Re: [PATCH for-rc v2] RDMA/efa: Handle mmap insertions overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18/06/2019 21:48, Jason Gunthorpe wrote:
> On Tue, Jun 18, 2019 at 04:07:32PM +0300, Gal Pressman wrote:
>> When inserting a new mmap entry to the xarray we should check for
>> 'mmap_page' overflow as it is limited to 32 bits.
>>
>> Fixes: 40909f664d27 ("RDMA/efa: Add EFA verbs implementation")
>> Signed-off-by: Gal Pressman <galpress@xxxxxxxxxx>
>> Changelog:
>> v1->v2
>> * Bring back the ucontext->mmap_xa_page assignment before __xa_insert
>>  drivers/infiniband/hw/efa/efa_verbs.c | 21 ++++++++++++++++-----
>>  1 file changed, 16 insertions(+), 5 deletions(-)
>>
>> diff --git a/drivers/infiniband/hw/efa/efa_verbs.c b/drivers/infiniband/hw/efa/efa_verbs.c
>> index 0fea5d63fdbe..fb6115244d4c 100644
>> +++ b/drivers/infiniband/hw/efa/efa_verbs.c
>> @@ -204,6 +204,7 @@ static u64 mmap_entry_insert(struct efa_dev *dev, struct efa_ucontext *ucontext,
>>  			     void *obj, u64 address, u64 length, u8 mmap_flag)
>>  {
>>  	struct efa_mmap_entry *entry;
>> +	u32 next_mmap_page;
>>  	int err;
>>  
>>  	entry = kmalloc(sizeof(*entry), GFP_KERNEL);
>> @@ -216,15 +217,19 @@ static u64 mmap_entry_insert(struct efa_dev *dev, struct efa_ucontext *ucontext,
>>  	entry->mmap_flag = mmap_flag;
>>  
>>  	xa_lock(&ucontext->mmap_xa);
>> +	if (check_add_overflow(ucontext->mmap_xa_page,
>> +			       (u32)(length >> PAGE_SHIFT),
>> +			       &next_mmap_page))
>> +		goto err_unlock;
>> +
>>  	entry->mmap_page = ucontext->mmap_xa_page;
>> -	ucontext->mmap_xa_page += DIV_ROUND_UP(length, PAGE_SIZE);
> 
> Why did DIV_ROUND_UP become >> ?

Since length is guaranteed to be a multiple of PAGE_SIZE.



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux