On Fri, 22 Apr 2016 18:31:28 +0800 Yongji Xie <xyjxie@xxxxxxxxxxxxxxxxxx> wrote:
> We used generic hooks in remap_pfn_range to help archs to
> track pfnmap regions. The code is something like:
>
> int remap_pfn_range()
> {
> ...
> track_pfn_remap(vma, &prot, pfn, addr, PAGE_ALIGN(size));
> ...
> pfn -= addr >> PAGE_SHIFT;
> ...
> untrack_pfn(vma, pfn, PAGE_ALIGN(size));
> ...
> }
>
> Here we can easily find the pfn is changed but not recovered
> before untrack_pfn() is called. That's incorrect.
What are the runtime effects of this bug?
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -1755,6 +1755,7 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
> break;
> } while (pgd++, addr = next, addr != end);
>
> + pfn += (end - PAGE_ALIGN(size)) >> PAGE_SHIFT;
> if (err)
> untrack_pfn(vma, pfn, PAGE_ALIGN(size));
I'm having trouble understanding this. Wouldn't it be better to simply
save the track_pfn_remap() call's `pfn' arg in a new local variable?
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>