On 26.01.23 13:55, Jason Gunthorpe wrote:
On Thu, Jan 26, 2023 at 01:48:46PM +0100, David Hildenbrand wrote:
On 24.01.23 21:34, Jason Gunthorpe wrote:
Move the flags that should not/are not used outside gup.c and related into
mm/internal.h to discourage driver abuse.
To make this more maintainable going forward compact the two FOLL ranges
with new bit numbers from 0 to 11 and 16 to 21, using shifts so it is
explict.
Switch to an enum so the whole thing is easier to read.
Using a __bitwise type would be even better, but that requires quite some
adjustments ...
The primary leftover for FOLL_GET seems to be follow_page(). IIRC, there is
only one caller that doesn't pass FOLL_GET (s390). We could either add a new
function to "probe" that anything is mapped (IIRC that's the use case), or
simply ref+unref.
Is that code even safe as written? I don't really understand how it
can safely call lock_page() on something it doesn't have a reference
too ?
Let me look into the details ... I remember reviewing that before I got
to study the beauty of GUP in more detail.
CCin Claudio
So adding the FOLL_GET and put_page seems like a good idea to me? At a
minimum this should get a comment to explain why it is OK.
At first sight, it really feels like the right thing to do. Maybe
another good reason to handle FOLL_GET vs. FOLL_PIN completely internal.
Harder to abuse.
S390 people?
int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb)
{
[..]
rc = -ENXIO;
page = follow_page(vma, uaddr, FOLL_WRITE);
if (IS_ERR_OR_NULL(page))
goto out;
lock_page(page);
ptep = get_locked_pte(gmap->mm, uaddr, &ptelock);
Jason
--
Thanks,
David / dhildenb
