Commit 7f818906 authored Jun 20, 2009 by Linus Torvalds

x86: don't use 'access_ok()' as a range check in get_user_pages_fast()



It's really not right to use 'access_ok()', since that is meant for the
normal "get_user()" and "copy_from/to_user()" accesses, which are done
through the TLB, rather than through the page tables.

Why? access_ok() does both too few, and too many checks.  Too many,
because it is meant for regular kernel accesses that will not honor the
'user' bit in the page tables, and because it honors the USER_DS vs
KERNEL_DS distinction that we shouldn't care about in GUP.  And too few,
because it doesn't do the 'canonical' check on the address on x86-64,
since the TLB will do that for us.

So instead of using a function that isn't meant for this, and does
something else and much more complicated, just do the real rules: we
don't want the range to overflow, and on x86-64, we want it to be a
canonical low address (on 32-bit, all addresses are canonical).

Acked-by: Ingo Molnar <mingo@elte.hu>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent fb20871a

arch/x86/mm/gup.c

+7 −2

Original line number	Diff line number	Diff line
		@@ -247,10 +247,15 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
		start &= PAGE_MASK;
		addr = start;
		len = (unsigned long) nr_pages << PAGE_SHIFT;

		end = start + len;
		if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
		(void __user *)start, len)))
		if (end < start)
		goto slow_irqon;

		#ifdef CONFIG_X86_64
		if (end >> __VIRTUAL_MASK_SHIFT)
		goto slow_irqon;
		#endif

		/*
		* XXX: batch / limit 'nr', to avoid large irq off latency

Admin message