The patch titled
Subject: mm/gup: fix omission of check on FOLL_LONGTERM in gup fast path
has been added to the -mm tree. Its filename is
mm-gup-fix-omission-of-check-on-foll_longterm-in-gup-fast-path.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/mm-gup-fix-omission-of-check-on-foll_longterm-in-gup-fast-path.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/mm-gup-fix-omission-of-check-on-foll_longterm-in-gup-fast-path.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Pingfan Liu <kernelfans@xxxxxxxxx>
Subject: mm/gup: fix omission of check on FOLL_LONGTERM in gup fast path
FOLL_LONGTERM suggests a pin which is going to be given to hardware and
can't move. It would truncate CMA permanently and should be excluded.
FOLL_LONGTERM has already been checked in the slow path, but not checked
in the fast path, which means a possible leak of CMA page to longterm
pinned requirement through this crack.
Place a check in gup_pte_range() in the fast path.
Link: http://lkml.kernel.org/r/1560422702-11403-3-git-send-email-kernelfans@xxxxxxxxx
Signed-off-by: Pingfan Liu <kernelfans@xxxxxxxxx>
Cc: Ira Weiny <ira.weiny@xxxxxxxxx>
Cc: Mike Rapoport <rppt@xxxxxxxxxxxxx>
Cc: Dan Williams <dan.j.williams@xxxxxxxxx>
Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Cc: John Hubbard <jhubbard@xxxxxxxxxx>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@xxxxxxxxxxxxx>
Cc: Keith Busch <keith.busch@xxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Cc: Shuah Khan <shuah@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/gup.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
--- a/mm/gup.c~mm-gup-fix-omission-of-check-on-foll_longterm-in-gup-fast-path
+++ a/mm/gup.c
@@ -1758,6 +1758,14 @@ static int gup_pte_range(pmd_t pmd, unsi
VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
page = pte_page(pte);
+ /*
+ * FOLL_LONGTERM suggests a pin given to hardware. Prevent it
+ * from truncating CMA area
+ */
+ if (unlikely(flags & FOLL_LONGTERM) &&
+ is_migrate_cma_page(page))
+ goto pte_unmap;
+
head = try_get_compound_head(page, 1);
if (!head)
goto pte_unmap;
@@ -1901,6 +1909,12 @@ static int gup_huge_pmd(pmd_t orig, pmd_
refs++;
} while (addr += PAGE_SIZE, addr != end);
+ if (unlikely(flags & FOLL_LONGTERM) &&
+ is_migrate_cma_page(page)) {
+ *nr -= refs;
+ return 0;
+ }
+
head = try_get_compound_head(pmd_page(orig), refs);
if (!head) {
*nr -= refs;
@@ -1942,6 +1956,12 @@ static int gup_huge_pud(pud_t orig, pud_
refs++;
} while (addr += PAGE_SIZE, addr != end);
+ if (unlikely(flags & FOLL_LONGTERM) &&
+ is_migrate_cma_page(page)) {
+ *nr -= refs;
+ return 0;
+ }
+
head = try_get_compound_head(pud_page(orig), refs);
if (!head) {
*nr -= refs;
@@ -1979,6 +1999,12 @@ static int gup_huge_pgd(pgd_t orig, pgd_
refs++;
} while (addr += PAGE_SIZE, addr != end);
+ if (unlikely(flags & FOLL_LONGTERM) &&
+ is_migrate_cma_page(page)) {
+ *nr -= refs;
+ return 0;
+ }
+
head = try_get_compound_head(pgd_page(orig), refs);
if (!head) {
*nr -= refs;
_
Patches currently in -mm which might be from kernelfans@xxxxxxxxx are
mm-gup-rename-nr-as-nr_pinned-in-get_user_pages_fast.patch
mm-gup-fix-omission-of-check-on-foll_longterm-in-gup-fast-path.patch
mm-gup_benchemark-add-longterm_benchmark-test-in-gup-fast-path.patch
