[v13,39/45] sg: add mmap_sz tracking

Message ID	20210113224526.861000-40-dgilbert@interlog.com
State	New
Headers	show Return-Path: <linux-scsi-owner@kernel.org> From: Douglas Gilbert <dgilbert@interlog.com> To: linux-scsi@vger.kernel.org Cc: martin.petersen@oracle.com, jejb@linux.vnet.ibm.com, hare@suse.de, kashyap.desai@broadcom.com Subject: [PATCH v13 39/45] sg: add mmap_sz tracking Date: Wed, 13 Jan 2021 17:45:20 -0500 Message-Id: <20210113224526.861000-40-dgilbert@interlog.com> In-Reply-To: <20210113224526.861000-1-dgilbert@interlog.com> References: <20210113224526.861000-1-dgilbert@interlog.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [v13,02/45] sg: remove typedefs, type+formatting cleanup [v13,03/45] sg: sg_log and is_enabled [v13,04/45] sg: rework sg_poll(), minor changes [v13,05/45] sg: bitops in sg_device [v13,06/45] sg: make open count an atomic [v13,07/45] sg: move header to uapi section [v13,08/45] sg: speed sg_poll and sg_get_num_waiting [v13,09/45] sg: sg_allow_if_err_recovery and renames [v13,10/45] sg: improve naming [v13,11/45] sg: change rwlock to spinlock [v13,12/45] sg: ioctl handling [v13,13/45] sg: split sg_read [v13,14/45] sg: sg_common_write add structure for arguments [v13,15/45] sg: rework sg_vma_fault [v13,16/45] sg: rework sg_mmap [v13,17/45] sg: replace sg_allow_access [v13,18/45] sg: rework scatter gather handling [v13,19/45] sg: introduce request state machine [v13,20/45] sg: sg_find_srp_by_id [v13,21/45] sg: sg_fill_request_element [v13,22/45] sg: printk change %p to %pK [v13,23/45] sg: xarray for fds in device [v13,24/45] sg: xarray for reqs in fd [v13,25/45] sg: replace rq array with xarray [v13,26/45] sg: sense buffer rework [v13,27/45] sg: add sg v4 interface support [v13,28/45] sg: rework debug info [v13,29/45] sg: add 8 byte SCSI LUN to sg_scsi_id [v13,30/45] sg: expand sg_comm_wr_t [v13,31/45] sg: add sg_iosubmit_v3 and sg_ioreceive_v3 ioctls [v13,32/45] sg: add some __must_hold macros [v13,33/45] sg: move procfs objects to avoid forward decls [v13,34/45] sg: protect multiple receivers [v13,35/45] sg: first debugfs support [v13,36/45] sg: rework mmap support [v13,37/45] sg: defang allow_dio [v13,38/45] sg: warn v3 write system call users [v13,39/45] sg: add mmap_sz tracking [v13,40/45] sg: remove rcv_done request state [v13,41/45] sg: track lowest inactive and await indexes [v13,42/45] sg: remove unit attention check for device changed [v13,43/45] sg: no_dxfer: move to/from kernel buffers [v13,44/45] sg: [RFC] add blk_poll support [v13,45/45] sg: bump version to 4.0.12

Message ID

20210113224526.861000-40-dgilbert@interlog.com

State

New

Headers

From: Douglas Gilbert <dgilbert@interlog.com>
To: linux-scsi@vger.kernel.org
Cc: martin.petersen@oracle.com, jejb@linux.vnet.ibm.com, hare@suse.de,
	kashyap.desai@broadcom.com
Subject: [PATCH v13 39/45] sg: add mmap_sz tracking
Date: Wed, 13 Jan 2021 17:45:20 -0500
Message-Id: <20210113224526.861000-40-dgilbert@interlog.com>
In-Reply-To: <20210113224526.861000-1-dgilbert@interlog.com>
References: <20210113224526.861000-1-dgilbert@interlog.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

None | expand

Commit Message

Douglas Gilbert Jan. 13, 2021, 10:45 p.m. UTC

Track mmap_sz from prior mmap(2) call, per sg file descriptor. Also
reset this value whenever munmap(2) is called. Fail SG_FLAG_MMAP_IO
uses if mmap(2) hasn't been called or the memory associated with it
is not large enough for the current request.

Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
---
 drivers/scsi/sg.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

Comments

Hannes Reinecke Jan. 14, 2021, 7:18 a.m. UTC | #1

On 1/13/21 11:45 PM, Douglas Gilbert wrote:
> Track mmap_sz from prior mmap(2) call, per sg file descriptor. Also
> reset this value whenever munmap(2) is called. Fail SG_FLAG_MMAP_IO
> uses if mmap(2) hasn't been called or the memory associated with it
> is not large enough for the current request.
> 
> Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
> ---
>   drivers/scsi/sg.c | 11 +++++++++--
>   1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
> index c5533bbaf0d5..d0f25f8f572b 100644
> --- a/drivers/scsi/sg.c
> +++ b/drivers/scsi/sg.c
> @@ -232,6 +232,7 @@ struct sg_fd {		/* holds the state of a file descriptor */
>   	atomic_t waiting;	/* number of requests awaiting receive */
>   	atomic_t req_cnt;	/* number of requests */
>   	int sgat_elem_sz;	/* initialized to scatter_elem_sz */
> +	int mmap_sz;		/* byte size of previous mmap() call */
>   	unsigned long ffd_bm[1];	/* see SG_FFD_* defines above */
>   	pid_t tid;		/* thread id when opened */
>   	u8 next_cmd_len;	/* 0: automatic, >0: use on next write() */
> @@ -725,10 +726,14 @@ sg_write(struct file *filp, const char __user *p, size_t count, loff_t *ppos)
>   static inline int
>   sg_chk_mmap(struct sg_fd *sfp, int rq_flags, int len)
>   {
> +	if (!test_bit(SG_FFD_MMAP_CALLED, sfp->ffd_bm))
> +		return -EBADFD;
>   	if (atomic_read(&sfp->submitted) > 0)
>   		return -EBUSY;  /* already active requests on fd */
>   	if (len > sfp->rsv_srp->sgat_h.buflen)
>   		return -ENOMEM; /* MMAP_IO size must fit in reserve */
> +	if (unlikely(len > sfp->mmap_sz))
> +		return -ENOMEM; /* MMAP_IO size can't exceed mmap() size */
>   	if (rq_flags & SG_FLAG_DIRECT_IO)
>   		return -EINVAL; /* not both MMAP_IO and DIRECT_IO */
>   	return 0;
> @@ -2262,6 +2267,8 @@ sg_vma_close(struct vm_area_struct *vma)
>   		pr_warn("%s: sfp null\n", __func__);
>   		return;
>   	}
> +	sfp->mmap_sz = 0;
> +	clear_bit(SG_FFD_MMAP_CALLED, sfp->ffd_bm);
>   	kref_put(&sfp->f_ref, sg_remove_sfp); /* get in: sg_vma_open() */
>   }
>   
> @@ -2383,6 +2390,7 @@ sg_mmap(struct file *filp, struct vm_area_struct *vma)
>   			goto fini;
>   		}
>   	}
> +	sfp->mmap_sz = req_sz;
>   	vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
>   	vma->vm_private_data = sfp;
>   	vma->vm_ops = &sg_mmap_vm_ops;
> @@ -4048,8 +4056,7 @@ sg_proc_debug_fd(struct sg_fd *fp, char *obp, int len, unsigned long idx)
>   		       (int)test_bit(SG_FFD_FORCE_PACKID, fp->ffd_bm),
>   		       (int)test_bit(SG_FFD_KEEP_ORPHAN, fp->ffd_bm),
>   		       fp->ffd_bm[0]);
> -	n += scnprintf(obp + n, len - n, "   mmap_called=%d\n",
> -		       test_bit(SG_FFD_MMAP_CALLED, fp->ffd_bm));
> +	n += scnprintf(obp + n, len - n, "   mmap_sz=%d\n", fp->mmap_sz);
>   	n += scnprintf(obp + n, len - n,
>   		       "   submitted=%d waiting=%d   open thr_id=%d\n",
>   		       atomic_read(&fp->submitted),
> 
What is the point of having the SG_FFD_MMAP_CALLED bit now?
Doesn't the new 'mmap_sz' value carry the same information?

Cheers,

Hannes

Douglas Gilbert Jan. 14, 2021, 9:40 p.m. UTC | #2

On 2021-01-14 2:18 a.m., Hannes Reinecke wrote:
> On 1/13/21 11:45 PM, Douglas Gilbert wrote:
>> Track mmap_sz from prior mmap(2) call, per sg file descriptor. Also
>> reset this value whenever munmap(2) is called. Fail SG_FLAG_MMAP_IO
>> uses if mmap(2) hasn't been called or the memory associated with it
>> is not large enough for the current request.
>>
>> Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
>> ---
>>   drivers/scsi/sg.c | 11 +++++++++--
>>   1 file changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
>> index c5533bbaf0d5..d0f25f8f572b 100644
>> --- a/drivers/scsi/sg.c
>> +++ b/drivers/scsi/sg.c
>> @@ -232,6 +232,7 @@ struct sg_fd {        /* holds the state of a file 
>> descriptor */
>>       atomic_t waiting;    /* number of requests awaiting receive */
>>       atomic_t req_cnt;    /* number of requests */
>>       int sgat_elem_sz;    /* initialized to scatter_elem_sz */
>> +    int mmap_sz;        /* byte size of previous mmap() call */
>>       unsigned long ffd_bm[1];    /* see SG_FFD_* defines above */
>>       pid_t tid;        /* thread id when opened */
>>       u8 next_cmd_len;    /* 0: automatic, >0: use on next write() */
>> @@ -725,10 +726,14 @@ sg_write(struct file *filp, const char __user *p, size_t 
>> count, loff_t *ppos)
>>   static inline int
>>   sg_chk_mmap(struct sg_fd *sfp, int rq_flags, int len)
>>   {
>> +    if (!test_bit(SG_FFD_MMAP_CALLED, sfp->ffd_bm))
>> +        return -EBADFD;
>>       if (atomic_read(&sfp->submitted) > 0)
>>           return -EBUSY;  /* already active requests on fd */
>>       if (len > sfp->rsv_srp->sgat_h.buflen)
>>           return -ENOMEM; /* MMAP_IO size must fit in reserve */
>> +    if (unlikely(len > sfp->mmap_sz))
>> +        return -ENOMEM; /* MMAP_IO size can't exceed mmap() size */
>>       if (rq_flags & SG_FLAG_DIRECT_IO)
>>           return -EINVAL; /* not both MMAP_IO and DIRECT_IO */
>>       return 0;
>> @@ -2262,6 +2267,8 @@ sg_vma_close(struct vm_area_struct *vma)
>>           pr_warn("%s: sfp null\n", __func__);
>>           return;
>>       }
>> +    sfp->mmap_sz = 0;
>> +    clear_bit(SG_FFD_MMAP_CALLED, sfp->ffd_bm);
>>       kref_put(&sfp->f_ref, sg_remove_sfp); /* get in: sg_vma_open() */
>>   }
>> @@ -2383,6 +2390,7 @@ sg_mmap(struct file *filp, struct vm_area_struct *vma)
>>               goto fini;
>>           }
>>       }
>> +    sfp->mmap_sz = req_sz;
>>       vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
>>       vma->vm_private_data = sfp;
>>       vma->vm_ops = &sg_mmap_vm_ops;
>> @@ -4048,8 +4056,7 @@ sg_proc_debug_fd(struct sg_fd *fp, char *obp, int len, 
>> unsigned long idx)
>>                  (int)test_bit(SG_FFD_FORCE_PACKID, fp->ffd_bm),
>>                  (int)test_bit(SG_FFD_KEEP_ORPHAN, fp->ffd_bm),
>>                  fp->ffd_bm[0]);
>> -    n += scnprintf(obp + n, len - n, "   mmap_called=%d\n",
>> -               test_bit(SG_FFD_MMAP_CALLED, fp->ffd_bm));
>> +    n += scnprintf(obp + n, len - n, "   mmap_sz=%d\n", fp->mmap_sz);
>>       n += scnprintf(obp + n, len - n,
>>                  "   submitted=%d waiting=%d   open thr_id=%d\n",
>>                  atomic_read(&fp->submitted),
>>
> What is the point of having the SG_FFD_MMAP_CALLED bit now?
> Doesn't the new 'mmap_sz' value carry the same information?

Touché! Will fix.

Doug Gilbert

diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index c5533bbaf0d5..d0f25f8f572b 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -232,6 +232,7 @@  struct sg_fd {		/* holds the state of a file descriptor */
 	atomic_t waiting;	/* number of requests awaiting receive */
 	atomic_t req_cnt;	/* number of requests */
 	int sgat_elem_sz;	/* initialized to scatter_elem_sz */
+	int mmap_sz;		/* byte size of previous mmap() call */
 	unsigned long ffd_bm[1];	/* see SG_FFD_* defines above */
 	pid_t tid;		/* thread id when opened */
 	u8 next_cmd_len;	/* 0: automatic, >0: use on next write() */
@@ -725,10 +726,14 @@  sg_write(struct file *filp, const char __user *p, size_t count, loff_t *ppos)
 static inline int
 sg_chk_mmap(struct sg_fd *sfp, int rq_flags, int len)
 {
+	if (!test_bit(SG_FFD_MMAP_CALLED, sfp->ffd_bm))
+		return -EBADFD;
 	if (atomic_read(&sfp->submitted) > 0)
 		return -EBUSY;  /* already active requests on fd */
 	if (len > sfp->rsv_srp->sgat_h.buflen)
 		return -ENOMEM; /* MMAP_IO size must fit in reserve */
+	if (unlikely(len > sfp->mmap_sz))
+		return -ENOMEM; /* MMAP_IO size can't exceed mmap() size */
 	if (rq_flags & SG_FLAG_DIRECT_IO)
 		return -EINVAL; /* not both MMAP_IO and DIRECT_IO */
 	return 0;
@@ -2262,6 +2267,8 @@  sg_vma_close(struct vm_area_struct *vma)
 		pr_warn("%s: sfp null\n", __func__);
 		return;
 	}
+	sfp->mmap_sz = 0;
+	clear_bit(SG_FFD_MMAP_CALLED, sfp->ffd_bm);
 	kref_put(&sfp->f_ref, sg_remove_sfp); /* get in: sg_vma_open() */
 }
 
@@ -2383,6 +2390,7 @@  sg_mmap(struct file *filp, struct vm_area_struct *vma)
 			goto fini;
 		}
 	}
+	sfp->mmap_sz = req_sz;
 	vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
 	vma->vm_private_data = sfp;
 	vma->vm_ops = &sg_mmap_vm_ops;
@@ -4048,8 +4056,7 @@  sg_proc_debug_fd(struct sg_fd *fp, char *obp, int len, unsigned long idx)
 		       (int)test_bit(SG_FFD_FORCE_PACKID, fp->ffd_bm),
 		       (int)test_bit(SG_FFD_KEEP_ORPHAN, fp->ffd_bm),
 		       fp->ffd_bm[0]);
-	n += scnprintf(obp + n, len - n, "   mmap_called=%d\n",
-		       test_bit(SG_FFD_MMAP_CALLED, fp->ffd_bm));
+	n += scnprintf(obp + n, len - n, "   mmap_sz=%d\n", fp->mmap_sz);
 	n += scnprintf(obp + n, len - n,
 		       "   submitted=%d waiting=%d   open thr_id=%d\n",
 		       atomic_read(&fp->submitted),

[v13,39/45] sg: add mmap_sz tracking

Commit Message

Comments

Patch