@@ -642,16 +642,29 @@ static int uio_mmap_physical(struct vm_area_struct
*vma)
{
struct uio_device *idev = vma->vm_private_data;
int mi = uio_find_mem_index(vma);
+ struct uio_mem *mem;
if (mi < 0)
return -EINVAL;
+ mem = idev->info->mem + mi;
- vma->vm_ops = &uio_physical_vm_ops;
+ if (vma->vm_end - vma->vm_start > mem->size)
+ return -EINVAL;
<snip>
The last two lines shown above that check the length of the vm area cause
the mmap to fail because ivshmem's BAR0 is only 256 bytes.
One possible fix is to increase the size of BAR0 to the size of a page. Of
course, I'd prefer to be able to fix this from my uio driver, but I'm not
sure that is possible given the patch above changes the generic uio code.
Advice is welcome.
Finally, I apologize for not catching this bug earlier. It's an effect of
not having the uio driver in the kernel. To avoid this in future, I will
work to get the UIO ivshmem driver into the kernel.
Sincerely,
Cam
Hello, A bug was reported to me regarding mmaping of BAR0 in ivshmem. Indeed the mmap fails. This bug will affect those using the ivshmem server as BAR0 contains the registers for sending and receiving interrupts. It does not affect those mapping just the shared memory region. I have bisected to a patch from 3.12 commit 7314e613d5ff9f0934f7a0f74ed7973b903315d1 Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Tue Oct 29 10:21:34 2013 -0700 Fix a few incorrectly checked [io_]remap_pfn_range() calls Nico Golde reports a few straggling uses of [io_]remap_pfn_range() that really should use the vm_iomap_memory() helper. This trivially converts two of them to the helper, and comments about why the third one really needs to continue to use remap_pfn_range(), and adds the missing size check. Reported-by: Nico Golde <nico@ngolde.de> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org.