Re: [PATCH v3 8/15] iommufd: Algorithms for PFN storage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 03, 2022 at 05:08:08PM -0300, Jason Gunthorpe wrote:
> +static void pfn_reader_release_pins(struct pfn_reader *pfns)
>  {
>  	struct iopt_pages *pages = pfns->pages;
>  
> @@ -1005,12 +1013,20 @@ static void pfn_reader_destroy(struct pfn_reader *pfns)
>  		unpin_user_pages(pfns->user.upages + (pfns->batch_end_index -
>  						      pfns->user.upages_start),
>  				 npages);
> +		iopt_pages_sub_npinned(pages, npages);
> +		pfns->user.upages_end = pfns->batch_end_index;
>  	}

Syzkaller says the hidden if above is no good on error paths where the
pfn_reader has already advanced - it makes npages go negative:

-       if (pfns->user.upages) {
+       if (pfns->user.upages_end > pfns->batch_end_index) {

Jason



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux