On 2016/4/23 2:38, Andrew Morton wrote:
On Fri, 22 Apr 2016 18:31:28 +0800 Yongji Xie <xyjxie@xxxxxxxxxxxxxxxxxx> wrote:
We used generic hooks in remap_pfn_range to help archs to
track pfnmap regions. The code is something like:
int remap_pfn_range()
{
...
track_pfn_remap(vma, &prot, pfn, addr, PAGE_ALIGN(size));
...
pfn -= addr >> PAGE_SHIFT;
...
untrack_pfn(vma, pfn, PAGE_ALIGN(size));
...
}
Here we can easily find the pfn is changed but not recovered
before untrack_pfn() is called. That's incorrect.
What are the runtime effects of this bug?
No, this is just a fix in theory:-) .
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1755,6 +1755,7 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
break;
} while (pgd++, addr = next, addr != end);
+ pfn += (end - PAGE_ALIGN(size)) >> PAGE_SHIFT;
if (err)
untrack_pfn(vma, pfn, PAGE_ALIGN(size));
I'm having trouble understanding this. Wouldn't it be better to simply
save the track_pfn_remap() call's `pfn' arg in a new local variable?
Yes, it's a little difficult to understand this. I will send a v2 soon.
Thanks,
Yongji
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>