev->num_frames * imagesize))) {
- memset(buff, 0, dev->num_frames * imagesize);
+ if ((buff = vmalloc_32_user(dev->num_frames * imagesize)))
break;
- }
dev->num_frames--;
}
WARNING: multiple messages have this Message-ID (diff)
From: Nick Piggin <npiggin@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
Nick Piggin <npiggin@suse.de>,
Linux Memory Management <linux-mm@kvack.org>
Subject: [patch 4/5] mm: extra remap_vmalloc_range check
Date: Fri, 21 Apr 2006 08:43:50 +0200 (CEST) [thread overview]
Message-ID: <20060301045943.12434.6178.sendpatchset@linux.site> (raw)
In-Reply-To: <20060301045901.12434.54077.sendpatchset@linux.site>
Add a flag to ensure all remap_vmalloc_range memory has been allocated
with the vmalloc _user variants, so data does not get leaked.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Index: linux-2.6/include/linux/vmalloc.h
===================================================================
--- linux-2.6.orig/include/linux/vmalloc.h
+++ linux-2.6/include/linux/vmalloc.h
@@ -8,6 +8,7 @@
#define VM_IOREMAP 0x00000001 /* ioremap() and friends */
#define VM_ALLOC 0x00000002 /* vmalloc() */
#define VM_MAP 0x00000004 /* vmap()ed pages */
+#define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */
/* bits [20..32] reserved for arch specific ioremap internals */
/*
Index: linux-2.6/drivers/media/video/et61x251/et61x251_core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/et61x251/et61x251_core.c
+++ linux-2.6/drivers/media/video/et61x251/et61x251_core.c
@@ -133,7 +133,8 @@ et61x251_request_buffers(struct et61x251
cam->nbuffers = count;
while (cam->nbuffers > 0) {
- if ((buff = vmalloc_32(cam->nbuffers * PAGE_ALIGN(imagesize))))
+ if ((buff = vmalloc_32_user(cam->nbuffers *
+ PAGE_ALIGN(imagesize))))
break;
cam->nbuffers--;
}
Index: linux-2.6/drivers/media/video/sn9c102/sn9c102_core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/sn9c102/sn9c102_core.c
+++ linux-2.6/drivers/media/video/sn9c102/sn9c102_core.c
@@ -149,7 +149,7 @@ sn9c102_request_buffers(struct sn9c102_d
cam->nbuffers = count;
while (cam->nbuffers > 0) {
- if ((buff = vmalloc_32(cam->nbuffers * PAGE_ALIGN(imagesize))))
+ if ((buff = vmalloc_32_user(cam->nbuffers * PAGE_ALIGN(imagesize))))
break;
cam->nbuffers--;
}
Index: linux-2.6/drivers/media/video/zc0301/zc0301_core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/zc0301/zc0301_core.c
+++ linux-2.6/drivers/media/video/zc0301/zc0301_core.c
@@ -136,7 +136,7 @@ zc0301_request_buffers(struct zc0301_dev
cam->nbuffers = count;
while (cam->nbuffers > 0) {
- if ((buff = vmalloc_32(cam->nbuffers * PAGE_ALIGN(imagesize))))
+ if ((buff = vmalloc_32_user(cam->nbuffers * PAGE_ALIGN(imagesize))))
break;
cam->nbuffers--;
}
Index: linux-2.6/mm/vmalloc.c
===================================================================
--- linux-2.6.orig/mm/vmalloc.c
+++ linux-2.6/mm/vmalloc.c
@@ -524,7 +524,16 @@ EXPORT_SYMBOL(vmalloc);
*/
void *vmalloc_user(unsigned long size)
{
- return __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL);
+ struct vm_struct *area;
+ void *ret;
+
+ ret = __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL);
+ write_lock(&vmlist_lock);
+ area = __find_vm_area(ret);
+ area->flags |= VM_USERMAP;
+ write_unlock(&vmlist_lock);
+
+ return ret;
}
EXPORT_SYMBOL(vmalloc_user);
@@ -591,7 +600,16 @@ EXPORT_SYMBOL(vmalloc_32);
*/
void *vmalloc_32_user(unsigned long size)
{
- return __vmalloc(size, GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL);
+ struct vm_struct *area;
+ void *ret;
+
+ ret = __vmalloc(size, GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL);
+ write_lock(&vmlist_lock);
+ area = __find_vm_area(ret);
+ area->flags |= VM_USERMAP;
+ write_unlock(&vmlist_lock);
+
+ return ret;
}
EXPORT_SYMBOL(vmalloc_32_user);
@@ -700,6 +718,9 @@ int remap_vmalloc_range(struct vm_area_s
if (!area)
goto out_einval_locked;
+ if (!(area->flags & VM_USERMAP))
+ goto out_einval_locked;
+
if (usize + (pgoff << PAGE_SHIFT) > area->size - PAGE_SIZE)
goto out_einval_locked;
read_unlock(&vmlist_lock);
Index: linux-2.6/drivers/media/video/em28xx/em28xx-core.c
===================================================================
--- linux-2.6.orig/drivers/media/video/em28xx/em28xx-core.c
+++ linux-2.6/drivers/media/video/em28xx/em28xx-core.c
@@ -79,10 +79,8 @@ u32 em28xx_request_buffers(struct em28xx
dev->num_frames = count;
while (dev->num_frames > 0) {
- if ((buff = vmalloc_32(dev->num_frames * imagesize))) {
- memset(buff, 0, dev->num_frames * imagesize);
+ if ((buff = vmalloc_32_user(dev->num_frames * imagesize)))
break;
- }
dev->num_frames--;
}
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2006-04-21 6:43 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-21 6:43 [patch 0/5] mm: improve remapping of vmalloc regions Nick Piggin
2006-04-21 6:43 ` Nick Piggin
2006-04-21 6:43 ` [patch 1/5] mm: remap_vmalloc_range Nick Piggin
2006-04-21 6:43 ` Nick Piggin
2006-04-21 7:17 ` Andrew Morton
2006-04-21 7:17 ` Andrew Morton
2006-04-21 7:33 ` Nick Piggin
2006-04-21 7:33 ` Nick Piggin
2006-04-21 7:59 ` Andrew Morton
2006-04-21 7:59 ` Andrew Morton
2006-04-21 8:06 ` Nick Piggin
2006-04-21 8:06 ` Nick Piggin
2006-04-21 7:29 ` Andrew Morton
2006-04-21 7:29 ` Andrew Morton
2006-04-21 7:41 ` Nick Piggin
2006-04-21 7:41 ` Nick Piggin
2006-04-21 7:43 ` Nick Piggin
2006-04-21 7:43 ` Nick Piggin
2006-04-21 8:02 ` Andrew Morton
2006-04-21 8:02 ` Andrew Morton
2006-04-21 6:43 ` [patch 2/5] mm: remove vmalloc_to_pfn Nick Piggin
2006-04-21 6:43 ` Nick Piggin
2006-04-21 6:55 ` Nick Piggin
2006-04-21 6:55 ` Nick Piggin
2006-04-21 6:43 ` [patch 3/5] mm: remove rvmalloc Nick Piggin
2006-04-21 6:43 ` Nick Piggin
2006-04-21 6:43 ` Nick Piggin [this message]
2006-04-21 6:43 ` [patch 4/5] mm: extra remap_vmalloc_range check Nick Piggin
2006-04-21 6:44 ` [patch 5/5] drivers: leave vm_flags alone Nick Piggin
2006-04-21 6:44 ` Nick Piggin
-- strict thread matches above, loose matches on Subject: below --
2006-04-20 17:06 [patch 0/5] mm: improve remapping of vmalloc regions Nick Piggin
2006-04-20 17:06 ` [patch 4/5] mm: extra remap_vmalloc_range check Nick Piggin
2006-04-20 17:06 ` Nick Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060301045943.12434.6178.sendpatchset@linux.site \
--to=npiggin@suse.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.