| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <IA0PR11MB7185FC46BE53F16BA6A9C7C9F8812@IA0PR11MB7185.namprd11.prod.outlook.com>
Date: Mon, 28 Apr 2025 04:16:15 +0000
From: "Kasireddy, Vivek" <vivek.kasireddy@...el.com>
To: Huan Yang <link@...o.com>, Sumit Semwal <sumit.semwal@...aro.org>,
Christian König <christian.koenig@....com>, "Gerd
Hoffmann" <kraxel@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>,
Dave Airlie <airlied@...hat.com>, "linux-media@...r.kernel.org"
<linux-media@...r.kernel.org>, "dri-devel@...ts.freedesktop.org"
<dri-devel@...ts.freedesktop.org>, "linaro-mm-sig@...ts.linaro.org"
<linaro-mm-sig@...ts.linaro.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
CC: "opensource.kernel@...o.com" <opensource.kernel@...o.com>, Bingbu Cao
<bingbu.cao@...ux.intel.com>
Subject: RE: [PATCH 1/2] Revert "udmabuf: fix vmap_udmabuf error page set"
Hi Huan,
> Subject: Re: [PATCH 1/2] Revert "udmabuf: fix vmap_udmabuf error page set"
>
> From 38aa11d92f209e7529736f3e11e08dfc804bdfae Mon Sep 17 00:00:00
> 2001
> From: Huan Yang <link@...o.com>
> Date: Tue, 15 Apr 2025 10:04:18 +0800
> Subject: [PATCH 1/2] Revert "udmabuf: fix vmap_udmabuf error page set"
>
> This reverts commit 18d7de823b7150344d242c3677e65d68c5271b04.
>
> This given a misuse of vmap_pfn, vmap_pfn give a !pfn_valid check
> to avoid user miss use it. This API design to only for none-page struct
> based user invoke, i.e. PCIe BARs and other. So any page based will
> inject by !pfn_valid check.
>
> udmabuf used shmem or hugetlb as folio src, hence, page/folio based,
> can't use it.
Please consider having a commit message like below and resend both patches:
"We cannot use vmap_pfn() in vmap_udmabuf() as it would fail the pfn_valid()
check in vmap_pfn_apply(). This is because vmap_pfn() is intended to be
used for mapping non-struct-page memory such as PCIe BARs. Since, udmabuf
mostly works with pages/folios backed by shmem/hugetlbfs/THP, vmap_pfn()
is not the right tool or API to invoke for implementing vmap."
Thanks,
Vivek
>
> Signed-off-by: Huan Yang <link@...o.com>
> Reported-by: Bingbu Cao <bingbu.cao@...ux.intel.com>
> Closes: https://lore.kernel.org/dri-devel/eb7e0137-3508-4287-98c4-
> 816c5fd98e10@...o.com/T/#mbda4f64a3532b32e061f4e8763bc8e307bea3ca
> 8
> Acked-by: Vivek Kasireddy <vivek.kasireddy@...el.com>
> ---
> drivers/dma-buf/Kconfig | 1 -
> drivers/dma-buf/udmabuf.c | 22 +++++++---------------
> 2 files changed, 7 insertions(+), 16 deletions(-)
>
> diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig
> index fee04fdb0822..b46eb8a552d7 100644
> --- a/drivers/dma-buf/Kconfig
> +++ b/drivers/dma-buf/Kconfig
> @@ -36,7 +36,6 @@ config UDMABUF
> depends on DMA_SHARED_BUFFER
> depends on MEMFD_CREATE || COMPILE_TEST
> depends on MMU
> - select VMAP_PFN
> help
> A driver to let userspace turn memfd regions into dma-bufs.
> Qemu can use this to create host dmabufs for guest framebuffers.
> diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
> index 7eee3eb47a8e..79845565089d 100644
> --- a/drivers/dma-buf/udmabuf.c
> +++ b/drivers/dma-buf/udmabuf.c
> @@ -109,29 +109,21 @@ static int mmap_udmabuf(struct dma_buf *buf,
> struct vm_area_struct *vma)
> static int vmap_udmabuf(struct dma_buf *buf, struct iosys_map *map)
> {
> struct udmabuf *ubuf = buf->priv;
> - unsigned long *pfns;
> + struct page **pages;
> void *vaddr;
> pgoff_t pg;
>
> dma_resv_assert_held(buf->resv);
>
> - /**
> - * HVO may free tail pages, so just use pfn to map each folio
> - * into vmalloc area.
> - */
> - pfns = kvmalloc_array(ubuf->pagecount, sizeof(*pfns), GFP_KERNEL);
> - if (!pfns)
> + pages = kvmalloc_array(ubuf->pagecount, sizeof(*pages), GFP_KERNEL);
> + if (!pages)
> return -ENOMEM;
>
> - for (pg = 0; pg < ubuf->pagecount; pg++) {
> - unsigned long pfn = folio_pfn(ubuf->folios[pg]);
> -
> - pfn += ubuf->offsets[pg] >> PAGE_SHIFT;
> - pfns[pg] = pfn;
> - }
> + for (pg = 0; pg < ubuf->pagecount; pg++)
> + pages[pg] = &ubuf->folios[pg]->page;
>
> - vaddr = vmap_pfn(pfns, ubuf->pagecount, PAGE_KERNEL);
> - kvfree(pfns);
> + vaddr = vm_map_ram(pages, ubuf->pagecount, -1);
> + kvfree(pages);
> if (!vaddr)
> return -EINVAL;
>
> --
> 2.48.1
>
Powered by blists - more mailing lists