Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp1123093pxb; Wed, 4 Nov 2020 00:07:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJz7WpF53xPrDGKQjVQATGlbhwnzmBwzy4JzItuyZLsBSIFpOgOVJuEBVVZDjYpZ7nija8Cx X-Received: by 2002:a17:906:9457:: with SMTP id z23mr23040323ejx.296.1604477244540; Wed, 04 Nov 2020 00:07:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604477244; cv=none; d=google.com; s=arc-20160816; b=TKxj4ardaZNJZoJdMwaYiml/25JvGJJ3z6E1FnmH9Xw9FxKJaaXqtvAM+DI4tVtaP6 /JKorUQGEq8eF9f5SEmCiCS4P5H1dbqLT5T49dR9WG10wUqyJS9uMrfzxZUQcg0YQO/P UB6g3ZQwGbuGMae/GYRxORFJ07rd9vr+oK/jrWouxAbrGVQrUCBAOo32BHJ/PZsiuuO6 fbGqr+aIl9Es5Sq+Klki6UyepglZBtuWJzxv/Zu179UZWsUZUeXblV48orbGlq27Wpbj twpV3NwQ+O2KUnuXuWn6TzRenpayPuhu3d4nJJYjk6q+SV+w+KNtqcMmOF3aWmcf8l4N hMFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:references:to :from:subject:dkim-signature; bh=lSHGlcZONhf6qBQExAcS/zcrqWFtE8KDWWdwXpyQQ+o=; b=zlC/C04Jv2fgyK2eVGMMZ5gEa8ZlDhaIlfhPVTNOG4dAA2EnJvI/tjOb0D3xKtvTKk wLdYi5r6HrShmQX4S30cuca0lt+1DjVFpulvGZq1QoCPx+KMtyGPiq14HlZGllF3RhhP 1aPDz3/Hly3ZXLxmM7roAxr/omIiOhO0QJEfh7Efi5fQltiS4C/QKe0FfIQEcxNb7auz 8beU2bhy6ksVT+oGOoezwrA6OMForOfk0a9GSA7jq0/+obYATH7PPRIRPMII9NxKJ6MF G9gc02g5XYVoobzVm/YIS5N/wU77hCoZ0KSw0D0e/w8QmVR4++oiss7Oi8L6oXrSEgn+ YWkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=JQRa+YZu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t14si949093ejy.440.2020.11.04.00.07.01; Wed, 04 Nov 2020 00:07:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=JQRa+YZu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727923AbgKDIDV (ORCPT + 99 others); Wed, 4 Nov 2020 03:03:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41412 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726152AbgKDIDV (ORCPT ); Wed, 4 Nov 2020 03:03:21 -0500 Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0AD2C061A4D; Wed, 4 Nov 2020 00:03:20 -0800 (PST) Received: by mail-ej1-x644.google.com with SMTP id k3so28387834ejj.10; Wed, 04 Nov 2020 00:03:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=lSHGlcZONhf6qBQExAcS/zcrqWFtE8KDWWdwXpyQQ+o=; b=JQRa+YZuAJZjt1g7TC9uAoHYTcFw/40zCiI/3Bz628T8dyzU/yCN5jgd/Etdq+GbEH rvQ0wwkqSkrFz6SZ+s29kV53j3Ij6xInhh5wd2YonabzH3OIqagnV3Y/fwYlJGUIsbju M6Pgp2sRf+Jk2ZRChyJYcGR/I0zh9K3Rl6el5aeVgdm0J8zJkqP5jgFK3OycNIjnoidP GdBR+n1qZJtM6kAiVsUJ4iPzD4JNOEnxhbkijpte9JvvDa/5TM/FLLZ573iv+9j6gIM6 I7tnIrRTbVArZ2dr8ZpE/5Cpmo4V7ibsFSprrAEKDa5kJlkpzbHvcUOw6a6iEgUHUr/2 z5xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=lSHGlcZONhf6qBQExAcS/zcrqWFtE8KDWWdwXpyQQ+o=; b=uKtzNPKXuyB11kMa2pEQm5xkoSxtvZnofJG3l8rmSZ2WT9a+aszYl/zWH0O9+Qck7u cS4CcRsXcBU3PUg7entZ8m43W3MpopSDElKjSWvuL3CnQUbs1UQ+j6q13A4VL2CqV+me n9ODlnwz48c3NQ/VpnQNb0FYjnCtWrFxit5mYAp2pIKra5eH/JXK+U0U4OZfnYGYCbHv rTG0VFAAr/cKFoO3ab0c+YW2RtNAtyclJr5CPpGITo86PehmbNd37mPBZVgI5zJBlARS 95iJjq+BiPus7KT+eITUz0M/A4DnutssrOmbDbNSwylKX21VOUxpRH+CsDAgLCLfAY3e aQIg== X-Gm-Message-State: AOAM5315164I4SXRt204rVHBoWti3N+y7nZAHj3v+EafhdfSYarCxXmV l75g4p24aZBgb/Lwc0vmKYx3ByqCbco= X-Received: by 2002:a17:906:c1d4:: with SMTP id bw20mr23369417ejb.91.1604476999489; Wed, 04 Nov 2020 00:03:19 -0800 (PST) Received: from ?IPv6:2a02:908:1252:fb60:be8a:bd56:1f94:86e7? ([2a02:908:1252:fb60:be8a:bd56:1f94:86e7]) by smtp.gmail.com with ESMTPSA id f25sm600558edr.53.2020.11.04.00.03.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Nov 2020 00:03:18 -0800 (PST) Subject: Re: [PATCH 1/2] mm: mmap: fix fput in error path v2 From: =?UTF-8?Q?Christian_K=c3=b6nig?= To: akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linaro-mm-sig@lists.linaro.org, dri-devel@lists.freedesktop.org, linux-media@vger.kernel.org, chris@chris-wilson.co.uk, airlied@redhat.com, daniel@ffwll.ch, sumit.semwal@linaro.org, willy@infradead.org, jhubbard@nvidia.com, jgg@ziepe.ca, linmiaohe@huawei.com References: <20201012085203.56119-1-christian.koenig@amd.com> Message-ID: Date: Wed, 4 Nov 2020 09:03:15 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20201012085203.56119-1-christian.koenig@amd.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If nobody comes up with an objections I'm going to merge that through drm-misc-next. Thanks, Christian. Am 12.10.20 um 10:52 schrieb Christian König: > Patch "495c10cc1c0c CHROMIUM: dma-buf: restore args..." > adds a workaround for a bug in mmap_region. > > As the comment states ->mmap() callback can change > vma->vm_file and so we might call fput() on the wrong file. > > Revert the workaround and proper fix this in mmap_region. > > v2: drop the extra if in dma_buf_mmap as well > > Signed-off-by: Christian König > Reviewed-by: Jason Gunthorpe > --- > drivers/dma-buf/dma-buf.c | 20 +++----------------- > mm/mmap.c | 2 +- > 2 files changed, 4 insertions(+), 18 deletions(-) > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c > index a6ba4d598f0e..08630d057cf2 100644 > --- a/drivers/dma-buf/dma-buf.c > +++ b/drivers/dma-buf/dma-buf.c > @@ -1143,9 +1143,6 @@ EXPORT_SYMBOL_GPL(dma_buf_end_cpu_access); > int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma, > unsigned long pgoff) > { > - struct file *oldfile; > - int ret; > - > if (WARN_ON(!dmabuf || !vma)) > return -EINVAL; > > @@ -1163,22 +1160,11 @@ int dma_buf_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma, > return -EINVAL; > > /* readjust the vma */ > - get_file(dmabuf->file); > - oldfile = vma->vm_file; > - vma->vm_file = dmabuf->file; > + fput(vma->vm_file); > + vma->vm_file = get_file(dmabuf->file); > vma->vm_pgoff = pgoff; > > - ret = dmabuf->ops->mmap(dmabuf, vma); > - if (ret) { > - /* restore old parameters on failure */ > - vma->vm_file = oldfile; > - fput(dmabuf->file); > - } else { > - if (oldfile) > - fput(oldfile); > - } > - return ret; > - > + return dmabuf->ops->mmap(dmabuf, vma); > } > EXPORT_SYMBOL_GPL(dma_buf_mmap); > > diff --git a/mm/mmap.c b/mm/mmap.c > index 40248d84ad5f..3a2670d73355 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -1852,8 +1852,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr, > return addr; > > unmap_and_free_vma: > + fput(vma->vm_file); > vma->vm_file = NULL; > - fput(file); > > /* Undo any partial mapping done by a device driver. */ > unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);