From owner-svn-src-stable-12@freebsd.org Thu Oct 29 18:29:24 2020 Return-Path: Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 63AF545A581; Thu, 29 Oct 2020 18:29:24 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CMYr42201z47L8; Thu, 29 Oct 2020 18:29:24 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 28805A0F1; Thu, 29 Oct 2020 18:29:24 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 09TITOVS034869; Thu, 29 Oct 2020 18:29:24 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 09TITNAX034863; Thu, 29 Oct 2020 18:29:23 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <202010291829.09TITNAX034863@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Thu, 29 Oct 2020 18:29:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r367140 - in stable/12/sys: cam dev/nvme kern sys ufs/ffs X-SVN-Group: stable-12 X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: in stable/12/sys: cam dev/nvme kern sys ufs/ffs X-SVN-Commit-Revision: 367140 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-12@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for only the 12-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Oct 2020 18:29:24 -0000 Author: brooks Date: Thu Oct 29 18:29:22 2020 New Revision: 367140 URL: https://svnweb.freebsd.org/changeset/base/367140 Log: MFC r366911: vmapbuf: don't smuggle address or length in buf Instead, add arguments to vmapbuf. Since this argument is always a pointer use a type of void * and cast to vm_offset_t in vmapbuf. (In CheriBSD we've altered vm_fault_quick_hold_pages to take a pointer and check its bounds.) In no other situtation does b_data contain a user pointer and vmapbuf replaces b_data with the actual mapping. Suggested by: jhb Reviewed by: imp, jhb Obtained from: CheriBSD Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D26784 Modified: stable/12/sys/cam/cam_periph.c stable/12/sys/dev/nvme/nvme_ctrlr.c stable/12/sys/kern/vfs_bio.c stable/12/sys/sys/buf.h stable/12/sys/ufs/ffs/ffs_rawread.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/cam/cam_periph.c ============================================================================== --- stable/12/sys/cam/cam_periph.c Thu Oct 29 15:44:44 2020 (r367139) +++ stable/12/sys/cam/cam_periph.c Thu Oct 29 18:29:22 2020 (r367140) @@ -959,12 +959,6 @@ cam_periph_mapmem(union ccb *ccb, struct cam_periph_ma */ mapinfo->bp[i] = getpbuf(NULL); - /* put our pointer in the data slot */ - mapinfo->bp[i]->b_data = *data_ptrs[i]; - - /* set the transfer length, we know it's < MAXPHYS */ - mapinfo->bp[i]->b_bufsize = lengths[i]; - /* set the direction */ mapinfo->bp[i]->b_iocmd = (dirs[i] == CAM_DIR_OUT) ? BIO_WRITE : BIO_READ; @@ -977,7 +971,7 @@ cam_periph_mapmem(union ccb *ccb, struct cam_periph_ma * into a larger area of VM, or if userland races against * vmapbuf() after the useracc() check. */ - if (vmapbuf(mapinfo->bp[i], 1) < 0) { + if (vmapbuf(mapinfo->bp[i], *data_ptrs[i], lengths[i], 1) < 0) { relpbuf(mapinfo->bp[i], NULL); goto fail; } Modified: stable/12/sys/dev/nvme/nvme_ctrlr.c ============================================================================== --- stable/12/sys/dev/nvme/nvme_ctrlr.c Thu Oct 29 15:44:44 2020 (r367139) +++ stable/12/sys/dev/nvme/nvme_ctrlr.c Thu Oct 29 18:29:22 2020 (r367140) @@ -1232,10 +1232,8 @@ nvme_ctrlr_passthrough_cmd(struct nvme_controller *ctr */ PHOLD(curproc); buf = getpbuf(NULL); - buf->b_data = pt->buf; - buf->b_bufsize = pt->len; buf->b_iocmd = pt->is_read ? BIO_READ : BIO_WRITE; - if (vmapbuf(buf, 1) < 0) { + if (vmapbuf(buf, pt->buf, pt->len, 1) < 0) { ret = EFAULT; goto err; } Modified: stable/12/sys/kern/vfs_bio.c ============================================================================== --- stable/12/sys/kern/vfs_bio.c Thu Oct 29 15:44:44 2020 (r367139) +++ stable/12/sys/kern/vfs_bio.c Thu Oct 29 18:29:22 2020 (r367140) @@ -4912,22 +4912,21 @@ vm_hold_free_pages(struct buf *bp, int newbsize) * This function only works with pager buffers. */ int -vmapbuf(struct buf *bp, int mapbuf) +vmapbuf(struct buf *bp, void *uaddr, size_t len, int mapbuf) { vm_prot_t prot; int pidx; - if (bp->b_bufsize < 0) - return (-1); prot = VM_PROT_READ; if (bp->b_iocmd == BIO_READ) prot |= VM_PROT_WRITE; /* Less backwards than it looks */ if ((pidx = vm_fault_quick_hold_pages(&curproc->p_vmspace->vm_map, - (vm_offset_t)bp->b_data, bp->b_bufsize, prot, bp->b_pages, + (vm_offset_t)uaddr, len, prot, bp->b_pages, btoc(MAXPHYS))) < 0) return (-1); + bp->b_bufsize = len; bp->b_npages = pidx; - bp->b_offset = ((vm_offset_t)bp->b_data) & PAGE_MASK; + bp->b_offset = ((vm_offset_t)uaddr) & PAGE_MASK; if (mapbuf || !unmapped_buf_allowed) { pmap_qenter((vm_offset_t)bp->b_kvabase, bp->b_pages, pidx); bp->b_data = bp->b_kvabase + bp->b_offset; Modified: stable/12/sys/sys/buf.h ============================================================================== --- stable/12/sys/sys/buf.h Thu Oct 29 15:44:44 2020 (r367139) +++ stable/12/sys/sys/buf.h Thu Oct 29 18:29:22 2020 (r367140) @@ -560,7 +560,7 @@ void vfs_bio_set_flags(struct buf *bp, int ioflags); void vfs_bio_set_valid(struct buf *, int base, int size); void vfs_busy_pages(struct buf *, int clear_modify); void vfs_unbusy_pages(struct buf *); -int vmapbuf(struct buf *, int); +int vmapbuf(struct buf *, void *, size_t, int); void vunmapbuf(struct buf *); void relpbuf(struct buf *, int *); void brelvp(struct buf *); Modified: stable/12/sys/ufs/ffs/ffs_rawread.c ============================================================================== --- stable/12/sys/ufs/ffs/ffs_rawread.c Thu Oct 29 15:44:44 2020 (r367139) +++ stable/12/sys/ufs/ffs/ffs_rawread.c Thu Oct 29 18:29:22 2020 (r367140) @@ -218,7 +218,6 @@ ffs_rawread_readahead(struct vnode *vp, bp->b_flags = 0; /* XXX necessary ? */ bp->b_iocmd = BIO_READ; bp->b_iodone = bdone; - bp->b_data = udata; blockno = offset / bsize; blockoff = (offset % bsize) / DEV_BSIZE; if ((daddr_t) blockno != blockno) { @@ -236,9 +235,8 @@ ffs_rawread_readahead(struct vnode *vp, if (bp->b_bcount + blockoff * DEV_BSIZE > bsize) bp->b_bcount = bsize - blockoff * DEV_BSIZE; - bp->b_bufsize = bp->b_bcount; - if (vmapbuf(bp, 1) < 0) + if (vmapbuf(bp, udata, bp->b_bcount, 1) < 0) return EFAULT; maybe_yield(); @@ -255,9 +253,8 @@ ffs_rawread_readahead(struct vnode *vp, if (bp->b_bcount + blockoff * DEV_BSIZE > bsize * (1 + bforwards)) bp->b_bcount = bsize * (1 + bforwards) - blockoff * DEV_BSIZE; - bp->b_bufsize = bp->b_bcount; - if (vmapbuf(bp, 1) < 0) + if (vmapbuf(bp, udata, bp->b_bcount, 1) < 0) return EFAULT; BO_STRATEGY(&dp->v_bufobj, bp);