Commit d0107eb0 authored by KAMEZAWA Hiroyuki's avatar KAMEZAWA Hiroyuki Committed by Linus Torvalds

kcore: fix vread/vwrite to be aware of holes

vread/vwrite access vmalloc area without checking there is a page or not.
In most case, this works well.

In old ages, the caller of get_vm_ara() is only IOREMAP and there is no
memory hole within vm_struct's [addr...addr + size - PAGE_SIZE] (
-PAGE_SIZE is for a guard page.)

After per-cpu-alloc patch, it uses get_vm_area() for reserve continuous
virtual address but remap _later_.  There tend to be a hole in valid
vmalloc area in vm_struct lists.  Then, skip the hole (not mapped page) is
necessary.  This patch updates vread/vwrite() for avoiding memory hole.

Routines which access vmalloc area without knowing for which addr is used
are
  - /proc/kcore
  - /dev/kmem

kcore checks IOREMAP, /dev/kmem doesn't.  After this patch, IOREMAP is
checked and /dev/kmem will avoid to read/write it.  Fixes to /proc/kcore
will be in the next patch in series.
Signed-off-by: default avatarKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: WANG Cong <xiyou.wangcong@gmail.com>
Cc: Mike Smith <scgtrp@gmail.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent dd32c279
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
#include <linux/rcupdate.h> #include <linux/rcupdate.h>
#include <linux/pfn.h> #include <linux/pfn.h>
#include <linux/kmemleak.h> #include <linux/kmemleak.h>
#include <linux/highmem.h>
#include <asm/atomic.h> #include <asm/atomic.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
#include <asm/tlbflush.h> #include <asm/tlbflush.h>
...@@ -1643,10 +1643,120 @@ void *vmalloc_32_user(unsigned long size) ...@@ -1643,10 +1643,120 @@ void *vmalloc_32_user(unsigned long size)
} }
EXPORT_SYMBOL(vmalloc_32_user); EXPORT_SYMBOL(vmalloc_32_user);
/*
* small helper routine , copy contents to buf from addr.
* If the page is not present, fill zero.
*/
static int aligned_vread(char *buf, char *addr, unsigned long count)
{
struct page *p;
int copied = 0;
while (count) {
unsigned long offset, length;
offset = (unsigned long)addr & ~PAGE_MASK;
length = PAGE_SIZE - offset;
if (length > count)
length = count;
p = vmalloc_to_page(addr);
/*
* To do safe access to this _mapped_ area, we need
* lock. But adding lock here means that we need to add
* overhead of vmalloc()/vfree() calles for this _debug_
* interface, rarely used. Instead of that, we'll use
* kmap() and get small overhead in this access function.
*/
if (p) {
/*
* we can expect USER0 is not used (see vread/vwrite's
* function description)
*/
void *map = kmap_atomic(p, KM_USER0);
memcpy(buf, map + offset, length);
kunmap_atomic(map, KM_USER0);
} else
memset(buf, 0, length);
addr += length;
buf += length;
copied += length;
count -= length;
}
return copied;
}
static int aligned_vwrite(char *buf, char *addr, unsigned long count)
{
struct page *p;
int copied = 0;
while (count) {
unsigned long offset, length;
offset = (unsigned long)addr & ~PAGE_MASK;
length = PAGE_SIZE - offset;
if (length > count)
length = count;
p = vmalloc_to_page(addr);
/*
* To do safe access to this _mapped_ area, we need
* lock. But adding lock here means that we need to add
* overhead of vmalloc()/vfree() calles for this _debug_
* interface, rarely used. Instead of that, we'll use
* kmap() and get small overhead in this access function.
*/
if (p) {
/*
* we can expect USER0 is not used (see vread/vwrite's
* function description)
*/
void *map = kmap_atomic(p, KM_USER0);
memcpy(map + offset, buf, length);
kunmap_atomic(map, KM_USER0);
}
addr += length;
buf += length;
copied += length;
count -= length;
}
return copied;
}
/**
* vread() - read vmalloc area in a safe way.
* @buf: buffer for reading data
* @addr: vm address.
* @count: number of bytes to be read.
*
* Returns # of bytes which addr and buf should be increased.
* (same number to @count). Returns 0 if [addr...addr+count) doesn't
* includes any intersect with alive vmalloc area.
*
* This function checks that addr is a valid vmalloc'ed area, and
* copy data from that area to a given buffer. If the given memory range
* of [addr...addr+count) includes some valid address, data is copied to
* proper area of @buf. If there are memory holes, they'll be zero-filled.
* IOREMAP area is treated as memory hole and no copy is done.
*
* If [addr...addr+count) doesn't includes any intersects with alive
* vm_struct area, returns 0.
* @buf should be kernel's buffer. Because this function uses KM_USER0,
* the caller should guarantee KM_USER0 is not used.
*
* Note: In usual ops, vread() is never necessary because the caller
* should know vmalloc() area is valid and can use memcpy().
* This is for routines which have to access vmalloc area without
* any informaion, as /dev/kmem.
*
*/
long vread(char *buf, char *addr, unsigned long count) long vread(char *buf, char *addr, unsigned long count)
{ {
struct vm_struct *tmp; struct vm_struct *tmp;
char *vaddr, *buf_start = buf; char *vaddr, *buf_start = buf;
unsigned long buflen = count;
unsigned long n; unsigned long n;
/* Don't allow overflow */ /* Don't allow overflow */
...@@ -1654,7 +1764,7 @@ long vread(char *buf, char *addr, unsigned long count) ...@@ -1654,7 +1764,7 @@ long vread(char *buf, char *addr, unsigned long count)
count = -(unsigned long) addr; count = -(unsigned long) addr;
read_lock(&vmlist_lock); read_lock(&vmlist_lock);
for (tmp = vmlist; tmp; tmp = tmp->next) { for (tmp = vmlist; count && tmp; tmp = tmp->next) {
vaddr = (char *) tmp->addr; vaddr = (char *) tmp->addr;
if (addr >= vaddr + tmp->size - PAGE_SIZE) if (addr >= vaddr + tmp->size - PAGE_SIZE)
continue; continue;
...@@ -1667,32 +1777,72 @@ long vread(char *buf, char *addr, unsigned long count) ...@@ -1667,32 +1777,72 @@ long vread(char *buf, char *addr, unsigned long count)
count--; count--;
} }
n = vaddr + tmp->size - PAGE_SIZE - addr; n = vaddr + tmp->size - PAGE_SIZE - addr;
do { if (n > count)
if (count == 0) n = count;
goto finished; if (!(tmp->flags & VM_IOREMAP))
*buf = *addr; aligned_vread(buf, addr, n);
buf++; else /* IOREMAP area is treated as memory hole */
addr++; memset(buf, 0, n);
count--; buf += n;
} while (--n > 0); addr += n;
count -= n;
} }
finished: finished:
read_unlock(&vmlist_lock); read_unlock(&vmlist_lock);
return buf - buf_start;
if (buf == buf_start)
return 0;
/* zero-fill memory holes */
if (buf != buf_start + buflen)
memset(buf, 0, buflen - (buf - buf_start));
return buflen;
} }
/**
* vwrite() - write vmalloc area in a safe way.
* @buf: buffer for source data
* @addr: vm address.
* @count: number of bytes to be read.
*
* Returns # of bytes which addr and buf should be incresed.
* (same number to @count).
* If [addr...addr+count) doesn't includes any intersect with valid
* vmalloc area, returns 0.
*
* This function checks that addr is a valid vmalloc'ed area, and
* copy data from a buffer to the given addr. If specified range of
* [addr...addr+count) includes some valid address, data is copied from
* proper area of @buf. If there are memory holes, no copy to hole.
* IOREMAP area is treated as memory hole and no copy is done.
*
* If [addr...addr+count) doesn't includes any intersects with alive
* vm_struct area, returns 0.
* @buf should be kernel's buffer. Because this function uses KM_USER0,
* the caller should guarantee KM_USER0 is not used.
*
* Note: In usual ops, vwrite() is never necessary because the caller
* should know vmalloc() area is valid and can use memcpy().
* This is for routines which have to access vmalloc area without
* any informaion, as /dev/kmem.
*
* The caller should guarantee KM_USER1 is not used.
*/
long vwrite(char *buf, char *addr, unsigned long count) long vwrite(char *buf, char *addr, unsigned long count)
{ {
struct vm_struct *tmp; struct vm_struct *tmp;
char *vaddr, *buf_start = buf; char *vaddr;
unsigned long n; unsigned long n, buflen;
int copied = 0;
/* Don't allow overflow */ /* Don't allow overflow */
if ((unsigned long) addr + count < count) if ((unsigned long) addr + count < count)
count = -(unsigned long) addr; count = -(unsigned long) addr;
buflen = count;
read_lock(&vmlist_lock); read_lock(&vmlist_lock);
for (tmp = vmlist; tmp; tmp = tmp->next) { for (tmp = vmlist; count && tmp; tmp = tmp->next) {
vaddr = (char *) tmp->addr; vaddr = (char *) tmp->addr;
if (addr >= vaddr + tmp->size - PAGE_SIZE) if (addr >= vaddr + tmp->size - PAGE_SIZE)
continue; continue;
...@@ -1704,18 +1854,21 @@ long vwrite(char *buf, char *addr, unsigned long count) ...@@ -1704,18 +1854,21 @@ long vwrite(char *buf, char *addr, unsigned long count)
count--; count--;
} }
n = vaddr + tmp->size - PAGE_SIZE - addr; n = vaddr + tmp->size - PAGE_SIZE - addr;
do { if (n > count)
if (count == 0) n = count;
goto finished; if (!(tmp->flags & VM_IOREMAP)) {
*addr = *buf; aligned_vwrite(buf, addr, n);
buf++; copied++;
addr++; }
count--; buf += n;
} while (--n > 0); addr += n;
count -= n;
} }
finished: finished:
read_unlock(&vmlist_lock); read_unlock(&vmlist_lock);
return buf - buf_start; if (!copied)
return 0;
return buflen;
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment