From: Guo Mengqi guomengqi3@huawei.com

ascend inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4SPNL CVE: NA

-----------------------------------

In sp_mmap(), if use offset = va - MMAP_BASE/DVPP_BASE, then normal sp_alloc pgoff may have same value with DVPP pgoff, causing DVPP and sp_alloc mapped to overlapped part of file unexpectedly.

To fix the problem, pass VA value as mmap offset, for in this scenario, VA value in one task address space will not be same.

Signed-off-by: Guo Mengqi guomengqi3@huawei.com Reviewed-by: Ding Tianhong dingtianhong@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- mm/share_pool.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/mm/share_pool.c b/mm/share_pool.c index ef74de39053b2..90733b807f12e 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -57,6 +57,11 @@

#define spg_valid(spg) ((spg)->is_alive == true)

+/* Use spa va address as mmap offset. This can work because spa_file + * is setup with 64-bit address space. So va shall be well covered. + */ +#define addr_offset(spa) ((spa)->va_start) + #define byte2kb(size) ((size) >> 10) #define byte2mb(size) ((size) >> 20) #define page2kb(page_num) ((page_num) << (PAGE_SHIFT - 10)) @@ -950,22 +955,6 @@ static bool is_device_addr(unsigned long addr) return false; }

-static loff_t addr_offset(struct sp_area *spa) -{ - unsigned long addr; - - if (unlikely(!spa)) { - WARN(1, "invalid spa when calculate addr offset\n"); - return 0; - } - addr = spa->va_start; - - if (!is_device_addr(addr)) - return (loff_t)(addr - MMAP_SHARE_POOL_START); - - return (loff_t)(addr - sp_dev_va_start[spa->device_id]); -} - static struct sp_group *create_spg(int spg_id) { int ret;