Re: get_user_pages vs mmap MAP_FIXED bug

[Nick Piggin <nickpiggin@yahoo.com.au>]

[-- Attachment #1: Type: text/plain, Size: 841 bytes --]

Andrew Morton wrote:
> On Mon, 07 May 2007 11:26:44 +1000 Rusty Russell <rusty@rustcorp.com.au> wrote:
> 
> 
>>On Sun, 2007-05-06 at 17:01 +1000, Rusty Russell wrote:
>>
>>>This bug is in 2.6.21-rc7-mm2, but not 2.6.21.  Haven't tested
>>>2.6.21-mm1 yet.
>>
>>OK, 2.6.21-mm1 fails too.  2.6.21-git6 ... is fine.
>>
>>Here's a standalone test using ptrace.  No kernel module req'd.
>>
>>	rusty@debussy:~/linux-2.6.21-mm1$ ../examiner 
>>	ptrace says 0, child says 0x464c457f
> 
> 
> thanks.
> 
> 
>>Any clues Andrew?  Or should I take your patches and do a binary search?
> 
> 
> I've been assuming that Nick's vm_operations.fault changes have broken
> get_user_pages()'s manual faulting.  The next step is to wait for Nick to
> turn up.

Fancy that! Thanks for catching it Rusty, does the following work for
you?

-- 
SUSE Labs, Novell Inc.

[-- Attachment #2: mm-fix-for-fault.patch --]
[-- Type: text/plain, Size: 1485 bytes --]

Fix a couple of places that should be testing fault as well as nopage.

Signed-off-by: Nick Piggin <npiggin@suse.de>

Index: linux-2.6/mm/memory.c
===================================================================
--- linux-2.6.orig/mm/memory.c	2007-04-24 15:02:51.000000000 +1000
+++ linux-2.6/mm/memory.c	2007-05-08 15:23:55.000000000 +1000
@@ -1049,7 +1049,8 @@
 		if (pages)
 			foll_flags |= FOLL_GET;
 		if (!write && !(vma->vm_flags & VM_LOCKED) &&
-		    (!vma->vm_ops || !vma->vm_ops->nopage))
+		    (!vma->vm_ops || (!vma->vm_ops->nopage &&
+					!vma->vm_ops->fault)))
 			foll_flags |= FOLL_ANON;
 
 		do {
Index: linux-2.6/mm/rmap.c
===================================================================
--- linux-2.6.orig/mm/rmap.c	2007-04-24 08:53:50.000000000 +1000
+++ linux-2.6/mm/rmap.c	2007-05-08 15:24:27.000000000 +1000
@@ -640,8 +640,10 @@
 			printk (KERN_EMERG "  page->count = %x\n", page_count(page));
 			printk (KERN_EMERG "  page->mapping = %p\n", page->mapping);
 			print_symbol (KERN_EMERG "  vma->vm_ops = %s\n", (unsigned long)vma->vm_ops);
-			if (vma->vm_ops)
+			if (vma->vm_ops) {
 				print_symbol (KERN_EMERG "  vma->vm_ops->nopage = %s\n", (unsigned long)vma->vm_ops->nopage);
+				print_symbol (KERN_EMERG "  vma->vm_ops->fault = %s\n", (unsigned long)vma->vm_ops->fault);
+			}
 			if (vma->vm_file && vma->vm_file->f_op)
 				print_symbol (KERN_EMERG "  vma->vm_file->f_op->mmap = %s\n", (unsigned long)vma->vm_file->f_op->mmap);
 			BUG();