Page MenuHomeFreeBSD
Differential D26784

vmapbuf: don't smuggle user address via b_data
ClosedPublic
Actions

Authored by brooks on Oct 14 2020, 11:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 7 2024, 6:07 AM
Unknown Object (File)
Oct 3 2024, 10:22 AM
Unknown Object (File)
Oct 2 2024, 10:06 PM
Unknown Object (File)
Oct 1 2024, 10:07 AM
Unknown Object (File)
Sep 30 2024, 1:16 AM
Unknown Object (File)
Sep 30 2024, 1:16 AM
Unknown Object (File)
Sep 30 2024, 1:16 AM
Unknown Object (File)
Sep 30 2024, 1:14 AM
View All 71 Files
Subscribers
dab

Details

Reviewers
imp
scottl
jhb
Group Reviewers
cam
Commits
rS367145: MFC r366911:
rS367140: MFC r366911:
rS366911: vmapbuf: don't smuggle address or length in buf
Summary

Instead, add a uaddr argument to vmapbuf. Since this argument is
always a pointer use a type of void * and cast to vm_offset_t in
vmapbuf. (In CheriBSD we've altered vm_fault_quick_hold_pages to
take a pointer and check its bounds.)

In no other situtation does b_data contain a user pointer and vmapbuf
replaces b_data with the actual mapping.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks created this revision.Oct 14 2020, 11:53 PM
Herald added a reviewer: cam. · View Herald TranscriptOct 14 2020, 11:53 PM
Herald added a subscriber: dab. · View Herald Transcript
brooks requested review of this revision.Oct 14 2020, 11:53 PM
Harbormaster completed remote builds in B34172: Diff 78238.Oct 14 2020, 11:53 PM
brooks added a comment.Oct 15 2020, 5:35 PM

CI run: https://cirrus-ci.com/task/5059292485124096

jhb added a comment.Oct 15 2020, 9:56 PM

I know I didn't say this earlier in CheriBSD, but looking at the patch again, I think it might be cleaner to pass in the size explicitly as well and have vmapbuf set bp->bufsize rather than than smuggling that in as well. Together, b_data, b_offset, and b_bufsize describe the memory buffer, and passing in the length would let vmapbuf be responsible for setting all of those.

sys/ufs/ffs/ffs_rawread.c
250 ↗(On Diff #78238)

Unrelated bug: vmapbuf() overwrites bp->b_offset. This should only be setting bp->b_iooffset.

brooks updated this revision to Diff 78430.Oct 19 2020, 3:09 PM
  • Pass size rather than smuggling via b_bufsize.
Harbormaster completed remote builds in B34258: Diff 78430.Oct 19 2020, 3:09 PM
brooks added a comment.Oct 19 2020, 5:20 PM

https://cirrus-ci.com/task/5974398819631104

jhb accepted this revision.Oct 19 2020, 8:25 PM

Thanks.

sys/kern/vfs_bio.c
4915 ↗(On Diff #78430)

This check is now dead code that can be removed I think since size_t is unsigned?

This revision is now accepted and ready to land.Oct 19 2020, 8:25 PM
brooks updated this revision to Diff 78470.Oct 19 2020, 9:06 PM
  • GC a dead check.
This revision now requires review to proceed.Oct 19 2020, 9:06 PM
Harbormaster completed remote builds in B34267: Diff 78470.Oct 19 2020, 9:06 PM
imp accepted this revision.Oct 19 2020, 11:26 PM

This is good... only caveat is that MFC code near this stuff might be a pain... A minor inconvenience at best, so this is a LGTM!

This revision is now accepted and ready to land.Oct 19 2020, 11:26 PM
Closed by commit rS366911: vmapbuf: don't smuggle address or length in buf (authored by brooks). · Explain WhyOct 21 2020, 4:00 PM
This revision was automatically updated to reflect the committed changes.
brooks added a commit: rS366911: vmapbuf: don't smuggle address or length in buf.
brooks added a commit: rS367140: MFC r366911:.Oct 29 2020, 6:29 PM
brooks added a commit: rS367145: MFC r366911:.Oct 29 2020, 10:00 PM

Revision Contents
Changeset List

PathSize
head/
sys/
cam/
8 lines
dev/
nvme/
4 lines
kern/
9 lines
sys/
2 lines
ufs/
ffs/
7 lines

Diff 78552

View Options

head/sys/cam/cam_periph.c

Loading...
View Options

head/sys/dev/nvme/nvme_ctrlr.c

Loading...
View Options

head/sys/kern/vfs_bio.c

Loading...
View Options

head/sys/sys/buf.h

Loading...
View Options

head/sys/ufs/ffs/ffs_rawread.c

Loading...