From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: Souptick Joarder <jrdr.linux@gmail.com>
Cc: jgross@suse.com, mhocko@suse.com, linux@armlinux.org.uk,
willy@infradead.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, xen-devel@lists.xenproject.org,
akpm@linux-foundation.org, robin.murphy@arm.com,
boris.ostrovsky@oracle.com
Subject: Re: [Xen-devel] [PATCH v4 8/9] xen/gntdev.c: Convert to use vm_map_pages()
Date: Sun, 28 Jul 2019 20:06:11 +0200 [thread overview]
Message-ID: <20190728180611.GA20589@mail-itl> (raw)
In-Reply-To: <20190215024830.GA26477@jordon-HP-15-Notebook-PC>
[-- Attachment #1.1: Type: text/plain, Size: 2088 bytes --]
On Fri, Feb 15, 2019 at 08:18:31AM +0530, Souptick Joarder wrote:
> Convert to use vm_map_pages() to map range of kernel
> memory to user vma.
>
> map->count is passed to vm_map_pages() and internal API
> verify map->count against count ( count = vma_pages(vma))
> for page array boundary overrun condition.
This commit breaks gntdev driver. If vma->vm_pgoff > 0, vm_map_pages
will:
- use map->pages starting at vma->vm_pgoff instead of 0
- verify map->count against vma_pages()+vma->vm_pgoff instead of just
vma_pages().
In practice, this breaks using a single gntdev FD for mapping multiple
grants.
It looks like vm_map_pages() is not a good fit for this code and IMO it
should be reverted.
> Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> ---
> drivers/xen/gntdev.c | 11 ++++-------
> 1 file changed, 4 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
> index 5efc5ee..5d64262 100644
> --- a/drivers/xen/gntdev.c
> +++ b/drivers/xen/gntdev.c
> @@ -1084,7 +1084,7 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
> int index = vma->vm_pgoff;
> int count = vma_pages(vma);
> struct gntdev_grant_map *map;
> - int i, err = -EINVAL;
> + int err = -EINVAL;
>
> if ((vma->vm_flags & VM_WRITE) && !(vma->vm_flags & VM_SHARED))
> return -EINVAL;
> @@ -1145,12 +1145,9 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
> goto out_put_map;
>
> if (!use_ptemod) {
> - for (i = 0; i < count; i++) {
> - err = vm_insert_page(vma, vma->vm_start + i*PAGE_SIZE,
> - map->pages[i]);
> - if (err)
> - goto out_put_map;
> - }
> + err = vm_map_pages(vma, map->pages, map->count);
> + if (err)
> + goto out_put_map;
> } else {
> #ifdef CONFIG_X86
> /*
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: Souptick Joarder <jrdr.linux@gmail.com>
Cc: akpm@linux-foundation.org, willy@infradead.org, mhocko@suse.com,
boris.ostrovsky@oracle.com, jgross@suse.com,
linux@armlinux.org.uk, robin.murphy@arm.com,
xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org
Subject: Re: [Xen-devel] [PATCH v4 8/9] xen/gntdev.c: Convert to use vm_map_pages()
Date: Sun, 28 Jul 2019 20:06:11 +0200 [thread overview]
Message-ID: <20190728180611.GA20589@mail-itl> (raw)
In-Reply-To: <20190215024830.GA26477@jordon-HP-15-Notebook-PC>
[-- Attachment #1: Type: text/plain, Size: 2088 bytes --]
On Fri, Feb 15, 2019 at 08:18:31AM +0530, Souptick Joarder wrote:
> Convert to use vm_map_pages() to map range of kernel
> memory to user vma.
>
> map->count is passed to vm_map_pages() and internal API
> verify map->count against count ( count = vma_pages(vma))
> for page array boundary overrun condition.
This commit breaks gntdev driver. If vma->vm_pgoff > 0, vm_map_pages
will:
- use map->pages starting at vma->vm_pgoff instead of 0
- verify map->count against vma_pages()+vma->vm_pgoff instead of just
vma_pages().
In practice, this breaks using a single gntdev FD for mapping multiple
grants.
It looks like vm_map_pages() is not a good fit for this code and IMO it
should be reverted.
> Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> ---
> drivers/xen/gntdev.c | 11 ++++-------
> 1 file changed, 4 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
> index 5efc5ee..5d64262 100644
> --- a/drivers/xen/gntdev.c
> +++ b/drivers/xen/gntdev.c
> @@ -1084,7 +1084,7 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
> int index = vma->vm_pgoff;
> int count = vma_pages(vma);
> struct gntdev_grant_map *map;
> - int i, err = -EINVAL;
> + int err = -EINVAL;
>
> if ((vma->vm_flags & VM_WRITE) && !(vma->vm_flags & VM_SHARED))
> return -EINVAL;
> @@ -1145,12 +1145,9 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
> goto out_put_map;
>
> if (!use_ptemod) {
> - for (i = 0; i < count; i++) {
> - err = vm_insert_page(vma, vma->vm_start + i*PAGE_SIZE,
> - map->pages[i]);
> - if (err)
> - goto out_put_map;
> - }
> + err = vm_map_pages(vma, map->pages, map->count);
> + if (err)
> + goto out_put_map;
> } else {
> #ifdef CONFIG_X86
> /*
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2019-07-28 18:06 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-15 2:48 [PATCH v4 8/9] xen/gntdev.c: Convert to use vm_map_pages() Souptick Joarder
2019-07-28 18:06 ` Marek Marczykowski-Górecki [this message]
2019-07-28 18:06 ` [Xen-devel] " Marek Marczykowski-Górecki
2019-07-29 8:05 ` Souptick Joarder
2019-07-29 8:05 ` Souptick Joarder
2019-07-29 8:32 ` Souptick Joarder
2019-07-29 8:32 ` Souptick Joarder
2019-07-29 13:36 ` Marek Marczykowski-Górecki
2019-07-29 13:36 ` Marek Marczykowski-Górecki
2019-07-30 6:03 ` Souptick Joarder
2019-07-30 6:03 ` Souptick Joarder
2019-07-30 14:05 ` Boris Ostrovsky
2019-07-30 14:05 ` Boris Ostrovsky
2019-07-30 14:22 ` Marek Marczykowski-Górecki
2019-07-30 14:22 ` Marek Marczykowski-Górecki
2019-07-30 14:52 ` Souptick Joarder
2019-07-30 14:52 ` Souptick Joarder
2019-07-30 15:01 ` Marek Marczykowski-Górecki
2019-07-30 15:01 ` Marek Marczykowski-Górecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190728180611.GA20589@mail-itl \
--to=marmarek@invisiblethingslab.com \
--cc=akpm@linux-foundation.org \
--cc=boris.ostrovsky@oracle.com \
--cc=jgross@suse.com \
--cc=jrdr.linux@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=mhocko@suse.com \
--cc=robin.murphy@arm.com \
--cc=willy@infradead.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.