Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754651AbbB0Qa2 (ORCPT ); Fri, 27 Feb 2015 11:30:28 -0500 Received: from mailout2.w1.samsung.com ([210.118.77.12]:15916 "EHLO mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753685AbbB0Qa0 (ORCPT ); Fri, 27 Feb 2015 11:30:26 -0500 X-AuditID: cbfec7f5-b7fc86d0000066b7-28-54f09b0a0c99 From: Andrey Ryabinin To: linux-kernel@vger.kernel.org Cc: dvyukov@google.com, kcc@google.com, dmitryc@google.com, adech.fo@gmail.com, tetra2005@gmail.com, koct9i@gmail.com, sasha.levin@oracle.com, cl@linux.com, iamjoonsoo.kim@lge.com, dave.hansen@intel.com, andi@firstfloor.org, mingo@elte.hu, tglx@linutronix.de, hpa@zytor.com, penberg@kernel.org, rientjes@google.com, gregkh@linuxfoundation.org, arve@android.com, riandrews@android.com, serban.constantinescu@arm.com, john.stultz@linaro.org, sumit.semwal@linaro.org, devel@driverdev.osuosl.org, Andrey Ryabinin Subject: [PATCH] android: binder: fix binder mmap failures Date: Fri, 27 Feb 2015 19:30:14 +0300 Message-id: <1425054614-388-1-git-send-email-a.ryabinin@samsung.com> X-Mailer: git-send-email 2.3.0 In-reply-to: References: X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmplkeLIzCtJLcpLzFFi42I5/e/4FV2u2R9CDD7c0rPY9usRm8XvvTNZ LY5c+85u8f7vfTaL69/eMFp8evmA0WLPmV/sFs8fPmS3mPCwjd2iefF6NotpG8UtVnY3s1mc +a1rsf3ZWyaLlZ0PWC0u75rDZrHlUjOrRdvnf6wWrzf9ZbRoW7KRyWLxkdvMFlPe/mW3OHX3 M7vFu2eTmS02b5rK7CDpsW33NlaPNfPWMHrc23eYxeNW2x9mj/k7PzJ67Jx1l91jwaZSj8V7 XjJ5bFrVyebR9fYKk8eda3vYPN6dO8fu8eTKdCaP/XPXsHt8fHqLxaNvyyrGAKEoLpuU1JzM stQifbsEroz+H3fZC6ZIV3w80MXcwLhKvIuRk0NCwERixupmdghbTOLCvfVsXYxcHEICSxkl zh9sZwRJCAn0MUksme4MYrMJ6En8m7WdDcQWEVCQ2Nz7jBWkgVlgMYvEj+4PzCAJYQEriWcH /4MVsQioSvTvfsQKYvMKuEjMf3aWFWKbnMScOxfBFnAKBEvsm3oLalmAxJx1+9gnMPIuYGRY xSiaWppcUJyUnmukV5yYW1yal66XnJ+7iRESdV93MC49ZnWIUYCDUYmH10PiQ4gQa2JZcWXu IUYJDmYlEd7CKqAQb0piZVVqUX58UWlOavEhRiYOTqkGxmiNv9yZcicq4oPTTzQuuy141VX6 ec9+nYmb1dM6oiZN6jZeEpLWmHdOS0dA3cF99rmI/wI73HzcFqgsjRL2rai39LJtqKo/b617 7AjD8x71xA8T7W8fsAq/rGbFrP9Js/FIwiH/BQfazj9Q4z1QwWhYEVX1QvrV9pAT3bMXW52f 2BFoHnNNiaU4I9FQi7moOBEAx4MUbpgCAAA= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3643 Lines: 83 binder_update_page_range() initializes only addr and size fields in 'struct vm_struct tmp_area;' and passes it to map_vm_area(). Before 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation") this was because map_vm_area() didn't use any other fields in vm_struct except addr and size. Now get_vm_area_size() (used in map_vm_area()) reads vm_struct's flags to determine whether vm area has guard hole or not. binder_update_page_range() don't initialize flags field, so this causes following binder mmap failures: -----------[ cut here ]------------ WARNING: CPU: 0 PID: 1971 at mm/vmalloc.c:130 vmap_page_range_noflush+0x119/0x144() CPU: 0 PID: 1971 Comm: healthd Not tainted 4.0.0-rc1-00399-g7da3fdc-dirty #157 Hardware name: ARM-Versatile Express [] (unwind_backtrace) from [] (show_stack+0x11/0x14) [] (show_stack) from [] (dump_stack+0x59/0x7c) [] (dump_stack) from [] (warn_slowpath_common+0x55/0x84) [] (warn_slowpath_common) from [] (warn_slowpath_null+0x17/0x1c) [] (warn_slowpath_null) from [] (vmap_page_range_noflush+0x119/0x144) [] (vmap_page_range_noflush) from [] (map_vm_area+0x27/0x48) [] (map_vm_area) from [] (binder_update_page_range+0x12f/0x27c) [] (binder_update_page_range) from [] (binder_mmap+0xbf/0x1ac) [] (binder_mmap) from [] (mmap_region+0x2eb/0x4d4) [] (mmap_region) from [] (do_mmap_pgoff+0x1e7/0x250) [] (do_mmap_pgoff) from [] (vm_mmap_pgoff+0x45/0x60) [] (vm_mmap_pgoff) from [] (SyS_mmap_pgoff+0x5d/0x80) [] (SyS_mmap_pgoff) from [] (ret_fast_syscall+0x1/0x5c) ---[ end trace 48c2c4b9a1349e54 ]--- binder: 1982: binder_alloc_buf failed to map page at f0e00000 in kernel binder: binder_mmap: 1982 b6bde000-b6cdc000 alloc small buf failed -12 Use map_kernel_range_noflush() instead of map_vm_area() as this is better API for binder's purposes and it allows to get rid of 'vm_struct tmp_area' at all. Fixes: 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation") Signed-off-by: Andrey Ryabinin Reported-by: Amit Pundir --- drivers/android/binder.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 33b09b6..a984fbb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -551,7 +551,6 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate, { void *page_addr; unsigned long user_page_addr; - struct vm_struct tmp_area; struct page **page; struct mm_struct *mm; @@ -600,9 +599,10 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate, proc->pid, page_addr); goto err_alloc_page_failed; } - tmp_area.addr = page_addr; - tmp_area.size = PAGE_SIZE + PAGE_SIZE /* guard page? */; - ret = map_vm_area(&tmp_area, PAGE_KERNEL, page); + ret = map_kernel_range_noflush((unsigned long)page_addr, + PAGE_SIZE, PAGE_KERNEL, page); + flush_cache_vmap((unsigned long)page_addr, + (unsigned long)page_addr + PAGE_SIZE); if (ret) { pr_err("%d: binder_alloc_buf failed to map page at %p in kernel\n", proc->pid, page_addr); -- 2.3.0 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/