1. Patchew
  2. linux
  3. View series

[PATCH v2] mm/gup.c: Fix return value for __gup_longterm_locked()

Shigeru Yoshida posted 1 patch 3 years, 7 months ago 
mm/gup.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
[PATCH v2] mm/gup.c: Fix return value for __gup_longterm_locked()
Posted by Shigeru Yoshida 3 years, 7 months ago 
__get_user_pages_locked() may return the number of pages less than
nr_pages.  So __gup_longterm_locked() have to return the number of
pages __get_user_pages_locked() returns if it succeeded, not nr_pages
requested.

Fixes: 61c63c2076d9 (mm/gup.c: simplify and fix check_and_migrate_movable_pages() return codes)
CC: Alistair Popple <apopple@nvidia.com>
Reported-by: syzbot+616ff0452fec30f4dcfd@syzkaller.appspotmail.com
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
---
 mm/gup.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/mm/gup.c b/mm/gup.c
index 5aa7531a703b..66582203220a 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -2068,22 +2068,24 @@ static long __gup_longterm_locked(struct mm_struct *mm,
 				  unsigned int gup_flags)
 {
 	unsigned int flags;
-	long rc;
+	long rc, nr_pinned_pages;
 
 	if (!(gup_flags & FOLL_LONGTERM))
 		return __get_user_pages_locked(mm, start, nr_pages, pages, vmas,
 					       NULL, gup_flags);
 	flags = memalloc_pin_save();
 	do {
-		rc = __get_user_pages_locked(mm, start, nr_pages, pages, vmas,
-					     NULL, gup_flags);
-		if (rc <= 0)
+		nr_pinned_pages =
+			__get_user_pages_locked(mm, start, nr_pages, pages,
+						vmas, NULL, gup_flags);
+		if (nr_pinned_pages <= 0)
 			break;
-		rc = check_and_migrate_movable_pages(rc, pages, gup_flags);
+		rc = check_and_migrate_movable_pages(nr_pinned_pages, pages,
+						     gup_flags);
 	} while (rc == -EAGAIN);
 	memalloc_pin_restore(flags);
 
-	return rc ? rc : nr_pages;
+	return rc ? rc : nr_pinned_pages;
 }
 
 static bool is_valid_gup_flags(unsigned int gup_flags)
-- 
2.37.2
Re: [PATCH v2] mm/gup.c: Fix return value for __gup_longterm_locked()
Posted by Alistair Popple 3 years, 7 months ago 
Shigeru Yoshida <syoshida@redhat.com> writes:

> __get_user_pages_locked() may return the number of pages less than
> nr_pages.  So __gup_longterm_locked() have to return the number of
> pages __get_user_pages_locked() returns if it succeeded, not nr_pages
> requested.

Thanks for fixing this, I've been out the last few days so just catching
up. I think I missed that 'rc' was passed as nr_pages into
check_and_migrate_movable_pages(). Will double check that I don't make
the same mistake in my latest series.

> Fixes: 61c63c2076d9 (mm/gup.c: simplify and fix check_and_migrate_movable_pages() return codes)

I couldn't find that SHA1, I'm guessing due to rebasing, etc. of
mm-unstable? Not sure how that is dealt with, but feel free to also add:

Reviewed-by: Alistair Popple <apopple@nvidia.com>

> CC: Alistair Popple <apopple@nvidia.com>
> Reported-by: syzbot+616ff0452fec30f4dcfd@syzkaller.appspotmail.com
> Reviewed-by: John Hubbard <jhubbard@nvidia.com>
> Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
> ---
>  mm/gup.c | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/mm/gup.c b/mm/gup.c
> index 5aa7531a703b..66582203220a 100644
> --- a/mm/gup.c
> +++ b/mm/gup.c
> @@ -2068,22 +2068,24 @@ static long __gup_longterm_locked(struct mm_struct *mm,
>  				  unsigned int gup_flags)
>  {
>  	unsigned int flags;
> -	long rc;
> +	long rc, nr_pinned_pages;
>
>  	if (!(gup_flags & FOLL_LONGTERM))
>  		return __get_user_pages_locked(mm, start, nr_pages, pages, vmas,
>  					       NULL, gup_flags);
>  	flags = memalloc_pin_save();
>  	do {
> -		rc = __get_user_pages_locked(mm, start, nr_pages, pages, vmas,
> -					     NULL, gup_flags);
> -		if (rc <= 0)
> +		nr_pinned_pages =
> +			__get_user_pages_locked(mm, start, nr_pages, pages,
> +						vmas, NULL, gup_flags);
> +		if (nr_pinned_pages <= 0)
>  			break;
> -		rc = check_and_migrate_movable_pages(rc, pages, gup_flags);
> +		rc = check_and_migrate_movable_pages(nr_pinned_pages, pages,
> +						     gup_flags);
>  	} while (rc == -EAGAIN);
>  	memalloc_pin_restore(flags);
>
> -	return rc ? rc : nr_pages;
> +	return rc ? rc : nr_pinned_pages;
>  }
>
>  static bool is_valid_gup_flags(unsigned int gup_flags)
Re: [PATCH v2] mm/gup.c: Fix return value for __gup_longterm_locked()
Posted by Shigeru Yoshida 3 years, 7 months ago 
On Tue, 23 Aug 2022 11:15:29 +1000, Alistair Popple wrote:
> 
> Shigeru Yoshida <syoshida@redhat.com> writes:
> 
>> __get_user_pages_locked() may return the number of pages less than
>> nr_pages.  So __gup_longterm_locked() have to return the number of
>> pages __get_user_pages_locked() returns if it succeeded, not nr_pages
>> requested.
> 
> Thanks for fixing this, I've been out the last few days so just catching
> up. I think I missed that 'rc' was passed as nr_pages into
> check_and_migrate_movable_pages(). Will double check that I don't make
> the same mistake in my latest series.

Thank you so much for your review.  Andrew has already applied the patch.

>> Fixes: 61c63c2076d9 (mm/gup.c: simplify and fix check_and_migrate_movable_pages() return codes)
> 
> I couldn't find that SHA1, I'm guessing due to rebasing, etc. of
> mm-unstable? Not sure how that is dealt with, but feel free to also add:

Yes, actually this hash is from from linux-next tree.

Thanks,
Shigeru

> Reviewed-by: Alistair Popple <apopple@nvidia.com>
> 
>> CC: Alistair Popple <apopple@nvidia.com>
>> Reported-by: syzbot+616ff0452fec30f4dcfd@syzkaller.appspotmail.com
>> Reviewed-by: John Hubbard <jhubbard@nvidia.com>
>> Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
>> ---
>>  mm/gup.c | 14 ++++++++------
>>  1 file changed, 8 insertions(+), 6 deletions(-)
>>
>> diff --git a/mm/gup.c b/mm/gup.c
>> index 5aa7531a703b..66582203220a 100644
>> --- a/mm/gup.c
>> +++ b/mm/gup.c
>> @@ -2068,22 +2068,24 @@ static long __gup_longterm_locked(struct mm_struct *mm,
>>  				  unsigned int gup_flags)
>>  {
>>  	unsigned int flags;
>> -	long rc;
>> +	long rc, nr_pinned_pages;
>>
>>  	if (!(gup_flags & FOLL_LONGTERM))
>>  		return __get_user_pages_locked(mm, start, nr_pages, pages, vmas,
>>  					       NULL, gup_flags);
>>  	flags = memalloc_pin_save();
>>  	do {
>> -		rc = __get_user_pages_locked(mm, start, nr_pages, pages, vmas,
>> -					     NULL, gup_flags);
>> -		if (rc <= 0)
>> +		nr_pinned_pages =
>> +			__get_user_pages_locked(mm, start, nr_pages, pages,
>> +						vmas, NULL, gup_flags);
>> +		if (nr_pinned_pages <= 0)
>>  			break;
>> -		rc = check_and_migrate_movable_pages(rc, pages, gup_flags);
>> +		rc = check_and_migrate_movable_pages(nr_pinned_pages, pages,
>> +						     gup_flags);
>>  	} while (rc == -EAGAIN);
>>  	memalloc_pin_restore(flags);
>>
>> -	return rc ? rc : nr_pages;
>> +	return rc ? rc : nr_pinned_pages;
>>  }
>>
>>  static bool is_valid_gup_flags(unsigned int gup_flags)
>
Re: [PATCH v2] mm/gup.c: Fix return value for __gup_longterm_locked()
Posted by Andrew Morton 3 years, 7 months ago 
On Tue, 23 Aug 2022 11:15:29 +1000 Alistair Popple <apopple@nvidia.com> wrote:

> > Fixes: 61c63c2076d9 (mm/gup.c: simplify and fix check_and_migrate_movable_pages() return codes)
> 
> I couldn't find that SHA1, I'm guessing due to rebasing, etc. of
> mm-unstable? 

Yup.  That's why we include the patch title as well as its hash.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.