lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <64c1585d-70e0-47d4-9d78-405b483b433c@suse.de>
Date: Tue, 23 Apr 2024 13:27:09 +0200
From: Thomas Zimmermann <tzimmermann@...e.de>
To: Nam Cao <namcao@...utronix.de>
Cc: Jaya Kumar <jayalk@...works.biz>, Daniel Vetter <daniel@...ll.ch>,
 Helge Deller <deller@....de>, Javier Martinez Canillas <javierm@...hat.com>,
 linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org,
 linux-kernel@...r.kernel.org, tiwai@...e.de, bigeasy@...utronix.de,
 patrik.r.jakobsson@...il.com, Vegard Nossum <vegard.nossum@...cle.com>,
 George Kennedy <george.kennedy@...cle.com>,
 Darren Kenny <darren.kenny@...cle.com>, chuansheng.liu@...el.com,
 Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>,
 stable@...r.kernel.org
Subject: Re: [PATCH] fbdev: fix incorrect address computation in deferred IO

Hi

Am 23.04.24 um 11:55 schrieb Nam Cao:
[...]
>>> Fix this by taking the mapping offset into account.
>>>
>>> Reported-and-tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
>>> Closes: https://lore.kernel.org/linux-fbdev/271372d6-e665-4e7f-b088-dee5f4ab341a@oracle.com
>>> Fixes: 56c134f7f1b5 ("fbdev: Track deferred-I/O pages in pageref struct")
>>> Cc: stable@...r.kernel.org
>>> Signed-off-by: Nam Cao <namcao@...utronix.de>
>>> ---
>>>    drivers/video/fbdev/core/fb_defio.c | 3 ++-
>>>    1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
>>> index dae96c9f61cf..d5d6cd9e8b29 100644
>>> --- a/drivers/video/fbdev/core/fb_defio.c
>>> +++ b/drivers/video/fbdev/core/fb_defio.c
>>> @@ -196,7 +196,8 @@ static vm_fault_t fb_deferred_io_track_page(struct fb_info *info, unsigned long
>>>     */
>>>    static vm_fault_t fb_deferred_io_page_mkwrite(struct fb_info *info, struct vm_fault *vmf)
>>>    {
>>> -	unsigned long offset = vmf->address - vmf->vma->vm_start;
>>> +	unsigned long offset = vmf->address - vmf->vma->vm_start
>>> +			+ (vmf->vma->vm_pgoff << PAGE_SHIFT);
>> The page-fault handler at [1] use vm_fault.pgoff to retrieve the page
>> structure. Can we do the same here and avoid that computation?
> Yes, thanks for the suggestion.
>
> It will change things a bit: offset will not be the exact value anymore,
> but will be rounded down to multiple of PAGE_SIZE. But that doesn't matter,
> because it will only be used to calculate the page offset later on.
>
> We can clean this up and rename this "offset" to "pg_offset". But that's
> for another day.

But can't we use struct vm_fault.pgoff directly? The page-fault handler 
has used it since forever. The look-up code for the pageref should 
probably do the same, because there's a 1:1 connection between the page 
and the pageref. The pageref structure only exists because we cannot 
store its data in struct page directly.

AFAICT pgoff is exactly the value want to compute. See [1] and  the 
calculation at [2].

[1] https://elixir.bootlin.com/linux/v6.8/source/mm/memory.c#L5222
[2] 
https://elixir.bootlin.com/linux/v6.8/source/include/linux/pagemap.h#L957

Best regards
Thomas

>
> Best regards,
> Nam

-- 
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
HRB 36809 (AG Nuernberg)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ