From: Nick Piggin <nickpiggin@yahoo.com.au>
To: Daniel Drake <ddrake@brontes3d.com>
Cc: Johannes Weiner <hannes@saeurebad.de>, linux-mm@kvack.org
Subject: Re: faulting kmalloced buffers into userspace through mmap()
Date: Wed, 4 Jun 2008 21:00:39 +1000 [thread overview]
Message-ID: <200806042100.39345.nickpiggin@yahoo.com.au> (raw)
In-Reply-To: <484662E3.40902@brontes3d.com>
On Wednesday 04 June 2008 19:39, Daniel Drake wrote:
> Hi Johannes,
>
> Johannes Weiner wrote:
> > You broke the abstraction here. There are no pages from kmalloc(), it
> > gives you other memory objects. And on munmapping the region, the
> > kmalloc objects are passed back to the buddy allocator which then blows
> > the whistle with bad_page() on it.
>
> Thanks for the explanation, I attempted to document this here:
> http://linux-mm.org/DeviceDriverMmap
> Comments/edits are welcome!
You can map it with a pfn mapping / vm_insert_pfn / remap_pfn_range etc.
which does not touch the underlying struct pages. You must then ensure
you deallocate the memory yourself after it is finished with.
> One more quick question: if pages that were mapped are "passed back to
> the buddy allocator" during munmap() does that mean that the pages get
> freed too?
They get their refcount decremented if they were inserted with
vm_insert_page or ->fault page fault handler.
> i.e. if I allocate some pages with alloc_pages(), remap them into
> userspace in my VM .fault handler, and then userspace munmaps them, is
> it still legal for my driver to use those pages internally after the
> munmap? Do I still need to call __free_pages() on them when done?
Provided you increment the refcount on the pages in your fault
handler, munmap will not free them, and it is still legal for
your driver to touch them (and must free them itself).
> Also, it is possible to get the physical address of a kmalloc region
> with virt_to_phys(). Is it also illegal to pass this physical address to
> remap_pfn_range() to implement mmap in that fashion? Can't find any
> in-kernel code that does this, but google brings up a few hits such as
> http://www.opentech.at/papers/embedded_resources/node21.html
I think (__pa(address) >> PAGE_SIZE) should get you the pfn.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2008-06-04 11:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-01 14:40 Daniel Drake
2008-06-02 5:38 ` Johannes Weiner
2008-06-04 9:39 ` Daniel Drake
2008-06-04 11:00 ` Nick Piggin [this message]
2008-06-06 21:29 ` Daniel Drake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200806042100.39345.nickpiggin@yahoo.com.au \
--to=nickpiggin@yahoo.com.au \
--cc=ddrake@brontes3d.com \
--cc=hannes@saeurebad.de \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox