On Thu, May 08, 2025 at 09:12:08AM -0300, Jason Gunthorpe wrote: > On Thu, May 08, 2025 at 09:15:47AM +0000, Tian, Kevin wrote: > > > From: Nicolin Chen <nicolinc@xxxxxxxxxx> > > > Sent: Thursday, May 8, 2025 11:50 AM > > > > > > On Wed, May 07, 2025 at 07:08:09PM -0300, Jason Gunthorpe wrote: > > > > On Wed, May 07, 2025 at 02:09:31PM -0700, Nicolin Chen wrote: > > > > > I have another question: while I don't think my code is handling > > > > > this well either, how should we validate the input address is an > > > > > allowed one? > > > > > > > > The pgoff to mmap? If it isn't in the maple tree it is not allowed, if > > > > it isn't at the start of range it is not allowed, if the size is not > > > > exactly the same as the range it is not allowed. > > > > > > Kevin suggested to allow a partial mmap, i.e allow the size to be > > > smaller than what the cookie describes. Yet, surely the mmap size > > > should not above the allocated size. > > > > > > > let me clarify - I didn't suggested it. Instead it's what the code > > does hence I suggested to make it explicit. 😊 > > It is probably reasonable to require the pgoff to be at the start but > allow a shorter map, for forward compatability. > > But also, you could add flags to the ioctl creating the mmap to > request future bigger sizes. > > There is some appeal to be more strict to make misuse less likely.. OK. Let's strict the size to be exact. Thanks Nicolin
