2022-09-19 16:01:14

by Dawei Li

[permalink] [raw]
Subject: [PATCH] mm: mmap lock holding assertion on remap_pfn_range

remap_pfn_range() creates/modifies the mapping between user virtual
address and physical address, the caller of which must hold mmap
writer lock to achieve access consistency of mapping.

The callers fall into categories below:
1) fops->mmap() implemented by driver
For this case, mmap_lock has been taken externally, the rule holds true.

2) Some arch codes do mapping on their own(vdso e.g.), rather than via
fops->mmap().

3) Some driver codes do mapping into user address space, for some
reasons, the mapping is not implemented by fops->mmap().

For the last two cases, an explicit assertion must be made.

Signed-off-by: Dawei Li <[email protected]>
---
mm/memory.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/mm/memory.c b/mm/memory.c
index 118e5f023597..fd0ec1250974 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2551,6 +2551,11 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
{
int err;

+ if (!vma->vm_mm)
+ return -EINVAL;
+
+ mmap_assert_write_locked(vma->vm_mm);
+
err = track_pfn_remap(vma, &prot, pfn, addr, PAGE_ALIGN(size));
if (err)
return -EINVAL;
--
2.25.1


2022-09-19 21:35:21

by Andrew Morton

[permalink] [raw]
Subject: Re: [PATCH] mm: mmap lock holding assertion on remap_pfn_range

On Mon, 19 Sep 2022 23:47:32 +0800 Dawei Li <[email protected]> wrote:

> remap_pfn_range() creates/modifies the mapping between user virtual
> address and physical address, the caller of which must hold mmap
> writer lock to achieve access consistency of mapping.
>
> The callers fall into categories below:
> 1) fops->mmap() implemented by driver
> For this case, mmap_lock has been taken externally, the rule holds true.
>
> 2) Some arch codes do mapping on their own(vdso e.g.), rather than via
> fops->mmap().
>
> 3) Some driver codes do mapping into user address space, for some
> reasons, the mapping is not implemented by fops->mmap().
>
> For the last two cases, an explicit assertion must be made.

Why "must" it be made? Are callers known to get this wrong?

> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -2551,6 +2551,11 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
> {
> int err;
>
> + if (!vma->vm_mm)
> + return -EINVAL;

Can this happen? If so, under what circumstances?

> + mmap_assert_write_locked(vma->vm_mm);
> +
> err = track_pfn_remap(vma, &prot, pfn, addr, PAGE_ALIGN(size));
> if (err)
> return -EINVAL;
> --
> 2.25.1