From ea80e1d901b80ac7d9c498b2f7c6a602fabcb24a Mon Sep 17 00:00:00 2001 From: Guo Mengqi Date: Wed, 9 Feb 2022 16:57:35 +0800 Subject: [PATCH] mm: Modify sharepool sp_mmap() page_offset ascend inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4SPNL CVE: NA ----------------------------------- In sp_mmap(), if use offset = va - MMAP_BASE/DVPP_BASE, then normal sp_alloc pgoff may have same value with DVPP pgoff, causing DVPP and sp_alloc mapped to overlapped part of file unexpectedly. To fix the problem, pass VA value as mmap offset, for in this scenario, VA value in one task address space will not be same. Signed-off-by: Guo Mengqi Reviewed-by: Ding Tianhong Signed-off-by: Yang Yingliang --- mm/share_pool.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/mm/share_pool.c b/mm/share_pool.c index ef74de39053b..90733b807f12 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -57,6 +57,11 @@ #define spg_valid(spg) ((spg)->is_alive == true) +/* Use spa va address as mmap offset. This can work because spa_file + * is setup with 64-bit address space. So va shall be well covered. + */ +#define addr_offset(spa) ((spa)->va_start) + #define byte2kb(size) ((size) >> 10) #define byte2mb(size) ((size) >> 20) #define page2kb(page_num) ((page_num) << (PAGE_SHIFT - 10)) @@ -950,22 +955,6 @@ static bool is_device_addr(unsigned long addr) return false; } -static loff_t addr_offset(struct sp_area *spa) -{ - unsigned long addr; - - if (unlikely(!spa)) { - WARN(1, "invalid spa when calculate addr offset\n"); - return 0; - } - addr = spa->va_start; - - if (!is_device_addr(addr)) - return (loff_t)(addr - MMAP_SHARE_POOL_START); - - return (loff_t)(addr - sp_dev_va_start[spa->device_id]); -} - static struct sp_group *create_spg(int spg_id) { int ret; -- GitLab