Re: [PATCH v3] drm/vmwgfx: Fix race issue calling pin_user_pages

Mon, 28 Nov 2022 06:56:26 -0800 

On Wed, Nov 09, 2022 at 11:37:34PM +0800, Dawei Li wrote:
> pin_user_pages() is unsafe without protection of mmap_lock,
> fix it by calling pin_user_pages_fast().
> 
> Fixes: 7a7a933edd6c ("drm/vmwgfx: Introduce VMware mks-guest-stats")
> Signed-off-by: Dawei Li <set_pte...@outlook.com>
> ---
> v1:
> https://lore.kernel.org/all/tycp286mb23235c9a9fcf85c045f95ea7ca...@tycp286mb2323.jpnp286.prod.outlook.com/
> 
> v1->v2:
> Rebased to latest vmwgfx/drm-misc-fixes.
> 
> v2->v3
> Replace pin_user_pages() with pin_user_pages_fast().

Gentle ping

> ---
>  drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c 
> b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
> index 089046fa21be..50fa3df0bc0c 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
> @@ -1085,21 +1085,21 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, 
> void *data,
>       reset_ppn_array(pdesc->strsPPNs, ARRAY_SIZE(pdesc->strsPPNs));
>  
>       /* Pin mksGuestStat user pages and store those in the instance 
> descriptor */
> -     nr_pinned_stat = pin_user_pages(arg->stat, num_pages_stat, 
> FOLL_LONGTERM, pages_stat, NULL);
> +     nr_pinned_stat = pin_user_pages_fast(arg->stat, num_pages_stat, 
> FOLL_LONGTERM, pages_stat);
>       if (num_pages_stat != nr_pinned_stat)
>               goto err_pin_stat;
>  
>       for (i = 0; i < num_pages_stat; ++i)
>               pdesc->statPPNs[i] = page_to_pfn(pages_stat[i]);
>  
> -     nr_pinned_info = pin_user_pages(arg->info, num_pages_info, 
> FOLL_LONGTERM, pages_info, NULL);
> +     nr_pinned_info = pin_user_pages_fast(arg->info, num_pages_info, 
> FOLL_LONGTERM, pages_info);
>       if (num_pages_info != nr_pinned_info)
>               goto err_pin_info;
>  
>       for (i = 0; i < num_pages_info; ++i)
>               pdesc->infoPPNs[i] = page_to_pfn(pages_info[i]);
>  
> -     nr_pinned_strs = pin_user_pages(arg->strs, num_pages_strs, 
> FOLL_LONGTERM, pages_strs, NULL);
> +     nr_pinned_strs = pin_user_pages_fast(arg->strs, num_pages_strs, 
> FOLL_LONGTERM, pages_strs);
>       if (num_pages_strs != nr_pinned_strs)
>               goto err_pin_strs;
>  
> -- 
> 2.25.1
>

Reply via email to