From: Alan Stern <stern@rowland.harvard.edu>
To: Ruihan Li <lrh2000@pku.edu.cn>
Cc: linux-mm@kvack.org, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org,
Pasha Tatashin <pasha.tatashin@soleen.com>,
David Hildenbrand <david@redhat.com>,
Matthew Wilcox <willy@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
Christoph Hellwig <hch@infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.comm,
stable@vger.kernel.org
Subject: Re: [PATCH 1/4] usb: usbfs: Enforce page requirements for mmap
Date: Wed, 10 May 2023 10:37:45 -0400 [thread overview]
Message-ID: <65ae7b7f-9dea-429f-aca6-2ce4a75b6531@rowland.harvard.edu> (raw)
In-Reply-To: <20230510085527.57953-2-lrh2000@pku.edu.cn>
On Wed, May 10, 2023 at 04:55:24PM +0800, Ruihan Li wrote:
> The current implementation of usbdev_mmap uses usb_alloc_coherent to
> allocate memory pages that will later be mapped into the user space.
> Meanwhile, usb_alloc_coherent employs three different methods to
> allocate memory, as outlined below:
> * If hcd->localmem_pool is non-null, it uses gen_pool_dma_alloc to
> allocate memory.
> * If DMA is not available, it uses kmalloc to allocate memory.
> * Otherwise, it uses dma_alloc_coherent.
>
> However, it should be noted that gen_pool_dma_alloc does not guarantee
> that the resulting memory will be page-aligned. Furthermore, trying to
> map slab pages (i.e., memory allocated by kmalloc) into the user space
> is not resonable and can lead to problems, such as a type confusion bug
> when PAGE_TABLE_CHECK=y [1].
>
> To address these issues, this patch introduces hcd_alloc_coherent_pages,
> which addresses the above two problems. Specifically,
> hcd_alloc_coherent_pages uses gen_pool_dma_alloc_align instead of
> gen_pool_dma_alloc to ensure that the memory is page-aligned. To replace
> kmalloc, hcd_alloc_coherent_pages directly allocates pages by calling
> __get_free_pages.
>
> Reported-by: syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.comm
> Closes: https://lore.kernel.org/lkml/000000000000258e5e05fae79fc1@google.com/ [1]
> Cc: stable@vger.kernel.org
> Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
> ---
I'm never quite sure about when it makes sense to complain about
stylistic issues. Nevertheless, I'm going to do so here...
> drivers/usb/core/buffer.c | 41 +++++++++++++++++++++++++++++++++++++++
> drivers/usb/core/devio.c | 9 +++++----
> include/linux/usb/hcd.h | 5 +++++
> 3 files changed, 51 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/core/buffer.c b/drivers/usb/core/buffer.c
> index fbb087b72..6010ef9f5 100644
> --- a/drivers/usb/core/buffer.c
> +++ b/drivers/usb/core/buffer.c
> @@ -172,3 +172,44 @@ void hcd_buffer_free(
> }
> dma_free_coherent(hcd->self.sysdev, size, addr, dma);
> }
> +
> +void *hcd_buffer_alloc_pages(struct usb_hcd *hcd, size_t size,
> + gfp_t mem_flags, dma_addr_t *dma)
> +{
> + if (size == 0)
> + return NULL;
> +
> + if (hcd->localmem_pool)
> + return gen_pool_dma_alloc_align(hcd->localmem_pool,
> + size, dma, PAGE_SIZE);
C isn't Lisp. Expressions in C are not based entirely around
parentheses, and it's not necessary to align our code based on the
parenthesized sub-expressions to avoid hopelessly confusing the reader.
The style used in this file (and many other places in the USB core) is
to indent continuation lines by two tab stops. The same comment applies
to all the other continuation lines you added or changed in this patch
and in patch 2/4.
Alan Stern
next prev parent reply other threads:[~2023-05-10 14:37 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-10 8:55 [PATCH 0/4] Fix type confusion in page_table_check Ruihan Li
2023-05-10 8:55 ` [PATCH 1/4] usb: usbfs: Enforce page requirements for mmap Ruihan Li
2023-05-10 14:37 ` Alan Stern [this message]
2023-05-10 15:38 ` Ruihan Li
2023-05-10 8:55 ` [PATCH 2/4] usb: usbfs: Use consistent mmap functions Ruihan Li
2023-05-10 14:38 ` Alan Stern
2023-05-10 15:41 ` Ruihan Li
2023-05-10 16:34 ` David Hildenbrand
2023-05-10 8:55 ` [PATCH 3/4] mm: page_table_check: Make it dependent on !DEVMEM Ruihan Li
2023-05-10 16:40 ` David Hildenbrand
2023-05-11 16:07 ` Ruihan Li
2023-05-10 8:55 ` [PATCH 4/4] mm: page_table_check: Ensure user pages are not slab pages Ruihan Li
2023-05-10 22:51 ` [PATCH 0/4] Fix type confusion in page_table_check Greg Kroah-Hartman
2023-05-11 13:44 ` Ruihan Li
2023-05-11 15:32 ` Christoph Hellwig
[not found] ` <zwixiok55avpjvfiknp7tzm7e4aragjj43a46abna4qqegdvdx@suat6sk34lgb>
2023-05-13 9:37 ` Greg Kroah-Hartman
2023-05-14 15:08 ` Ruihan Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65ae7b7f-9dea-429f-aca6-2ce4a75b6531@rowland.harvard.edu \
--to=stern@rowland.harvard.edu \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-usb@vger.kernel.org \
--cc=lrh2000@pku.edu.cn \
--cc=pasha.tatashin@soleen.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.comm \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox