Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1545772imm;
        Wed, 1 Aug 2018 18:48:22 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpfogSOKhVw4CwN8xqvkXTIAK3mSWswwVGYZlbX9IwZuPYN8fsj043ZmAAXIxDS3j5aDQYwF
X-Received: by 2002:a17:902:c6:: with SMTP id a64-v6mr618785pla.180.1533174502481;
        Wed, 01 Aug 2018 18:48:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533174502; cv=none;
        d=google.com; s=arc-20160816;
        b=rXXo9kvuH+7HXbZ+g2C9CeQz0T2+lpwHNu+hNehDXSlWRTXAwQeqH3XyyVQNqEr1T9
         vGI7iHVucWs/BGrp9xPUWkYetlEqAcEeQQAcl8/XQ5IeqDPbZ233e/PZMM1HWu9EVsfl
         TzGMzNYxc2KnJ+tyqt3PoBjCDA19+T6gOIaqJpiFy/WcZcfsxyXrHWrwFS5wxZQNRpNo
         5MnjdEw/hEy5QpeY9Hsph1BgCn6w6cr5XM0WAo1iOmglT+0gQR0FQ3pFZbmKC07Irzp+
         qGsBeVVPyW8f2JeGRNpBft1opkWwAP7oSib4405udc6K2eWRkCfA90OzjyS7Jv7nhpeF
         NwBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=Eq9hWWgFe6ledyV2l5AKJjFhXYmSWMkmpZS/UH8D6Nc=;
        b=IV6/kzoNO0L3lQFvRr2g5NCSNAkryEhYNO6xiPYjbZ22PWEIr1VuFcd0d+C4R80DHX
         zzDFrBE652itlFcdQrwQIHklVsAd2gIquo36NsLIgQFwV/nb2AEr08sbkFYNVUgnGtpw
         IzB87p4MRxbzGUimgOxK0n6m2urxjtHU1BZvRH5WROlYbEGVLlJU8vP+R/+7mKLyHmrv
         C+qzaQS0vyR5iDvW369PuPFlUwYzy1Pf6B8o9Df+J5EkQ1vTSyKjYQEn10L1b+uOb2l4
         Gnz4thu4NLlmAtogPNEihh66iWV8vjIQjNrveaIsdbps/Atg8JvYM66Hf7V/Dfp397xr
         a9Hw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f62-v6si657334pfg.165.2018.08.01.18.48.07;
        Wed, 01 Aug 2018 18:48:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732116AbeHBDf4 (ORCPT <rfc822;kkdevenda@gmail.com> + 99 others);
        Wed, 1 Aug 2018 23:35:56 -0400
Received: from mga06.intel.com ([134.134.136.31]:14467 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729460AbeHBDf4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 Aug 2018 23:35:56 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Aug 2018 18:47:15 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,434,1526367600"; 
   d="scan'208";a="61362567"
Received: from dazhang1-z97x.sh.intel.com (HELO [10.239.13.115]) ([10.239.13.115])
  by orsmga007.jf.intel.com with ESMTP; 01 Aug 2018 18:47:07 -0700
Subject: Re: [RFC PATCH 1/1] device-dax: check for vma range while dax_mmap.
To:     Dave Jiang <dave.jiang@intel.com>, linux-kernel@vger.kernel.org,
        linux-nvdimm@lists.01.org, dan.j.williams@intel.com, jack@suse.cz,
        zwisler@kernel.org, yu.c.zhang@intel.com
Cc:     yi.z.zhang@intel.com
References: <e260d513ab831bfe1298374c87c6cca5f7dd3a6f.1533036772.git.yi.z.zhang@linux.intel.com>
 <12a2ebd8-0f15-7d0a-697c-172ed7f77f92@intel.com>
From:   "Zhang,Yi" <yi.z.zhang@linux.intel.com>
Message-ID: <5aaca496-af2b-71b1-26af-b2400e0bcb43@linux.intel.com>
Date:   Thu, 2 Aug 2018 17:32:57 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <12a2ebd8-0f15-7d0a-697c-172ed7f77f92@intel.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 2018年08月02日 03:40, Dave Jiang wrote:
>
> On 07/31/2018 04:46 AM, Zhang Yi wrote:
>> It should be prevent user map an illegal vma range which larger than
>> dax device phiscal resourse, as we don't have swap logic while page
>> faulting in dax device.
> This patch prevents a user mapping an illegal vma range that is larger
> than a dax device physical resource.
>
>> Applications, especailly qemu, map the /dev/dax for virtual nvdimm's
>> backend device, we defined the v-nvdimm label area at the end of mapped
>> rang. By using an illegal size that exceeds the physical resource of
>> /dev/dax, then it will triger qemu a signal fault while accessing these
>> label area.
> When qemu maps the dax device for virtual nvdimm's backend device, the
> v-nvdimm label area is defined at the end of mapped range. By using an
> illegal size that exceeds the range of the device dax, it will trigger a
> fault with qemu.
Thanks Dava, that's could be much better.
>
>> Signed-off-by: Zhang Yi <yi.z.zhang@linux.intel.com>
>> ---
>>  drivers/dax/device.c | 28 ++++++++++++++++++++++++++++
>>  1 file changed, 28 insertions(+)
>>
>> diff --git a/drivers/dax/device.c b/drivers/dax/device.c
>> index aff2c15..c9a50cd 100644
>> --- a/drivers/dax/device.c
>> +++ b/drivers/dax/device.c
>> @@ -177,6 +177,32 @@ static const struct attribute_group *dax_attribute_groups[] = {
>>  	NULL,
>>  };
>>  
>> +static int check_vma_range(struct dev_dax *dev_dax, struct vm_area_struct *vma,
>> +		const char *func)
>> +{
>> +	struct device *dev = &dev_dax->dev;
>> +	struct resource *res;
>> +	unsigned long size;
>> +	int ret, i;
>> +
>> +	if (!dax_alive(dev_dax->dax_dev))
>> +		return -ENXIO;
>> +
>> +	size = vma->vm_end - vma->vm_start + (vma->vm_pgoff << PAGE_SHIFT);
>> +	ret = -EINVAL;
>> +	for (i = 0; i < dev_dax->num_resources; i++) {
>> +		res = &dev_dax->res[i];
>> +		if (size > resource_size(res)) {
>> +			dev_info(dev, "%s: %s: fail, vma range is overflow\n",
>> +				current->comm, func);
>> +			ret = -EINVAL;
>> +			continue;
>> +		} else
>> +			return 0;
>> +	}
>> +	return ret;
>> +}
>> +
>>  static int check_vma(struct dev_dax *dev_dax, struct vm_area_struct *vma,
>>  		const char *func)
>>  {
>> @@ -465,6 +491,8 @@ static int dax_mmap(struct file *filp, struct vm_area_struct *vma)
>>  	 */
>>  	id = dax_read_lock();
>>  	rc = check_vma(dev_dax, vma, __func__);
>> +	if (!rc)
>> +		rc |= check_vma_range(dev_dax, vma, __func__);
> I think you want to augment check_vma() rather than adding another
> function? If this is added inside check_vma() then you can also skip the
> !dax_alive() check. Do you expect this function to be called anywhere else?
since check_vma range also will be called while dax page faulting.  I
don't wanna this check_vma_range introduce some additional workload
while page fault. just let it checked in the mmap scenario
>
>>  	dax_read_unlock(id);
>>  	if (rc)
>>  		return rc;
>>