Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754512AbbB0Roh (ORCPT ); Fri, 27 Feb 2015 12:44:37 -0500 Received: from mailout3.w1.samsung.com ([210.118.77.13]:15038 "EHLO mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751776AbbB0Rof (ORCPT ); Fri, 27 Feb 2015 12:44:35 -0500 X-AuditID: cbfec7f4-b7f126d000001e9a-81-54f0ac70f5c5 From: Andrey Ryabinin To: linux-kernel@vger.kernel.org Cc: dvyukov@google.com, kcc@google.com, dmitryc@google.com, adech.fo@gmail.com, tetra2005@gmail.com, koct9i@gmail.com, sasha.levin@oracle.com, cl@linux.com, iamjoonsoo.kim@lge.com, dave.hansen@intel.com, andi@firstfloor.org, mingo@elte.hu, tglx@linutronix.de, hpa@zytor.com, penberg@kernel.org, rientjes@google.com, gregkh@linuxfoundation.org, arve@android.com, riandrews@android.com, serban.constantinescu@arm.com, john.stultz@linaro.org, sumit.semwal@linaro.org, devel@driverdev.osuosl.org, Andrey Ryabinin Subject: [PATCH v2] android: binder: fix binder mmap failures Date: Fri, 27 Feb 2015 20:44:21 +0300 Message-id: <1425059061-5489-1-git-send-email-a.ryabinin@samsung.com> X-Mailer: git-send-email 2.3.0 In-reply-to: References: X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmplkeLIzCtJLcpLzFFi42I5/e/4Zd2CNR9CDD7OYbXY9usRm8XvvTNZ LY5c+85u8f7vfTaL69/eMFp8evmA0WLPmV/sFs8fPmS3mPCwjd2iefF6NotpG8UtVnY3s1mc +a1rsf3ZWyaLlZ0PWC0u75rDZrHlUjOrRdvnf6wWrzf9ZbRoW7KRyWLxkdvMFlPe/mW3OHX3 M7vFu2eTmS02b5rK7CDpsW33NlaPNfPWMHrc23eYxeNW2x9mj/k7PzJ67Jx1l91jwaZSj8V7 XjJ5bFrVyebR9fYKk8eda3vYPN6dO8fu8eTKdCaP/XPXsHt8fHqLxaNvyyrGAKEoLpuU1JzM stQifbsErowDa04yFcyRqXi7t4O5gXGyRBcjJ4eEgInEgmvTWSFsMYkL99azdTFycQgJLGWU 2Nc/nQnC6WOSWPLnN1gVm4CexL9Z29lAbBEBBYnNvc9YQYqYBRazSPzo/sAMkhAWsJXYtn8q kM3BwSKgKrFmrj9ImFfAVWLx0XOMENvkJObcuQhmcwoES+ybegvMFhIIkJizbh/7BEbeBYwM qxhFU0uTC4qT0nMN9YoTc4tL89L1kvNzNzFCou7LDsbFx6wOMQpwMCrx8DoIfggRYk0sK67M PcQowcGsJMKbsAwoxJuSWFmVWpQfX1Sak1p8iJGJg1OqgbHN8vc8Fn878+9Nn06EvAzsmp7c W/21ZWqQ30muN806zfttvLb/b285PCWA1cPuia9hXvNuIe38n+v0DsYKHPLhPLs8bndSacmr AoP2WYcnxpudOLJBlumYm6RtV+vsS4Zfkh7F7BNWXWxZd+/DwQ5xP5nZ68+daS+duPDm8u0v GaI4XmdvXajEUpyRaKjFXFScCAAJAbQXmAIAAA== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3774 Lines: 88 binder_update_page_range() initializes only addr and size fields in 'struct vm_struct tmp_area;' and passes it to map_vm_area(). Before 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation") this was because map_vm_area() didn't use any other fields in vm_struct except addr and size. Now get_vm_area_size() (used in map_vm_area()) reads vm_struct's flags to determine whether vm area has guard hole or not. binder_update_page_range() don't initialize flags field, so this causes following binder mmap failures: -----------[ cut here ]------------ WARNING: CPU: 0 PID: 1971 at mm/vmalloc.c:130 vmap_page_range_noflush+0x119/0x144() CPU: 0 PID: 1971 Comm: healthd Not tainted 4.0.0-rc1-00399-g7da3fdc-dirty #157 Hardware name: ARM-Versatile Express [] (unwind_backtrace) from [] (show_stack+0x11/0x14) [] (show_stack) from [] (dump_stack+0x59/0x7c) [] (dump_stack) from [] (warn_slowpath_common+0x55/0x84) [] (warn_slowpath_common) from [] (warn_slowpath_null+0x17/0x1c) [] (warn_slowpath_null) from [] (vmap_page_range_noflush+0x119/0x144) [] (vmap_page_range_noflush) from [] (map_vm_area+0x27/0x48) [] (map_vm_area) from [] (binder_update_page_range+0x12f/0x27c) [] (binder_update_page_range) from [] (binder_mmap+0xbf/0x1ac) [] (binder_mmap) from [] (mmap_region+0x2eb/0x4d4) [] (mmap_region) from [] (do_mmap_pgoff+0x1e7/0x250) [] (do_mmap_pgoff) from [] (vm_mmap_pgoff+0x45/0x60) [] (vm_mmap_pgoff) from [] (SyS_mmap_pgoff+0x5d/0x80) [] (SyS_mmap_pgoff) from [] (ret_fast_syscall+0x1/0x5c) ---[ end trace 48c2c4b9a1349e54 ]--- binder: 1982: binder_alloc_buf failed to map page at f0e00000 in kernel binder: binder_mmap: 1982 b6bde000-b6cdc000 alloc small buf failed -12 Use map_kernel_range_noflush() instead of map_vm_area() as this is better API for binder's purposes and it allows to get rid of 'vm_struct tmp_area' at all. Fixes: 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation") Signed-off-by: Andrey Ryabinin Reported-by: Amit Pundir --- Changes since v1: - fixed ret check after map_kernel_ranges_noflush(). drivers/android/binder.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 33b09b6..6607f3c 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -551,7 +551,6 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate, { void *page_addr; unsigned long user_page_addr; - struct vm_struct tmp_area; struct page **page; struct mm_struct *mm; @@ -600,10 +599,11 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate, proc->pid, page_addr); goto err_alloc_page_failed; } - tmp_area.addr = page_addr; - tmp_area.size = PAGE_SIZE + PAGE_SIZE /* guard page? */; - ret = map_vm_area(&tmp_area, PAGE_KERNEL, page); - if (ret) { + ret = map_kernel_range_noflush((unsigned long)page_addr, + PAGE_SIZE, PAGE_KERNEL, page); + flush_cache_vmap((unsigned long)page_addr, + (unsigned long)page_addr + PAGE_SIZE); + if (ret != 1) { pr_err("%d: binder_alloc_buf failed to map page at %p in kernel\n", proc->pid, page_addr); goto err_map_kernel_failed; -- 2.3.0 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/