First, length passed to mmap is checked explicitly against
PAGE_SIZE.
Second, if vma->vm_pgoff is passed as non zero, it would return
error. It appears like driver is expecting vma->vm_pgoff to
be passed as 0 always. otherwise throw error (not sure if done
with a particular purpose). Rather driver could set vma->vm_pgoff
to 0 irrespective of the value passed to it.
vm_map_pages_zero() has condition to validate incorrect length
passed to driver and second it can also set vma->vm_pgoff to 0
before mapping the page to vma.
Hence convert to use vm_map_pages_zero().
Signed-off-by: Souptick Joarder <jrdr.li...@gmail.com>
---
drivers/infiniband/hw/mlx5/main.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/main.c
b/drivers/infiniband/hw/mlx5/main.c
index 0569bca..366211d 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -2071,12 +2071,10 @@ static int mlx5_ib_mmap_clock_info_page(struct
mlx5_ib_dev *dev,
struct vm_area_struct *vma,
struct mlx5_ib_ucontext *context)
{
- if ((vma->vm_end - vma->vm_start != PAGE_SIZE) ||
- !(vma->vm_flags & VM_SHARED))
- return -EINVAL;
+ struct page *pages;
- if (get_index(vma->vm_pgoff) != MLX5_IB_CLOCK_INFO_V1)
- return -EOPNOTSUPP;
+ if (!(vma->vm_flags & VM_SHARED))
+ return -EINVAL;
if (vma->vm_flags & (VM_WRITE | VM_EXEC))
return -EPERM;
@@ -2084,9 +2082,9 @@ static int mlx5_ib_mmap_clock_info_page(struct
mlx5_ib_dev *dev,
if (!dev->mdev->clock_info)
return -EOPNOTSUPP;
+ pages = virt_to_page(dev->mdev->clock_info);
- return vm_insert_page(vma, vma->vm_start,
- virt_to_page(dev->mdev->clock_info));
+ return vm_map_pages_zero(vma, &pages, 1);
}
static int uar_mmap(struct mlx5_ib_dev *dev, enum mlx5_ib_mmap_cmd cmd,
--
1.9.1
