First, when memory allocation for sg_list_unaligned failed, there
is no point of calling put_pages() as we haven't pinned any pages.
Second, if get_user_pages_fast() failed we should unpinned num_pinned
pages, no point of checking till num_pages.
This will address both.
Signed-off-by: Souptick Joarder <[email protected]>
---
drivers/virt/fsl_hypervisor.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/virt/fsl_hypervisor.c b/drivers/virt/fsl_hypervisor.c
index 1b0b11b..ea344d7 100644
--- a/drivers/virt/fsl_hypervisor.c
+++ b/drivers/virt/fsl_hypervisor.c
@@ -157,7 +157,7 @@ static long ioctl_memcpy(struct fsl_hv_ioctl_memcpy __user *p)
unsigned int i;
long ret = 0;
- int num_pinned; /* return value from get_user_pages() */
+ int num_pinned = 0; /* return value from get_user_pages() */
phys_addr_t remote_paddr; /* The next address in the remote buffer */
uint32_t count; /* The number of bytes left to copy */
@@ -293,7 +293,7 @@ static long ioctl_memcpy(struct fsl_hv_ioctl_memcpy __user *p)
exit:
if (pages) {
- for (i = 0; i < num_pages; i++)
+ for (i = 0; i < num_pinned; i++)
if (pages[i])
put_page(pages[i]);
}
--
1.9.1
On Thu, May 14, 2020 at 1:45 AM Souptick Joarder <[email protected]> wrote:
>
> First, when memory allocation for sg_list_unaligned failed, there
> is no point of calling put_pages() as we haven't pinned any pages.
>
> Second, if get_user_pages_fast() failed we should unpinned num_pinned
> pages, no point of checking till num_pages.
>
> This will address both.
Any comment on this patch ?
>
> Signed-off-by: Souptick Joarder <[email protected]>
> ---
> drivers/virt/fsl_hypervisor.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/virt/fsl_hypervisor.c b/drivers/virt/fsl_hypervisor.c
> index 1b0b11b..ea344d7 100644
> --- a/drivers/virt/fsl_hypervisor.c
> +++ b/drivers/virt/fsl_hypervisor.c
> @@ -157,7 +157,7 @@ static long ioctl_memcpy(struct fsl_hv_ioctl_memcpy __user *p)
>
> unsigned int i;
> long ret = 0;
> - int num_pinned; /* return value from get_user_pages() */
> + int num_pinned = 0; /* return value from get_user_pages() */
> phys_addr_t remote_paddr; /* The next address in the remote buffer */
> uint32_t count; /* The number of bytes left to copy */
>
> @@ -293,7 +293,7 @@ static long ioctl_memcpy(struct fsl_hv_ioctl_memcpy __user *p)
>
> exit:
> if (pages) {
> - for (i = 0; i < num_pages; i++)
> + for (i = 0; i < num_pinned; i++)
> if (pages[i])
> put_page(pages[i]);
> }
> --
> 1.9.1
>
On Thu, May 14, 2020 at 01:53:16AM +0530, Souptick Joarder wrote:
> First, when memory allocation for sg_list_unaligned failed, there
> is no point of calling put_pages() as we haven't pinned any pages.
>
> Second, if get_user_pages_fast() failed we should unpinned num_pinned
> pages, no point of checking till num_pages.
>
> This will address both.
>
> Signed-off-by: Souptick Joarder <[email protected]>
If gup_flags were | FOLL_LONGTERM then this patch would fix a double
free because of the put_page() in __gup_longterm_locked().
mm/gup.c
1786 if (check_dax_vmas(vmas_tmp, rc)) {
1787 for (i = 0; i < rc; i++)
1788 put_page(pages[i]);
^^^^^^^^^^^^^^^^^^^
put_page() here and also in the caller.
1789 rc = -EOPNOTSUPP;
1790 goto out;
1791 }
But since this isn't FOLL_LONGTERM the patch is a nice cleanup which
doesn't affect run time.
Reviewed-by: Dan Carpenter <[email protected]>
regards,
dan carpenter
On Fri, May 22, 2020 at 6:24 PM Dan Carpenter <[email protected]> wrote:
>
> On Thu, May 14, 2020 at 01:53:16AM +0530, Souptick Joarder wrote:
> > First, when memory allocation for sg_list_unaligned failed, there
> > is no point of calling put_pages() as we haven't pinned any pages.
> >
> > Second, if get_user_pages_fast() failed we should unpinned num_pinned
> > pages, no point of checking till num_pages.
> >
> > This will address both.
> >
> > Signed-off-by: Souptick Joarder <[email protected]>
>
> If gup_flags were | FOLL_LONGTERM then this patch would fix a double
> free because of the put_page() in __gup_longterm_locked().
>
> mm/gup.c
> 1786 if (check_dax_vmas(vmas_tmp, rc)) {
> 1787 for (i = 0; i < rc; i++)
> 1788 put_page(pages[i]);
> ^^^^^^^^^^^^^^^^^^^
> put_page() here and also in the caller.
>
> 1789 rc = -EOPNOTSUPP;
> 1790 goto out;
> 1791 }
>
> But since this isn't FOLL_LONGTERM the patch is a nice cleanup which
> doesn't affect run time.
>
> Reviewed-by: Dan Carpenter <[email protected]>
Hi Andrew,
Is it fine to take it through mm tree ?