Re: [PATCH] misc: genwqe: check for error from get_user_pages_fast()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ian Abbott <abbotti@mev.co.uk>
To: haver@linux.vnet.ibm.com
Cc: Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	Thadeu Lima De Souza Cascardo <thadeul@br.ibm.com>
Subject: Re: [PATCH] misc: genwqe: check for error from get_user_pages_fast()
Date: Tue, 02 Dec 2014 13:29:38 +0000	[thread overview]
Message-ID: <547DBEC2.5010505@mev.co.uk> (raw)
In-Reply-To: <1417525160.2010.4.camel@oc7383187364.ibm.com>

On 02/12/14 12:59, Frank Haverkamp wrote:
> Hi Ian,
>
> thanks for reviewing our code and sorry for not answering immediately.
>
> Am Donnerstag, den 06.11.2014, 16:23 +0000 schrieb Ian Abbott:
>> `genwqe_user_vmap()` calls `get_user_pages_fast()` and if the return
>> value is less than the number of pages requested, it frees the pages and
>> returns an error (`-EFAULT`).  However, it fails to consider a negative
>> error return value from `get_user_pages_fast()`.  In that case, the test
>> `if (rc < m->nr_pages)` will be false (due to promotion of `rc` to a
>> large `unsigned int`) and the code will continue on to call
>> `genwqe_map_pages()` with an invalid list of page pointers.  Fix it by
>> bailing out if `get_user_pages_fast()` returns a negative error value.
>
> True. Did you find this by manual inspection of the code or did you use
> tools to figure it out?

I just spotted it while grepping for examples of drivers that used 
get_user_pages() or get_user_pages_fast() as I want to use it in a 
driver for some custom hardware.

-- 
-=( Ian Abbott @ MEV Ltd.    E-mail: <abbotti@mev.co.uk> )=-
-=(                          Web: http://www.mev.co.uk/  )=-

     prev parent reply	other threads:[~2014-12-02 13:29 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-06 16:23 [PATCH] misc: genwqe: check for error from get_user_pages_fast() Ian Abbott
2014-12-02 12:59 ` Frank Haverkamp
2014-12-02 13:29   ` Ian Abbott [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=547DBEC2.5010505@mev.co.uk \
    --to=abbotti@mev.co.uk \
    --cc=arnd@arndb.de \
    --cc=gregkh@linuxfoundation.org \
    --cc=haver@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=thadeul@br.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.