From 38aa11d92f209e7529736f3e11e08dfc804bdfae Mon Sep 17 00:00:00 2001 From: Huan Yang <l...@vivo.com> Date: Tue, 15 Apr 2025 10:04:18 +0800 Subject: [PATCH 1/2] Revert "udmabuf: fix vmap_udmabuf error page set"
This reverts commit 18d7de823b7150344d242c3677e65d68c5271b04. This given a misuse of vmap_pfn, vmap_pfn give a !pfn_valid check to avoid user miss use it. This API design to only for none-page struct based user invoke, i.e. PCIe BARs and other. So any page based will inject by !pfn_valid check. udmabuf used shmem or hugetlb as folio src, hence, page/folio based, can't use it. Signed-off-by: Huan Yang <l...@vivo.com> Reported-by: Bingbu Cao <bingbu....@linux.intel.com> Closes: https://lore.kernel.org/dri-devel/eb7e0137-3508-4287-98c4-816c5fd98...@vivo.com/T/#mbda4f64a3532b32e061f4e8763bc8e307bea3ca8 Acked-by: Vivek Kasireddy <vivek.kasire...@intel.com> --- drivers/dma-buf/Kconfig | 1 - drivers/dma-buf/udmabuf.c | 22 +++++++--------------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig index fee04fdb0822..b46eb8a552d7 100644 --- a/drivers/dma-buf/Kconfig +++ b/drivers/dma-buf/Kconfig @@ -36,7 +36,6 @@ config UDMABUF depends on DMA_SHARED_BUFFER depends on MEMFD_CREATE || COMPILE_TEST depends on MMU - select VMAP_PFN help A driver to let userspace turn memfd regions into dma-bufs. Qemu can use this to create host dmabufs for guest framebuffers. diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c index 7eee3eb47a8e..79845565089d 100644 --- a/drivers/dma-buf/udmabuf.c +++ b/drivers/dma-buf/udmabuf.c @@ -109,29 +109,21 @@ static int mmap_udmabuf(struct dma_buf *buf, struct vm_area_struct *vma) static int vmap_udmabuf(struct dma_buf *buf, struct iosys_map *map) { struct udmabuf *ubuf = buf->priv; - unsigned long *pfns; + struct page **pages; void *vaddr; pgoff_t pg; dma_resv_assert_held(buf->resv); - /** - * HVO may free tail pages, so just use pfn to map each folio - * into vmalloc area. - */ - pfns = kvmalloc_array(ubuf->pagecount, sizeof(*pfns), GFP_KERNEL); - if (!pfns) + pages = kvmalloc_array(ubuf->pagecount, sizeof(*pages), GFP_KERNEL); + if (!pages) return -ENOMEM; - for (pg = 0; pg < ubuf->pagecount; pg++) { - unsigned long pfn = folio_pfn(ubuf->folios[pg]); - - pfn += ubuf->offsets[pg] >> PAGE_SHIFT; - pfns[pg] = pfn; - } + for (pg = 0; pg < ubuf->pagecount; pg++) + pages[pg] = &ubuf->folios[pg]->page; - vaddr = vmap_pfn(pfns, ubuf->pagecount, PAGE_KERNEL); - kvfree(pfns); + vaddr = vm_map_ram(pages, ubuf->pagecount, -1); + kvfree(pages); if (!vaddr) return -EINVAL; -- 2.48.1
