- Linux-stable-mirror - lists.linaro.org

[PATCH] xtensa: don't clear cpenable unconditionally on release

by Max Filippov

fast_coprocessor exception handler expects that the coprocessor owner task never gets the "coprocessor disabled" exception for a coprocessor that is marked as enabled in the thread_info::cpenable. If that happens it will reload potentially outdated context from the thread_info structure into the coprocessor registers. Only call coprocessor_clear_cpenable from the coprocessor_release_all if the latter is called for the current task. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- arch/xtensa/kernel/process.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index 3fa0c440f664..6c7c80106f60 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -87,7 +87,8 @@ void coprocessor_release_all(struct thread_info *ti) } ti->cpenable = cpenable; - coprocessor_clear_cpenable(); + if (ti == current_thread_info()) + coprocessor_clear_cpenable(); preempt_enable(); } -- 2.11.0

7 years

1
1
0 0

[PATCH v2] f2fs: fix to update new block address correctly for OPU

by Jia Zhu

Previously, we allocated a new block address for OPU mode in direct_IO. But the new address couldn't be assigned to @map->m_pblk correctly. This patch fix it. Fixes: 511f52d02f05 ('f2fs: allow out-place-update for direct IO in LFS mode') Signed-off-by: Jia Zhu <zhujia13(a)huawei.com> --- v2: - update commit message. fs/f2fs/data.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 7226300..a3a567a 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1110,8 +1110,10 @@ int f2fs_map_blocks(struct inode *inode, struct f2fs_map_blocks *map, if (test_opt(sbi, LFS) && flag == F2FS_GET_BLOCK_DIO && map->m_may_create) { err = __allocate_data_block(&dn, map->m_seg_type); - if (!err) + if (!err) { + blkaddr = dn.data_blkaddr; set_inode_flag(inode, FI_APPEND_WRITE); + } } } else { if (create) { -- 2.10.1

7 years

3
2
0 0

[PATCH] xtensa: fix coprocessor context offset definitions

by Max Filippov

Coprocessor context offsets are used by the assembly code that moves coprocessor context between the individual fields of the thread_info::xtregs_cp structure and coprocessor registers. With all offsets pointing to the beginning of the xtregs_cp it is impossible to get or set any coprocessor register reliably through the ptrace interface in the presence of more than one coprocessor in the core configuration. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- arch/xtensa/kernel/asm-offsets.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/xtensa/kernel/asm-offsets.c b/arch/xtensa/kernel/asm-offsets.c index c67144bf0b26..33a257b33723 100644 --- a/arch/xtensa/kernel/asm-offsets.c +++ b/arch/xtensa/kernel/asm-offsets.c @@ -94,14 +94,14 @@ int main(void) DEFINE(THREAD_SP, offsetof (struct task_struct, thread.sp)); DEFINE(THREAD_CPENABLE, offsetof (struct thread_info, cpenable)); #if XTENSA_HAVE_COPROCESSORS - DEFINE(THREAD_XTREGS_CP0, offsetof (struct thread_info, xtregs_cp)); - DEFINE(THREAD_XTREGS_CP1, offsetof (struct thread_info, xtregs_cp)); - DEFINE(THREAD_XTREGS_CP2, offsetof (struct thread_info, xtregs_cp)); - DEFINE(THREAD_XTREGS_CP3, offsetof (struct thread_info, xtregs_cp)); - DEFINE(THREAD_XTREGS_CP4, offsetof (struct thread_info, xtregs_cp)); - DEFINE(THREAD_XTREGS_CP5, offsetof (struct thread_info, xtregs_cp)); - DEFINE(THREAD_XTREGS_CP6, offsetof (struct thread_info, xtregs_cp)); - DEFINE(THREAD_XTREGS_CP7, offsetof (struct thread_info, xtregs_cp)); + DEFINE(THREAD_XTREGS_CP0, offsetof(struct thread_info, xtregs_cp.cp0)); + DEFINE(THREAD_XTREGS_CP1, offsetof(struct thread_info, xtregs_cp.cp1)); + DEFINE(THREAD_XTREGS_CP2, offsetof(struct thread_info, xtregs_cp.cp2)); + DEFINE(THREAD_XTREGS_CP3, offsetof(struct thread_info, xtregs_cp.cp3)); + DEFINE(THREAD_XTREGS_CP4, offsetof(struct thread_info, xtregs_cp.cp4)); + DEFINE(THREAD_XTREGS_CP5, offsetof(struct thread_info, xtregs_cp.cp5)); + DEFINE(THREAD_XTREGS_CP6, offsetof(struct thread_info, xtregs_cp.cp6)); + DEFINE(THREAD_XTREGS_CP7, offsetof(struct thread_info, xtregs_cp.cp7)); #endif DEFINE(THREAD_XTREGS_USER, offsetof (struct thread_info, xtregs_user)); DEFINE(XTREGS_USER_SIZE, sizeof(xtregs_user_t)); -- 2.11.0

7 years

1
0
0 0

[RESEND PATCH v2 1/2] drm/dp/mst: Reprobe EDID for MST ports on resume

by Juston Li

From: Lyude <cpaul(a)redhat.com> As observed with the latest ThinkPad docks, we unfortunately can't rely on docks keeping us updated with hotplug events that happened while we were suspended. On top of that, even if the number of connectors remains the same between suspend and resume it's still not safe to assume that there were no hotplugs, since a different monitor might have been plugged into a port another monitor previously occupied. As such, we need to go through all of the MST ports and check whether or not their EDIDs have changed. In addition to that, we also now return -EINVAL from drm_dp_mst_topology_mgr_resume to indicate to callers that they need to reset the MST connection, and that they can't rely on any other method of reprobing. Cc: stable(a)vger.kernel.org Signed-off-by: Lyude <cpaul(a)redhat.com> Signed-off-by: Juston Li <juston.li(a)intel.com> --- drivers/gpu/drm/drm_dp_mst_topology.c | 94 ++++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c index 5ff1d79b86c4..88abebe52021 100644 --- a/drivers/gpu/drm/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/drm_dp_mst_topology.c @@ -29,6 +29,7 @@ #include <linux/i2c.h> #include <drm/drm_dp_mst_helper.h> #include <drm/drmP.h> +#include <drm/drm_edid.h> #include <drm/drm_fixed.h> #include <drm/drm_atomic.h> @@ -2201,6 +2202,64 @@ void drm_dp_mst_topology_mgr_suspend(struct drm_dp_mst_topology_mgr *mgr) } EXPORT_SYMBOL(drm_dp_mst_topology_mgr_suspend); +static bool drm_dp_mst_edids_changed(struct drm_dp_mst_topology_mgr *mgr, + struct drm_dp_mst_port *port) +{ + struct drm_device *dev; + struct drm_connector *connector; + struct drm_dp_mst_port *dport; + struct drm_dp_mst_branch *mstb; + struct edid *current_edid, *cached_edid; + bool ret = false; + + port = drm_dp_get_validated_port_ref(mgr, port); + if (!port) + return false; + + mstb = drm_dp_get_validated_mstb_ref(mgr, port->mstb); + if (mstb) { + list_for_each_entry(dport, &port->mstb->ports, next) { + ret = drm_dp_mst_edids_changed(mgr, dport); + if (ret) + break; + } + + drm_dp_put_mst_branch_device(mstb); + if (ret) + goto out; + } + + connector = port->connector; + if (!connector || !port->aux.ddc.algo) + goto out; + + dev = connector->dev; + mutex_lock(&dev->mode_config.mutex); + + current_edid = drm_get_edid(connector, &port->aux.ddc); + if (connector->edid_blob_ptr) + cached_edid = (void *)connector->edid_blob_ptr->data; + else + return false; + + if ((current_edid && cached_edid && memcmp(current_edid, cached_edid, + sizeof(struct edid)) != 0) || + (!current_edid && cached_edid) || (current_edid && !cached_edid)) { + ret = true; + DRM_DEBUG_KMS("EDID on %s changed, reprobing connectors\n", + connector->name); + } + + mutex_unlock(&dev->mode_config.mutex); + + kfree(current_edid); + +out: + drm_dp_put_port(port); + + return ret; +} + /** * drm_dp_mst_topology_mgr_resume() - resume the MST manager * @mgr: manager to resume @@ -2210,9 +2269,15 @@ EXPORT_SYMBOL(drm_dp_mst_topology_mgr_suspend); * * if the device fails this returns -1, and the driver should do * a full MST reprobe, in case we were undocked. + * + * if the device can no longer be trusted, this returns -EINVAL + * and the driver should unconditionally disconnect and reconnect + * the dock. */ int drm_dp_mst_topology_mgr_resume(struct drm_dp_mst_topology_mgr *mgr) { + struct drm_dp_mst_branch *mstb; + struct drm_dp_mst_port *port; int ret = 0; mutex_lock(&mgr->lock); @@ -2246,8 +2311,35 @@ int drm_dp_mst_topology_mgr_resume(struct drm_dp_mst_topology_mgr *mgr) drm_dp_check_mstb_guid(mgr->mst_primary, guid); ret = 0; - } else + + /* + * Some hubs also forget to notify us of hotplugs that happened + * while we were in suspend, so we need to verify that the edid + * hasn't changed for any of the connectors. If it has been, + * we unfortunately can't rely on the dock updating us with + * hotplug events, so indicate we need a full reconnect. + */ + + /* MST's I2C helpers can't be used while holding this lock */ + mutex_unlock(&mgr->lock); + + mstb = drm_dp_get_validated_mstb_ref(mgr, mgr->mst_primary); + if (mstb) { + list_for_each_entry(port, &mstb->ports, next) { + if (drm_dp_mst_edids_changed(mgr, port)) { + ret = -EINVAL; + break; + } + } + + drm_dp_put_mst_branch_device(mstb); + } + } else { ret = -1; + mutex_unlock(&mgr->lock); + } + + return ret; out_unlock: mutex_unlock(&mgr->lock); -- 2.17.2

7 years

3
6
0 0

[PATCH] xtensa: enable coprocessors that are being flushed

by Max Filippov

coprocessor_flush_all may be called from a context of a thread that is different from the thread being flushed. In that case contents of the cpenable special register may not match ti->cpenable of the target thread, resulting in unhandled coprocessor exception in the kernel context. Set cpenable special register to the ti->cpenable of the target register for the duration of the flush and restore it afterwards. This fixes the following crash caused by coprocessor register inspection in native gdb: (gdb) p/x $w0 Illegal instruction in kernel: sig: 9 [#1] PREEMPT Call Trace: ___might_sleep+0x184/0x1a4 __might_sleep+0x41/0xac exit_signals+0x14/0x218 do_exit+0xc9/0x8b8 die+0x99/0xa0 do_illegal_instruction+0x18/0x6c common_exception+0x77/0x77 coprocessor_flush+0x16/0x3c arch_ptrace+0x46c/0x674 sys_ptrace+0x2ce/0x3b4 system_call+0x54/0x80 common_exception+0x77/0x77 note: gdb[100] exited with preempt_count 1 Killed Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- arch/xtensa/kernel/process.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index 9363629eb7cc..3fa0c440f664 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -94,18 +94,21 @@ void coprocessor_release_all(struct thread_info *ti) void coprocessor_flush_all(struct thread_info *ti) { - unsigned long cpenable; + unsigned long cpenable, old_cpenable; int i; preempt_disable(); + RSR_CPENABLE(old_cpenable); cpenable = ti->cpenable; + WSR_CPENABLE(cpenable); for (i = 0; i < XCHAL_CP_MAX; i++) { if ((cpenable & 1) != 0 && coprocessor_owner[i] == ti) coprocessor_flush(ti, i); cpenable >>= 1; } + WSR_CPENABLE(old_cpenable); preempt_enable(); } -- 2.11.0

7 years

1
0
0 0

request for 4.14-stable: 0d7412ed1f5d ("spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate().")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be in stable. And another commit which fixes it. Please apply to your queue of 4.14-stable. -- Regards Sudip

7 years

2
2
0 0

RE: [PATCH 1/2] Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()

by Dexuan Cui

> From: Sasha Levin <sashal(a)kernel.org> > Sent: Monday, November 26, 2018 1:53 AM > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: all > > The bot has tested the following trees: v4.19.4, v4.14.83, v4.9.140, v4.4.164, > v3.18.126. > > v4.19.4: Build OK! > v4.14.83: Build OK! > v4.9.140: Build OK! > v4.4.164: Failed to apply! Possible dependencies: > v3.18.126: Failed to apply! Possible dependencies: > How should we proceed with this patch? > > Sasha Hi Sasha, Please see the attached patch, which is a rebase for both v4.4.164 and v3.18.126. Thanks, --Dexuan

7 years

1
0
0 0

stable-rc/linux-4.4.y build: 187 builds: 7 failed, 180 passed (v4.4.164-71-g4209bc7270f7)

by kernelci.org bot

stable-rc/linux-4.4.y build: 187 builds: 7 failed, 180 passed (v4.4.164-71-g4209bc7270f7) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.164-71-… Tree: stable-rc Branch: linux-4.4.y Git Describe: v4.4.164-71-g4209bc7270f7 Git Commit: 4209bc7270f7d3a9daba39179d100aed0e025ef0 Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 5 unique architectures Build Failures Detected: arc: gcc version 7.1.1 20170710 (ARCv2 ISA Linux uClibc toolchain 2017.09) allnoconfig: FAIL axs103_defconfig: FAIL axs103_smp_defconfig: FAIL nsim_hs_smp_defconfig: FAIL nsimosci_hs_defconfig: FAIL nsimosci_hs_smp_defconfig: FAIL tinyconfig: FAIL --- For more info write to <info(a)kernelci.org>

7 years

1
0
0 0

[PATCH] drm/dp_mst: Skip validating ports during destruction, just ref

by Lyude Paul

Jerry Zuo pointed out a rather obscure hotplugging issue that it seems I accidentally introduced into DRM two years ago. Pretend we have a topology like this: |- DP-1: mst_primary |- DP-4: active display |- DP-5: disconnected |- DP-6: active hub |- DP-7: active display |- DP-8: disconnected |- DP-9: disconnected If we unplug DP-6, the topology starting at DP-7 will be destroyed but it's payloads will live on in DP-1's VCPI allocations and thus require removal. However, this removal currently fails because drm_dp_update_payload_part1() will (rightly so) try to validate the port before accessing it, fail then abort. If we keep going, eventually we run the MST hub out of bandwidth and all new allocations will start to fail (or in my case; all new displays just start flickering a ton). We could just teach drm_dp_update_payload_part1() not to drop the port ref in this case, but then we also need to teach drm_dp_destroy_payload_step1() to do the same thing, then hope no one ever adds anything to the that requires a validated port reference in drm_dp_destroy_connector_work(). Kind of sketchy. So let's go with a more clever solution: any port that drm_dp_destroy_connector_work() interacts with is guaranteed to still exist in memory until we say so. While said port might not be valid we don't really care: that's the whole reason we're destroying it in the first place! So, teach drm_dp_get_validated_port_ref() to use the all mighty current_work() function to avoid attempting to validate ports from the context of mgr->destroy_connector_work. I can't see any situation where this wouldn't be safe, and this avoids having to play whack-a-mole in the future of trying to work around port validation. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: 263efde31f97 ("drm/dp/mst: Get validated port ref in drm_dp_update_payload_part1()") Reported-by: Jerry Zuo <Jerry.Zuo(a)amd.com> Cc: Jerry Zuo <Jerry.Zuo(a)amd.com> Cc: Harry Wentland <Harry.Wentland(a)amd.com> Cc: <stable(a)vger.kernel.org> # v4.6+ --- drivers/gpu/drm/drm_dp_mst_topology.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c index 529414556962..08978ad72f33 100644 --- a/drivers/gpu/drm/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/drm_dp_mst_topology.c @@ -1023,9 +1023,20 @@ static struct drm_dp_mst_port *drm_dp_mst_get_port_ref_locked(struct drm_dp_mst_ static struct drm_dp_mst_port *drm_dp_get_validated_port_ref(struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_port *port) { struct drm_dp_mst_port *rport = NULL; + mutex_lock(&mgr->lock); - if (mgr->mst_primary) - rport = drm_dp_mst_get_port_ref_locked(mgr->mst_primary, port); + /* + * Port may or may not be 'valid' but we don't care about that when + * destroying the port and we are guaranteed that the port pointer + * will be valid until we've finished + */ + if (current_work() == &mgr->destroy_connector_work) { + kref_get(&port->kref); + rport = port; + } else if (mgr->mst_primary) { + rport = drm_dp_mst_get_port_ref_locked(mgr->mst_primary, + port); + } mutex_unlock(&mgr->lock); return rport; } -- 2.19.1

7 years

3
4
0 0

+ userfaultfd-shmem-add-i_size-checks.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: userfaultfd: shmem: add i_size checks has been added to the -mm tree. Its filename is userfaultfd-shmem-add-i_size-checks.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/userfaultfd-shmem-add-i_size-check… and later at http://ozlabs.org/~akpm/mmotm/broken-out/userfaultfd-shmem-add-i_size-check… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Andrea Arcangeli <aarcange(a)redhat.com> Subject: userfaultfd: shmem: add i_size checks With MAP_SHARED: recheck the i_size after taking the PT lock, to serialize against truncate with the PT lock. Delete the page from the pagecache if the i_size_read check fails. With MAP_PRIVATE: check the i_size after the PT lock before mapping anonymous memory or zeropages into the MAP_PRIVATE shmem mapping. A mostly irrelevant cleanup: like we do the delete_from_page_cache() pagecache removal after dropping the PT lock, the PT lock is a spinlock so drop it before the sleepable page lock. Link: http://lkml.kernel.org/r/20181126173452.26955-5-aarcange@redhat.com Fixes: 4c27fe4c4c84 ("userfaultfd: shmem: add shmem_mcopy_atomic_pte for userfaultfd support") Signed-off-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Mike Rapoport <rppt(a)linux.ibm.com> Reviewed-by: Hugh Dickins <hughd(a)google.com> Reported-by: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Cc: "Dr. David Alan Gilbert" <dgilbert(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/shmem.c~userfaultfd-shmem-add-i_size-checks +++ a/mm/shmem.c @@ -2216,6 +2216,7 @@ static int shmem_mfill_atomic_pte(struct struct page *page; pte_t _dst_pte, *dst_pte; int ret; + pgoff_t offset, max_off; ret = -ENOMEM; if (!shmem_inode_acct_block(inode, 1)) @@ -2253,6 +2254,12 @@ static int shmem_mfill_atomic_pte(struct __SetPageSwapBacked(page); __SetPageUptodate(page); + ret = -EFAULT; + offset = linear_page_index(dst_vma, dst_addr); + max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); + if (unlikely(offset >= max_off)) + goto out_release; + ret = mem_cgroup_try_charge_delay(page, dst_mm, gfp, &memcg, false); if (ret) goto out_release; @@ -2268,8 +2275,14 @@ static int shmem_mfill_atomic_pte(struct if (dst_vma->vm_flags & VM_WRITE) _dst_pte = pte_mkwrite(pte_mkdirty(_dst_pte)); - ret = -EEXIST; dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); + + ret = -EFAULT; + max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); + if (unlikely(offset >= max_off)) + goto out_release_uncharge_unlock; + + ret = -EEXIST; if (!pte_none(*dst_pte)) goto out_release_uncharge_unlock; @@ -2287,13 +2300,14 @@ static int shmem_mfill_atomic_pte(struct /* No need to invalidate - it was non-present before */ update_mmu_cache(dst_vma, dst_addr, dst_pte); - unlock_page(page); pte_unmap_unlock(dst_pte, ptl); + unlock_page(page); ret = 0; out: return ret; out_release_uncharge_unlock: pte_unmap_unlock(dst_pte, ptl); + delete_from_page_cache(page); out_release_uncharge: mem_cgroup_cancel_charge(page, memcg, false); out_release: --- a/mm/userfaultfd.c~userfaultfd-shmem-add-i_size-checks +++ a/mm/userfaultfd.c @@ -33,6 +33,8 @@ static int mcopy_atomic_pte(struct mm_st void *page_kaddr; int ret; struct page *page; + pgoff_t offset, max_off; + struct inode *inode; if (!*pagep) { ret = -ENOMEM; @@ -73,8 +75,17 @@ static int mcopy_atomic_pte(struct mm_st if (dst_vma->vm_flags & VM_WRITE) _dst_pte = pte_mkwrite(pte_mkdirty(_dst_pte)); - ret = -EEXIST; dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); + if (dst_vma->vm_file) { + /* the shmem MAP_PRIVATE case requires checking the i_size */ + inode = dst_vma->vm_file->f_inode; + offset = linear_page_index(dst_vma, dst_addr); + max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); + ret = -EFAULT; + if (unlikely(offset >= max_off)) + goto out_release_uncharge_unlock; + } + ret = -EEXIST; if (!pte_none(*dst_pte)) goto out_release_uncharge_unlock; @@ -108,11 +119,22 @@ static int mfill_zeropage_pte(struct mm_ pte_t _dst_pte, *dst_pte; spinlock_t *ptl; int ret; + pgoff_t offset, max_off; + struct inode *inode; _dst_pte = pte_mkspecial(pfn_pte(my_zero_pfn(dst_addr), dst_vma->vm_page_prot)); - ret = -EEXIST; dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); + if (dst_vma->vm_file) { + /* the shmem MAP_PRIVATE case requires checking the i_size */ + inode = dst_vma->vm_file->f_inode; + offset = linear_page_index(dst_vma, dst_addr); + max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); + ret = -EFAULT; + if (unlikely(offset >= max_off)) + goto out_unlock; + } + ret = -EEXIST; if (!pte_none(*dst_pte)) goto out_unlock; set_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); _ Patches currently in -mm which might be from aarcange(a)redhat.com are userfaultfd-use-enoent-instead-of-efault-if-the-atomic-copy-user-fails.patch userfaultfd-shmem-allocate-anonymous-memory-for-map_private-shmem.patch userfaultfd-shmem-hugetlbfs-only-allow-to-register-vm_maywrite-vmas.patch userfaultfd-shmem-add-i_size-checks.patch userfaultfd-shmem-uffdio_copy-set-the-page-dirty-if-vm_write-is-not-set.patch

7 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror