Quoting Joonas Lahtinen (2019-01-07 08:56:55)
Make sure the underlying VMA in the process address space is the same as it was during vm_mmap to avoid applying WC to wrong VMA.
A more long-term solution would be to have vm_mmap_locked variant in linux/mmap.h for when caller wants to hold mmap_sem for an extended duration.
Fixes: 1816f9236303 ("drm/i915: Support creation of unbound wc user mappings for objects") Reported-by: Adam Zabrocki adamza@microsoft.com Suggested-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Joonas Lahtinen joonas.lahtinen@linux.intel.com Cc: stable@vger.kernel.org # v4.0+ Cc: Akash Goel akash.goel@intel.com Cc: Chris Wilson chris@chris-wilson.co.uk Cc: Tvrtko Ursulin tvrtko.ursulin@linux.intel.com Cc: Adam Zabrocki adamza@microsoft.com
drivers/gpu/drm/i915/i915_gem.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index 062c8395557c..f1d594a53978 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -1680,6 +1680,15 @@ i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data, return 0; } +static inline bool +match_gem_vma(struct vm_area_struct *vma, struct file *filp,
unsigned long addr, unsigned long size)
With the exception of there isn't anything gem specific here,
+{
return vma && vma->vm_file == filp &&vma->vm_start == addr &&(vma->vm_end - vma->vm_start) == size;
and we can break this up into separate ifs with a forgiving compiler,
Reviewed-by: Chris Wilson chris@chris-wilson.co.uk
I still couldn't see an easy way of passing pgprot bits into do_mmap to avoid the race entirely. -Chris