| Message ID | 20200517235620.205225-2-jhubbard@nvidia.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | rapidio: convert to pin_user_pages(), plus a small fix | expand |
On Sun, 17 May 2020 16:56:19 -0700 John Hubbard <jhubbard@nvidia.com> wrote: > In the case of get_user_pages_fast() returning fewer pages than > requested, rio_dma_transfer() does not quite do the right thing. > It attempts to release all the pages that were requested, rather > than just the pages that were pinned. > > Fix the error handling so that only the pages that were successfully > pinned are released. > > ... > > --- a/drivers/rapidio/devices/rio_mport_cdev.c > +++ b/drivers/rapidio/devices/rio_mport_cdev.c > @@ -877,6 +877,11 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, > rmcd_error("pinned %ld out of %ld pages", > pinned, nr_pages); > ret = -EFAULT; > + /* > + * Set nr_pages up to mean "how many pages to unpin, in > + * the error handler: > + */ > + nr_pages = pinned; > goto err_pg; > } The code is a bit odd. If (xfer->loc_addr == 0) then we do the `else' stuff then fall through to err_pg: if (!req->page_list) { for (i = 0; i < nr_pages; i++) put_page(page_list[i]); kfree(page_list); } all of which is a big no-op because nr_pages==0 and page_list==NULL, but it could all be easily avoided. Oh well. Reviewed-by:me.
diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c index 8155f59ece38..10af330153b5 100644 --- a/drivers/rapidio/devices/rio_mport_cdev.c +++ b/drivers/rapidio/devices/rio_mport_cdev.c @@ -877,6 +877,11 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, rmcd_error("pinned %ld out of %ld pages", pinned, nr_pages); ret = -EFAULT; + /* + * Set nr_pages up to mean "how many pages to unpin, in + * the error handler: + */ + nr_pages = pinned; goto err_pg; }
In the case of get_user_pages_fast() returning fewer pages than requested, rio_dma_transfer() does not quite do the right thing. It attempts to release all the pages that were requested, rather than just the pages that were pinned. Fix the error handling so that only the pages that were successfully pinned are released. Fixes: e8de370188d0 ("rapidio: add mport char device driver") Cc: Matt Porter <mporter@kernel.crashing.org> Cc: Alexandre Bounine <alex.bou9@gmail.com> Cc: Sumit Semwal <sumit.semwal@linaro.org> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: linux-media@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: John Hubbard <jhubbard@nvidia.com> --- drivers/rapidio/devices/rio_mport_cdev.c | 5 +++++ 1 file changed, 5 insertions(+)