From patchwork Mon Apr 7 03:03:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Baoquan He X-Patchwork-Id: 14039660 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75122C36002 for ; Mon, 7 Apr 2025 03:03:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CE1276B0008; Sun, 6 Apr 2025 23:03:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C65EA6B000A; Sun, 6 Apr 2025 23:03:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ADF686B000C; Sun, 6 Apr 2025 23:03:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 8B56C6B0008 for ; Sun, 6 Apr 2025 23:03:41 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 0AF8458FC4 for ; Mon, 7 Apr 2025 03:03:42 +0000 (UTC) X-FDA: 83305752684.18.B96B10C Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf16.hostedemail.com (Postfix) with ESMTP id 459EA18000C for ; Mon, 7 Apr 2025 03:03:40 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=byuPrl9e; dmarc=pass (policy=quarantine) header.from=redhat.com; spf=pass (imf16.hostedemail.com: domain of bhe@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=bhe@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1743995020; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WfJMyqNy/t97b+P9yQjERuT06PZQ+0TGu1JM+vWKq/A=; b=5yTFdD1NF7rpHbMib27T11VV0s37enWeV5miY5QJysofd4jF99CDGeycvulYYjA2rKyXPw CgbnrfWB6l757D/rkaDvWEv8AaMme15r9G1jfidUTlSqAOr+ygVNcKIIiwB391WBOhkzj6 EFHSMkoY7yprutry8CPouDcYgJATnG4= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=byuPrl9e; dmarc=pass (policy=quarantine) header.from=redhat.com; spf=pass (imf16.hostedemail.com: domain of bhe@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=bhe@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1743995020; a=rsa-sha256; cv=none; b=l2inI39B+1Zgy48lUhdWIN4qrI2HgdgcuXLzjOfWC8wPNXFCCf53WZMuhAabWA2k724Ngl iUze7TNCdRJhOenwoNTjoh97O3Tg1TOYIVAtj1IkECTMtKFwGXfT2XoQBQ/zOUR5n1E22t qd8rDAkhElHWeJTZU24VFB2ivoZj2cQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1743995019; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WfJMyqNy/t97b+P9yQjERuT06PZQ+0TGu1JM+vWKq/A=; b=byuPrl9ej57u6zLBLJG+pQMTXCNTQB/cstSWhkhAWT9j0QBTAmeYqH4+YwdvRqGfYlsodP 7tT+Q2BykVG4k3D6XYJ/yis1uJlRHRUHAt2D6EDzNXPDNZkA86k/EpyQrVKhOZGECbOaLh 07+zjJ+sGOCetPXYuCmAOoOETxs3x6c= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-464-7xi461BqNpmUQhAB1YDcFg-1; Sun, 06 Apr 2025 23:03:36 -0400 X-MC-Unique: 7xi461BqNpmUQhAB1YDcFg-1 X-Mimecast-MFC-AGG-ID: 7xi461BqNpmUQhAB1YDcFg_1743995015 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C6BB1180AF56; Mon, 7 Apr 2025 03:03:34 +0000 (UTC) Received: from MiWiFi-R3L-srv.redhat.com (unknown [10.72.112.15]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 3ECF51801752; Mon, 7 Apr 2025 03:03:28 +0000 (UTC) From: Baoquan He To: linux-mm@kvack.org Cc: akpm@linux-foundation.org, osalvador@suse.de, david@redhat.com, mingo@kernel.org, yanjun.zhu@linux.dev, linux-kernel@vger.kernel.org, Baoquan He Subject: [PATCH v3 1/3] mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Date: Mon, 7 Apr 2025 11:03:04 +0800 Message-ID: <20250407030306.411977-2-bhe@redhat.com> In-Reply-To: <20250407030306.411977-1-bhe@redhat.com> References: <20250407030306.411977-1-bhe@redhat.com> MIME-Version: 1.0 Content-type: text/plain X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 459EA18000C X-Stat-Signature: 6ruqqx3am1zysiq4x1a8ip1kom6kbq6c X-Rspam-User: X-HE-Tag: 1743995020-122918 X-HE-Meta: U2FsdGVkX1/eR2+fQEZQVv+1BQd+Ofq9omlfcExjBq253lXbtxmuFeSYpGlGenSDQG5P/5d8etA2R1x7lLgnqWvkBR1vm0kwthJ3hdnY2S24vf/z5wSjfEcKm65Hb9R0tz+63ok528pLiUuRu1e1KO/WNtK0Fpyy0kzftxq0w/Il1Cq+sacMoIK/KiTKaVqwgnKisPGY/XRAzW0qOXr9GK+jmvK49ACXYI19+ETk+gbg/gDwrqjI4QOyqqU8JO+E9xwkzpXKxC5V2zH8CiLsjVXCx2sPUhDRSVxBk1od/n5I6m0xDpz2Ocxl1X6ggSGiEy/S++19Vwj/schnCbBt7G0v+y/A0CFFHXf99ShpWP0OSco9Hqb5x980KczLj9kz1mQFK0JBBRHaISSlbcL2U+s4ugGE8ak7tWHOqY9gkN48OgJ9LYwmJs41fU15o6jcwxgJaBMb3RJxHPUnDBxTd2248kNrSbz36xmD7QLFNtyVsc6f3/UqFxApJW21wf4g11S4CDvmNISmtDa3V9pFFgVum3Vx4Fm3Zacr0VswZ4JGNkosqc/jYVArDLIiVl5UmlAGL1N0B2cEtGQjpMMdYbp9Lp6k0bGeXsCnE1jDaPVW6AJtNGboPPGb8l1PNbPXzrYGdr8xrdWSoSY+T59AZSzf/+XYyhyH20BEuK3+FTFY7X92Z7+HON+X5/XlrSyQbPJA8BSaZJbCDo/wKBmQ68AOuPpAaqvWGOFV3tEd3w1ScKQfKzaqaeFcY3ASoiKwXQcuA8TBpA2GsK9awGr8MpaqFEXbHcCVycN97B6VpTqbumAUFZU1Ux7CuE6z23GiUiXRwlZDW/3UcSY3/lxUNoHpPMxdFXYbdjg5XJga2lhYTsHRHkOAfk5CqQBRibMozg7iy/EGkyNRQOZeXfvL2rmsp06tvYkB51j5k62dokCaTxTiZ+PEf1SAEN1ZYVVaPz4SzzBGKvSosTrvfBR abSmkh+T TiufSfqRdl+CC3HRzaX0NUlkXmu9iaYi+AeKd7FTS6T/0ItX0mrjk5TSQoJofMvf6O6CiRgjqRzAk9ed4Enw+qRV+IWQbOblXZ0KdkrsYMW+hLz6zY9GIuY7TPyJi660DvH9TmQkNx7gieVIjUYQXAJKewn2Wtuy7AgBUpGIDgfB6y18X6PJ2JfKQSyJTPHEkyNc1AyMuTTqXD29Aeke6UHEdbyvJ8LUkMTd6mJWJHziDsYe1A4ZA3nei1SV5hYn4yaGru74rYRy1vvogcK+oniZxxZtR+AcjF6mflX/CNe2c+wTSdwzBEjUNzVChxcdTF7iUcXJ8n0/mf3Vl9U9XtHL8MSNkOwr3kA2IiHC/lyg/mJ0D9bkQ/41gPot2jtCfdwL/ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Not like fault_in_readable() or fault_in_writeable(), in fault_in_safe_writeable() local variable 'start' is increased page by page to loop till the whole address range is handled. However, it mistakenly calcalates the size of handled range with 'uaddr - start'. Here fix the code bug in fault_in_safe_writeable(), and also adjusting the codes in fault_in_readable() and fault_in_writeable() to use local variable 'start' to loop so that codes in these three functions are consistent. Signed-off-by: Baoquan He --- mm/gup.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/mm/gup.c b/mm/gup.c index 92351e2fa876..67a7de9e4f80 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2114,7 +2114,7 @@ static long __get_user_pages_locked(struct mm_struct *mm, unsigned long start, */ size_t fault_in_writeable(char __user *uaddr, size_t size) { - char __user *start = uaddr, *end; + unsigned long start = (unsigned long)uaddr, end; if (unlikely(size == 0)) return 0; @@ -2122,20 +2122,20 @@ size_t fault_in_writeable(char __user *uaddr, size_t size) return size; if (!PAGE_ALIGNED(uaddr)) { unsafe_put_user(0, uaddr, out); - uaddr = (char __user *)PAGE_ALIGN((unsigned long)uaddr); + start = PAGE_ALIGN((unsigned long)uaddr); } - end = (char __user *)PAGE_ALIGN((unsigned long)start + size); + end = PAGE_ALIGN(start + size); if (unlikely(end < start)) - end = NULL; - while (uaddr != end) { - unsafe_put_user(0, uaddr, out); - uaddr += PAGE_SIZE; + end = 0; + while (start != end) { + unsafe_put_user(0, (char __user *)start, out); + start += PAGE_SIZE; } out: user_write_access_end(); - if (size > uaddr - start) - return size - (uaddr - start); + if (size > start - (unsigned long)uaddr) + return size - (start - (unsigned long)uaddr); return 0; } EXPORT_SYMBOL(fault_in_writeable); @@ -2207,8 +2207,8 @@ size_t fault_in_safe_writeable(const char __user *uaddr, size_t size) } while (start != end); mmap_read_unlock(mm); - if (size > (unsigned long)uaddr - start) - return size - ((unsigned long)uaddr - start); + if (size > start - (unsigned long)uaddr) + return size - (start - (unsigned long)uaddr); return 0; } EXPORT_SYMBOL(fault_in_safe_writeable); @@ -2223,7 +2223,7 @@ EXPORT_SYMBOL(fault_in_safe_writeable); */ size_t fault_in_readable(const char __user *uaddr, size_t size) { - const char __user *start = uaddr, *end; + unsigned long start = (unsigned long)uaddr, end; volatile char c; if (unlikely(size == 0)) @@ -2232,21 +2232,21 @@ size_t fault_in_readable(const char __user *uaddr, size_t size) return size; if (!PAGE_ALIGNED(uaddr)) { unsafe_get_user(c, uaddr, out); - uaddr = (const char __user *)PAGE_ALIGN((unsigned long)uaddr); + start = PAGE_ALIGN((unsigned long)uaddr); } - end = (const char __user *)PAGE_ALIGN((unsigned long)start + size); + end = PAGE_ALIGN(start + size); if (unlikely(end < start)) - end = NULL; - while (uaddr != end) { - unsafe_get_user(c, uaddr, out); - uaddr += PAGE_SIZE; + end = 0; + while (start != end) { + unsafe_get_user(c, (const char __user *)start, out); + start += PAGE_SIZE; } out: user_read_access_end(); (void)c; - if (size > uaddr - start) - return size - (uaddr - start); + if (size > start - (unsigned long)uaddr) + return size - (start - (unsigned long)uaddr); return 0; } EXPORT_SYMBOL(fault_in_readable);