From nobody Wed Oct 8 02:01:46 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36432293B72 for ; Thu, 3 Jul 2025 07:33:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751527990; cv=none; b=K9s5Ugyd6zOOz1IcU7iF5u9INNRmtxVgMBuDCqJcD0DWwP+IigvREYTRg/24pyofUcRo4FMNAzLcIOfwEFUDpk7PLKSKyH3Lh6vkAfLOIcv7PffhF5iJkTncjqq0aUjtBD01OYU+ZfNpJyLPJ9Z1LBbNtkLI2ySyZr+eDWzC4aQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751527990; c=relaxed/simple; bh=3T6HDgjSBXS27LZ9Nros9py6WuNQwZDDcMj8DmT/yLI=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=GAABxlFNs87SfxVFvtTaKcd+4s51pKxkdk/qHg088cn9mNi5QDUklXKg8af9zbbfAc3TlijRKoPjQYdbVwkwzVJ8vKGxWX0//BYYkt0oNWe+7Fl2TbLD4S2qBHtuaOMFZ3XbQj+gCaleIhS8huBahrgBMvU+USO39U4N/rP9Ca8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=SxWUoMRH; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=SxWUoMRH; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="SxWUoMRH"; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="SxWUoMRH" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 4E5E81F38D; Thu, 3 Jul 2025 07:33:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1751527983; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=nQ5Xr44RBV0VlPZ1V2xjCjMmAszqvqbJEpoheadG4is=; b=SxWUoMRHwRhGP0k66CH960pcV/Yw4vbJaBd5NNzKITipkzjVTiA2grK4v7pEBYcRfbTrPa w4Z8Kq3+4Hi+U87UJW9AKfKILjJMELIXN4KDEww15MEGU+o1ZRxZ2Z0FZfQsqDqZ9e9SDp a8f3VgQp0noJbgw787SKdeQYz49+HOY= Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.com header.s=susede1 header.b=SxWUoMRH DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1751527983; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=nQ5Xr44RBV0VlPZ1V2xjCjMmAszqvqbJEpoheadG4is=; b=SxWUoMRHwRhGP0k66CH960pcV/Yw4vbJaBd5NNzKITipkzjVTiA2grK4v7pEBYcRfbTrPa w4Z8Kq3+4Hi+U87UJW9AKfKILjJMELIXN4KDEww15MEGU+o1ZRxZ2Z0FZfQsqDqZ9e9SDp a8f3VgQp0noJbgw787SKdeQYz49+HOY= Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id E1D6913721; Thu, 3 Jul 2025 07:33:02 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 0mSZNS4yZmhPXAAAD6G6ig (envelope-from ); Thu, 03 Jul 2025 07:33:02 +0000 From: Juergen Gross To: linux-kernel@vger.kernel.org, llvm@lists.linux.dev Cc: Juergen Gross , Stefano Stabellini , Oleksandr Tyshchenko , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , xen-devel@lists.xenproject.org, Abinash Singh Subject: [PATCH] xen/gntdev: remove struct gntdev_copy_batch from stack Date: Thu, 3 Jul 2025 09:32:59 +0200 Message-ID: <20250703073259.17356-1-jgross@suse.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Queue-Id: 4E5E81F38D X-Rspamd-Action: no action X-Spam-Flag: NO X-Spamd-Result: default: False [-1.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; SUSPICIOUS_RECIPS(1.50)[]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.com:s=susede1]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; DKIM_SIGNED(0.00)[suse.com:s=susede1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from]; FREEMAIL_CC(0.00)[suse.com,kernel.org,epam.com,gmail.com,google.com,lists.xenproject.org]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; DNSWL_BLOCKED(0.00)[2a07:de40:b281:106:10:150:64:167:received,2a07:de40:b281:104:10:150:64:97:from]; TAGGED_RCPT(0.00)[lkml]; RCPT_COUNT_SEVEN(0.00)[11]; DKIM_TRACE(0.00)[suse.com:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_ENVRCPT(0.00)[gmail.com] X-Spam-Score: -1.51 X-Spam-Level: Content-Type: text/plain; charset="utf-8" When compiling the kernel with LLVM, the following warning was issued: drivers/xen/gntdev.c:991: warning: stack frame size (1160) exceeds limit (1024) in function 'gntdev_ioctl' The main reason is struct gntdev_copy_batch which is located on the stack and has a size of nearly 1kb. For performance reasons it shouldn't by just dynamically allocated instead, so allocate a new instance when needed and instead of freeing it put it into a list of free structs anchored in struct gntdev_priv. Fixes: a4cdb556cae0 ("xen/gntdev: add ioctl for grant copy") Reported-by: Abinash Singh Signed-off-by: Juergen Gross Reviewed-by: Stefano Stabellini --- drivers/xen/gntdev-common.h | 4 +++ drivers/xen/gntdev.c | 71 ++++++++++++++++++++++++++----------- 2 files changed, 54 insertions(+), 21 deletions(-) diff --git a/drivers/xen/gntdev-common.h b/drivers/xen/gntdev-common.h index 9c286b2a1900..ac8ce3179ba2 100644 --- a/drivers/xen/gntdev-common.h +++ b/drivers/xen/gntdev-common.h @@ -26,6 +26,10 @@ struct gntdev_priv { /* lock protects maps and freeable_maps. */ struct mutex lock; =20 + /* Free instances of struct gntdev_copy_batch. */ + struct gntdev_copy_batch *batch; + struct mutex batch_lock; + #ifdef CONFIG_XEN_GRANT_DMA_ALLOC /* Device for which DMA memory is allocated. */ struct device *dma_dev; diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 61faea1f0663..1f2160765618 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -56,6 +56,18 @@ MODULE_AUTHOR("Derek G. Murray , " "Gerd Hoffmann "); MODULE_DESCRIPTION("User-space granted page access driver"); =20 +#define GNTDEV_COPY_BATCH 16 + +struct gntdev_copy_batch { + struct gnttab_copy ops[GNTDEV_COPY_BATCH]; + struct page *pages[GNTDEV_COPY_BATCH]; + s16 __user *status[GNTDEV_COPY_BATCH]; + unsigned int nr_ops; + unsigned int nr_pages; + bool writeable; + struct gntdev_copy_batch *next; +}; + static unsigned int limit =3D 64*1024; module_param(limit, uint, 0644); MODULE_PARM_DESC(limit, @@ -584,6 +596,8 @@ static int gntdev_open(struct inode *inode, struct file= *flip) INIT_LIST_HEAD(&priv->maps); mutex_init(&priv->lock); =20 + mutex_init(&priv->batch_lock); + #ifdef CONFIG_XEN_GNTDEV_DMABUF priv->dmabuf_priv =3D gntdev_dmabuf_init(flip); if (IS_ERR(priv->dmabuf_priv)) { @@ -608,6 +622,7 @@ static int gntdev_release(struct inode *inode, struct f= ile *flip) { struct gntdev_priv *priv =3D flip->private_data; struct gntdev_grant_map *map; + struct gntdev_copy_batch *batch; =20 pr_debug("priv %p\n", priv); =20 @@ -620,6 +635,14 @@ static int gntdev_release(struct inode *inode, struct = file *flip) } mutex_unlock(&priv->lock); =20 + mutex_lock(&priv->batch_lock); + while (priv->batch) { + batch =3D priv->batch; + priv->batch =3D batch->next; + kfree(batch); + } + mutex_unlock(&priv->batch_lock); + #ifdef CONFIG_XEN_GNTDEV_DMABUF gntdev_dmabuf_fini(priv->dmabuf_priv); #endif @@ -785,17 +808,6 @@ static long gntdev_ioctl_notify(struct gntdev_priv *pr= iv, void __user *u) return rc; } =20 -#define GNTDEV_COPY_BATCH 16 - -struct gntdev_copy_batch { - struct gnttab_copy ops[GNTDEV_COPY_BATCH]; - struct page *pages[GNTDEV_COPY_BATCH]; - s16 __user *status[GNTDEV_COPY_BATCH]; - unsigned int nr_ops; - unsigned int nr_pages; - bool writeable; -}; - static int gntdev_get_page(struct gntdev_copy_batch *batch, void __user *v= irt, unsigned long *gfn) { @@ -953,36 +965,53 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_b= atch *batch, static long gntdev_ioctl_grant_copy(struct gntdev_priv *priv, void __user = *u) { struct ioctl_gntdev_grant_copy copy; - struct gntdev_copy_batch batch; + struct gntdev_copy_batch *batch; unsigned int i; int ret =3D 0; =20 if (copy_from_user(©, u, sizeof(copy))) return -EFAULT; =20 - batch.nr_ops =3D 0; - batch.nr_pages =3D 0; + mutex_lock(&priv->batch_lock); + if (!priv->batch) { + batch =3D kmalloc(sizeof(*batch), GFP_KERNEL); + } else { + batch =3D priv->batch; + priv->batch =3D batch->next; + } + mutex_unlock(&priv->batch_lock); + if (!batch) + return -ENOMEM; + + batch->nr_ops =3D 0; + batch->nr_pages =3D 0; =20 for (i =3D 0; i < copy.count; i++) { struct gntdev_grant_copy_segment seg; =20 if (copy_from_user(&seg, ©.segments[i], sizeof(seg))) { ret =3D -EFAULT; + gntdev_put_pages(batch); goto out; } =20 - ret =3D gntdev_grant_copy_seg(&batch, &seg, ©.segments[i].status); - if (ret < 0) + ret =3D gntdev_grant_copy_seg(batch, &seg, ©.segments[i].status); + if (ret < 0) { + gntdev_put_pages(batch); goto out; + } =20 cond_resched(); } - if (batch.nr_ops) - ret =3D gntdev_copy(&batch); - return ret; + if (batch->nr_ops) + ret =3D gntdev_copy(batch); + + out: + mutex_lock(&priv->batch_lock); + batch->next =3D priv->batch; + priv->batch =3D batch; + mutex_unlock(&priv->batch_lock); =20 - out: - gntdev_put_pages(&batch); return ret; } =20 --=20 2.43.0