Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp230899imu; Wed, 2 Jan 2019 05:43:54 -0800 (PST) X-Google-Smtp-Source: ALg8bN5yg7UggFgIqAn4TbUGgLi3gtpU3J5d82wvs7PlO76odFi+4EDWUz2v2kj1wxKCz0umq+zr X-Received: by 2002:a17:902:b90b:: with SMTP id bf11mr43000523plb.284.1546436634833; Wed, 02 Jan 2019 05:43:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546436634; cv=none; d=google.com; s=arc-20160816; b=JBGnpHXcB+AQR+jP2/8S4YwH3N6wZXI1Yv6At+s6lYjmbXBaPgipGQ5ZNMJDVbcpHy E0gA97tNCn44yzMhWIKzwuOhrYlWdCE2byYghv82bU2RbPNLlVFtgn/sjLkexrRbISUz pfJImM+OGLUDsJ8a6yhUkMCBdqgRz7Je/+S1U8krzmES07vNchbiEXCW7JSupEv+Lhy/ SysM4Zvn9UHuCy5AIapgD++8ibNVLzrD5ttHVfhETxIsXk5ajTzcN/HMFZPszruAV3Cd 4LxrYiH8Zwv8m+CMi4ZGSex1+ZD+oF0B4YBQzzkQ4+hs3RXFsatYeNrBDvDTfnSWWhQc G/gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=SezKeaYuk6nk7occBjh6L8uqtXsHTPs6Hbj337dY8hk=; b=ES9xIfHjB0C7sn1GvvnvarKu42+7yRRfwNtQPQVPGvzeXjdU/0ltl7Yts89gRapgEF rpXRAkkSdXbOPwDq9YtpwW8aujCxvT7sxA5moN2fgGpRWWJaFLMlGphNv0C1Dl52bUEV 2WKfHCPcDcyhovXCCqETgED5g9OM3b7DxPYX0ZmnLUhZlpR8KDpRpK603epcuvGknOby Je5UimEjG/+bch8PwVk/ImJN2uFCE3kWGqp4eKSlC29f0Y1DN4ZW8kB5wWl4xgQukyV4 UX9EWxSsmisGmyq5NrtuDn0MW6NoKC2LKVQbRzcbskNTdoGubX1zgnokGfJOiioJ5FnG pNNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Qt5z6qJG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l66si6720208pga.151.2019.01.02.05.43.39; Wed, 02 Jan 2019 05:43:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Qt5z6qJG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729206AbfABKxa (ORCPT + 99 others); Wed, 2 Jan 2019 05:53:30 -0500 Received: from mail-lj1-f193.google.com ([209.85.208.193]:32860 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727631AbfABKx3 (ORCPT ); Wed, 2 Jan 2019 05:53:29 -0500 Received: by mail-lj1-f193.google.com with SMTP id v1-v6so26702943ljd.0; Wed, 02 Jan 2019 02:53:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SezKeaYuk6nk7occBjh6L8uqtXsHTPs6Hbj337dY8hk=; b=Qt5z6qJGB9o9aGKd2wu1bhsmzEmdcDzaLxP82MQjif7xhWIw1UWk0ZnlJTMC9xvoN6 mBIXkib4q11Ofmjr++AElHoRXjW2lvlTw+Gd+RbJFOrrcVyQTOnaIAOGVTj8Ec/D6WEV Xt4ni8bIGny1nGnbEp6gYIBs+xrkOy3fG1ykkyHzdsrAS69uhcl/1+hadweqRUG4sIEy lbPd/8Y4pAHNkKA+zkIbSw3sMt+jw5nMsQ7dTVDtFyciFa43x93Y8BjuWlygWrOOSHaV RTwlWIJXdj05/Jdg/5Z/6y+x7+1pI11xPhnhbSZ3+08BMNSK0e29ewTR43WCAHis0qmm meIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SezKeaYuk6nk7occBjh6L8uqtXsHTPs6Hbj337dY8hk=; b=hF2LgKaYZW9aF3RFvelJRO+fxqR2w61hDsonSBiG9KmWcMVNtuufJvrK1BJsLPKOLE 1LM3Syd3j2n9b0LCHNeJfGQ/wHdmzk6pVjtsuPNPkiPrgzWSniSA0HN9ZjTl3wAQgF8+ 1XFSU52rCAzYYUu9Wo+GML3PfmUm1HTOmACnE475v76dxx1zp7w+sJ+B2PBMVf5G+6oV UwdkfVL7AM19qR2sDgyM3s9c1HtIWnq74zGd5ZN6bvLkJk2XWboT+AdOd9q9ZB8DCKj6 uraboiqt8zOH7oKTu30FzvpP7XEt6gAHZwP4TPvC9ZDF6I4c42kpm1/gbqd9o0tn8TA1 cuZA== X-Gm-Message-State: AA+aEWbyGHKKSBRIzMhZYG1moUID6wy0CFZiP/D5YOj5FJFyTkWeJL9Y 3xut5iwMBYFSB6knXwo+D38m9JOm+99kaHxE7j4= X-Received: by 2002:a2e:630a:: with SMTP id x10-v6mr23330309ljb.11.1546426407321; Wed, 02 Jan 2019 02:53:27 -0800 (PST) MIME-Version: 1.0 References: <20181224132658.GA22166@jordon-HP-15-Notebook-PC> In-Reply-To: <20181224132658.GA22166@jordon-HP-15-Notebook-PC> From: Souptick Joarder Date: Wed, 2 Jan 2019 16:23:15 +0530 Message-ID: Subject: Re: [PATCH v5 7/9] videobuf2/videobuf2-dma-sg.c: Convert to use vm_insert_range To: Andrew Morton , Matthew Wilcox , Michal Hocko , pawel@osciak.com, Marek Szyprowski , Kyungmin Park , mchehab@kernel.org, Russell King - ARM Linux , robin.murphy@arm.com Cc: linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, Linux-MM Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 24, 2018 at 6:53 PM Souptick Joarder wrote: > > Convert to use vm_insert_range to map range of kernel memory > to user vma. > > Signed-off-by: Souptick Joarder > Reviewed-by: Matthew Wilcox > Acked-by: Marek Szyprowski > Acked-by: Mauro Carvalho Chehab > --- > drivers/media/common/videobuf2/videobuf2-dma-sg.c | 23 +++++++---------------- > 1 file changed, 7 insertions(+), 16 deletions(-) > > diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c > index 015e737..898adef 100644 > --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c > +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c > @@ -328,28 +328,19 @@ static unsigned int vb2_dma_sg_num_users(void *buf_priv) > static int vb2_dma_sg_mmap(void *buf_priv, struct vm_area_struct *vma) > { > struct vb2_dma_sg_buf *buf = buf_priv; > - unsigned long uaddr = vma->vm_start; > - unsigned long usize = vma->vm_end - vma->vm_start; > - int i = 0; > + unsigned long page_count = vma_pages(vma); > + int err; > > if (!buf) { > printk(KERN_ERR "No memory to map\n"); > return -EINVAL; > } > > - do { > - int ret; > - > - ret = vm_insert_page(vma, uaddr, buf->pages[i++]); > - if (ret) { > - printk(KERN_ERR "Remapping memory, error: %d\n", ret); > - return ret; > - } > - > - uaddr += PAGE_SIZE; > - usize -= PAGE_SIZE; > - } while (usize > 0); > - > + err = vm_insert_range(vma, vma->vm_start, buf->pages, page_count); > + if (err) { > + printk(KERN_ERR "Remapping memory, error: %d\n", err); > + return err; > + } > Looking into the original code - drivers/media/common/videobuf2/videobuf2-dma-sg.c Inside vb2_dma_sg_alloc(), ... buf->num_pages = size >> PAGE_SHIFT; buf->dma_sgt = &buf->sg_table; buf->pages = kvmalloc_array(buf->num_pages, sizeof(struct page *), GFP_KERNEL | __GFP_ZERO); ... buf->pages has index upto *buf->num_pages*. now inside vb2_dma_sg_mmap(), unsigned long usize = vma->vm_end - vma->vm_start; int i = 0; ... do { int ret; ret = vm_insert_page(vma, uaddr, buf->pages[i++]); if (ret) { printk(KERN_ERR "Remapping memory, error: %d\n", ret); return ret; } uaddr += PAGE_SIZE; usize -= PAGE_SIZE; } while (usize > 0); ... is it possible for any value of *i > (buf->num_pages)*, buf->pages[i] is going to overrun the page boundary ?