Commit 6f7de35b authored by Matthew Auld's avatar Matthew Auld

drm/i915/userptr: restore probe_range behaviour

The conversion looks harmless, however the addr value is updated inside
the loop with the previous vm_end, which then incorrectly leads to
for_each_vma_range() iterating over stuff outside the range we care
about. Fix this by storing the end value separately. Also fix the case
where the range doesn't intersect with any vma, or if the vma itself
doesn't extend the entire range, which must mean we have hole at the
end. Both should result in an error, as per the previous behaviour.

v2: Fix the cases where the range is empty, or if there's a hole at
the end of the range

Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/7247
Testcase: igt@gem_userptr_blits@probe
Fixes: f683b9d6 ("i915: use the VMA iterator")
Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Signed-off-by: default avatarMatthew Auld <matthew.auld@intel.com>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Liam R. Howlett <Liam.Howlett@Oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Yu Zhao <yuzhao@google.com>
Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
Reviewed-by: default avatarAndrzej Hajda <andrzej.hajda@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221028130635.465839-1-matthew.auld@intel.com
parent d93618da
...@@ -427,9 +427,10 @@ probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len) ...@@ -427,9 +427,10 @@ probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len)
{ {
VMA_ITERATOR(vmi, mm, addr); VMA_ITERATOR(vmi, mm, addr);
struct vm_area_struct *vma; struct vm_area_struct *vma;
unsigned long end = addr + len;
mmap_read_lock(mm); mmap_read_lock(mm);
for_each_vma_range(vmi, vma, addr + len) { for_each_vma_range(vmi, vma, end) {
/* Check for holes, note that we also update the addr below */ /* Check for holes, note that we also update the addr below */
if (vma->vm_start > addr) if (vma->vm_start > addr)
break; break;
...@@ -441,7 +442,7 @@ probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len) ...@@ -441,7 +442,7 @@ probe_range(struct mm_struct *mm, unsigned long addr, unsigned long len)
} }
mmap_read_unlock(mm); mmap_read_unlock(mm);
if (vma) if (vma || addr < end)
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment