Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp40143imu;
        Wed, 2 Jan 2019 13:37:48 -0800 (PST)
X-Google-Smtp-Source: AFSGD/XGObpXyRLA69G3DVYAn46AHr1b37WZHbDmiGJRfzMP+cYXWWQpZDzC8bXbGVgONLrzK9U5
X-Received: by 2002:a62:5e41:: with SMTP id s62mr45382972pfb.232.1546465068107;
        Wed, 02 Jan 2019 13:37:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1546465068; cv=none;
        d=google.com; s=arc-20160816;
        b=iGZ2CwOxbG9NQC+3YKQSoMCcFDpQjIg3NA2uD7EoEP/OrKdWuE+705kRrZXCf7Q6Hv
         uwkG6zzzDJJRoMUasl/HA5/fOdmx8DQYGwfyanjUsFQpCoaicFqw9jn7dF46lIgdLhTp
         cW9CNaQFa2fhxwtvQRRxGZChgVrd5KinSsvwwoIuGJ7WmllVmaZd8tnIEYS2m00tF/8q
         P/eK8V8f6pBRTq6LMZNu+UkX9/msohlVPz7zE5OKdm1YopsHOOR01CAITQEbl7YkXjng
         uLKz+OU67hrJ/hi6RBz6LtaAS45hX0aOuOimHm8kefw8pRVcYAd9kt9s8OIESt6SzXld
         RtYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=H0TThPyKzDm2TNNQAjf6clRHUIGAL0tpEQheWlPEAJg=;
        b=ch9lw6Rkuons4Ph0FEGsCraot6Ixize7vMJw7xMxQUptduUXVLNXsr6TOqIafuUiBN
         LYK4hz+kVjy49WvA/uaaJLC+p/5xg1acsDm5YPMcDRBZ0sdthxoVuLkZB7WURFYrWQj/
         gqqW5lCJXauVZ8X7Wj1DFJi1cj+/HLARxMOJLn7NE7TnH6GbHV6O6TrMrZ63FYQUvfzl
         3Uj7/npZ0ty1fh7B5Da+h9wDc6nGVXPGjthtVs6kR2hQKQ5kOB7SAHAX1h0+CT/TLHoL
         ZeOn+qdwMQMV3nkCG1vch00T323PIWd7ADwsKTQoiNbQ2YoEgcThUG22Hv3NvIUPZP37
         t8AQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=uF27zpcS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k5si968991pfj.153.2019.01.02.13.37.23;
        Wed, 02 Jan 2019 13:37:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=uF27zpcS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728525AbfABSyb (ORCPT <rfc822;dacohen@gmail.com> + 99 others);
        Wed, 2 Jan 2019 13:54:31 -0500
Received: from mail-lf1-f68.google.com ([209.85.167.68]:37067 "EHLO
        mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728395AbfABSya (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 Jan 2019 13:54:30 -0500
Received: by mail-lf1-f68.google.com with SMTP id y11so21619501lfj.4
        for <linux-kernel@vger.kernel.org>; Wed, 02 Jan 2019 10:54:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=H0TThPyKzDm2TNNQAjf6clRHUIGAL0tpEQheWlPEAJg=;
        b=uF27zpcSxW4FK/pFshlTh+C0RI25exWJVydsIqaXcpteuwt9BR0V0JVVLsT0xWR6ZX
         g34IEDWcvEGjCactyz1Sv97ErjtVwfKP5NVOHe1wgRd8FqHH5lWvcM6o2GaN+zmc4Yuo
         VemKcc5QSvuWVU3fsD1pEpZOz4mNVt8odaCkVAHB3faHi6SVgWu8OuCw+W7GreXTi8Dr
         bHiEXiTUucccDC43vIi2SP73VElNrxqF0uiXFginYmDFutOucjJM4mw66cZK+TLeMASc
         WSbl6pgK8XKwkAGm95XvFRNAqStJAJUtfO5kkM6N2nqceOkyZunuveZIY6jZ2SjSdF4J
         zlww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=H0TThPyKzDm2TNNQAjf6clRHUIGAL0tpEQheWlPEAJg=;
        b=BM4PbvAe/Q7IlUlTk1YxVRX4KMa9TxLTsupH/9jnRy8HsHfgjBfY+bEitwgz91LnoL
         VrFlDbyon9tjGh7TmGLk1fUQ4hF7kDnsPsVNIlvBh8PRSwGxQTxigIINnynIlKh8XxYF
         RcLEqoE0Ko15nR9YsjgUB5Uv7whvx2Ufv2a9YMhCbtt5G6++NXicTmi6ABAS3kj+8P4T
         BK8sv02g+KkBxBMI30dG29oO2WR74NCoCfLOkw63y+Ne8erEeFkoq3Qdjkpx1Nh/889u
         bEhPOeQ3k13pd4j5Z0Zcoty7FeLYoof46zdSzlW95Il6LJdT0YQIU5ElTlwNoOeVfYMf
         /PJg==
X-Gm-Message-State: AA+aEWbn2o0spbrZlyNdYsejmXQeJia7wLu1YHZAU0MIg8zbhwF3rrKu
        M846gO23JIoGILXxXNskVma2ybgMQp5Ovd2CR7fmtg==
X-Received: by 2002:a19:c70a:: with SMTP id x10mr21717597lff.88.1546455268476;
 Wed, 02 Jan 2019 10:54:28 -0800 (PST)
MIME-Version: 1.0
References: <20181224132751.GA22184@jordon-HP-15-Notebook-PC>
In-Reply-To: <20181224132751.GA22184@jordon-HP-15-Notebook-PC>
From:   Souptick Joarder <jrdr.linux@gmail.com>
Date:   Thu, 3 Jan 2019 00:28:19 +0530
Message-ID: <CAFqt6za2_BOZaynNV2iVkLCjadzyR_bOJog=R6j43dDCDwgFzw@mail.gmail.com>
Subject: Re: [PATCH v5 8/9] xen/gntdev.c: Convert to use vm_insert_range
To:     Andrew Morton <akpm@linux-foundation.org>,
        Matthew Wilcox <willy@infradead.org>,
        Michal Hocko <mhocko@suse.com>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Juergen Gross <jgross@suse.com>,
        Russell King - ARM Linux <linux@armlinux.org.uk>,
        robin.murphy@arm.com
Cc:     xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
        Linux-MM <linux-mm@kvack.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Dec 24, 2018 at 6:53 PM Souptick Joarder <jrdr.linux@gmail.com> wrote:
>
> Convert to use vm_insert_range() to map range of kernel
> memory to user vma.
>
> Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
> Reviewed-by: Matthew Wilcox <willy@infradead.org>
> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> ---
>  drivers/xen/gntdev.c | 11 ++++-------
>  1 file changed, 4 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
> index b0b02a5..430d4cb 100644
> --- a/drivers/xen/gntdev.c
> +++ b/drivers/xen/gntdev.c
> @@ -1084,7 +1084,7 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
>         int index = vma->vm_pgoff;
>         int count = vma_pages(vma);
>         struct gntdev_grant_map *map;
> -       int i, err = -EINVAL;
> +       int err = -EINVAL;
>
>         if ((vma->vm_flags & VM_WRITE) && !(vma->vm_flags & VM_SHARED))
>                 return -EINVAL;
> @@ -1145,12 +1145,9 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
>                 goto out_put_map;
>
>         if (!use_ptemod) {
> -               for (i = 0; i < count; i++) {
> -                       err = vm_insert_page(vma, vma->vm_start + i*PAGE_SIZE,
> -                               map->pages[i]);
> -                       if (err)
> -                               goto out_put_map;
> -               }

Looking into the original code, the loop should run from i =0 to *i <
map->count*.
There is no error check for *count > map->count* and we might end up
overrun the map->pages[i] boundary.

While converting this code with suggested vm_insert_range(), this can be fixed.


> +               err = vm_insert_range(vma, vma->vm_start, map->pages, count);
> +               if (err)
> +                       goto out_put_map;
>         } else {
>  #ifdef CONFIG_X86
>                 /*
> --
> 1.9.1
>