> +static int setup_pi_ext(struct kiocb *req, int is_write)
> +{
> + struct file *file = req->ki_filp;
> + struct io_extension *ext = &req->ki_ioext->ke_kern;
> + void *p;
> + unsigned long start, end;
> + int retval;
> +
> + if (!(file->f_flags & O_DIRECT)) {
> + pr_debug("EINVAL: can't use PI without O_DIRECT.\n");
> + return -EINVAL;
> + }
> +
> + BUG_ON(req->ki_ioext->ke_pi_iter.pi_userpages);
> +
> + end = (((unsigned long)ext->ie_pi_buf) + ext->ie_pi_buflen +
> + PAGE_SIZE - 1) >> PAGE_SHIFT;
> + start = ((unsigned long)ext->ie_pi_buf) >> PAGE_SHIFT;
> + req->ki_ioext->ke_pi_iter.pi_offset = offset_in_page(ext->ie_pi_buf);
> + req->ki_ioext->ke_pi_iter.pi_len = ext->ie_pi_buflen;
> + req->ki_ioext->ke_pi_iter.pi_nrpages = end - start;
> + p = kzalloc(req->ki_ioext->ke_pi_iter.pi_nrpages *
> + sizeof(struct page *),
> + GFP_NOIO);
Can userspace give us bad data and get us to generate insane allcation
attempt warnings?
> + if (p == NULL) {
> + pr_err("%s: no room for page array?\n", __func__);
> + return -ENOMEM;
> + }
> + req->ki_ioext->ke_pi_iter.pi_userpages = p;
> +
> + retval = get_user_pages_fast((unsigned long)ext->ie_pi_buf,
> + req->ki_ioext->ke_pi_iter.pi_nrpages,
> + is_write,
Isn't this is_write backwards? If it's a write syscall then the PI
pages is going to be read from.
- z
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>