On 1 Sep 2018, at 13:28, Fengguang Wu <fengguang.wu@xxxxxxxxx> wrote:
> +static ssize_t ept_idle_read(struct file *file, char *buf,
> + size_t count, loff_t *ppos)
> +{
> + struct task_struct *task = file->private_data;
> + struct ept_idle_ctrl *eic;
> + unsigned long hva_start = *ppos << BITMAP_BYTE2PVA_SHIFT;
> + unsigned long hva_end = hva_start + (count << BITMAP_BYTE2PVA_SHIFT);
> + int ret;
> +
> + if (*ppos % IDLE_BITMAP_CHUNK_SIZE ||
> + count % IDLE_BITMAP_CHUNK_SIZE)
> + return -EINVAL;
> +
> + eic = kzalloc(sizeof(*eic), GFP_KERNEL);
> + if (!eic)
> + return -EBUSY;
> +
> + eic->buf = buf;
> + eic->buf_size = count;
> + eic->kvm = task_kvm(task);
> + if (!eic->kvm) {
> + ret = -EINVAL;
> + goto out_free;
> + }
I think you need to increment the refcount while using kvm,
otherwise kvm can be destroyed from another thread while you're
walking it.
-Nikita
> +
> + ret = ept_idle_walk_hva_range(eic, hva_start, hva_end);
> + if (ret)
> + goto out_free;
> +
> + ret = eic->bytes_copied;
> + *ppos += ret;
> +out_free:
> + kfree(eic);
> +
> + return ret;
> +}
