Re: [PATCH] misc: genwqe: check for error from get_user_pages_fast()

From: Ian Abbott
Date: Tue Dec 02 2014 - 08:29:45 EST


On 02/12/14 12:59, Frank Haverkamp wrote:
Hi Ian,

thanks for reviewing our code and sorry for not answering immediately.

Am Donnerstag, den 06.11.2014, 16:23 +0000 schrieb Ian Abbott:
`genwqe_user_vmap()` calls `get_user_pages_fast()` and if the return
value is less than the number of pages requested, it frees the pages and
returns an error (`-EFAULT`). However, it fails to consider a negative
error return value from `get_user_pages_fast()`. In that case, the test
`if (rc < m->nr_pages)` will be false (due to promotion of `rc` to a
large `unsigned int`) and the code will continue on to call
`genwqe_map_pages()` with an invalid list of page pointers. Fix it by
bailing out if `get_user_pages_fast()` returns a negative error value.

True. Did you find this by manual inspection of the code or did you use
tools to figure it out?

I just spotted it while grepping for examples of drivers that used get_user_pages() or get_user_pages_fast() as I want to use it in a driver for some custom hardware.

--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti@xxxxxxxxx> )=-
-=( Web: http://www.mev.co.uk/ )=-
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/