On Wed, Oct 25, 2023 at 06:21:55PM +0530, Kanchan Joshi wrote: > On 10/18/2023 8:48 PM, Keith Busch wrote: > > } > > EXPORT_SYMBOL(bio_integrity_add_page); > > > > +int bio_integrity_map_user(struct bio *bio, void __user *ubuf, unsigned int len, > > + u32 seed, u32 maxvecs) > > +{ > > + struct request_queue *q = bdev_get_queue(bio->bi_bdev); > > + unsigned long align = q->dma_pad_mask | queue_dma_alignment(q); > > + struct page *stack_pages[UIO_FASTIOV]; > > + size_t offset = offset_in_page(ubuf); > > + unsigned long ptr = (uintptr_t)ubuf; > > + struct page **pages = stack_pages; > > + struct bio_integrity_payload *bip; > > + int npages, ret, i; > > + > > + if (bio_integrity(bio) || ptr & align || maxvecs > UIO_FASTIOV) > > + return -EINVAL; > > + > > + bip = bio_integrity_alloc(bio, GFP_KERNEL, maxvecs); > > + if (IS_ERR(bip)) > > + return PTR_ERR(bip); > > + > > + ret = pin_user_pages_fast(ptr, UIO_FASTIOV, FOLL_WRITE, pages); > > Why not pass maxvecs here? If you pass UIO_FASTIOV, it will map those > many pages here. And will result into a leak (missed unpin) eventually > (see below). The 'maxvecs' is for the number of bvecs, and UIO_FASTIOV is for the number of pages. A single bvec can contain multiple pages, so the idea was to attempt merging if multiple pages were required. This patch though didn't calculate the pages right. Next version I'm working on uses iov_iter instead. V2 also retains a kernel copy fallback.