On Mon, Sep 08, 2025 at 12:04:04PM -0300, Jason Gunthorpe wrote:
> On Mon, Sep 08, 2025 at 03:48:36PM +0100, Lorenzo Stoakes wrote:
> > But sadly some _do need_ to do extra work afterwards, most notably,
> > prepopulation.
>
> I think Jan is suggesting something more like
>
> mmap_op()
> {
> struct vma_desc desc = {};
>
> desc.[..] = x
> desc.[..] = y
> desc.[..] = z
> vma = vma_alloc(desc);
>
> ret = remap_pfn(vma)
> if (ret) goto err_vma;
>
> return vma_commit(vma);
>
> err_va:
> vma_dealloc(vma);
> return ERR_PTR(ret);
> }
>
> Jason
Right, unfortunately the locking and the subtle issues around memory mapping
really preclude something like this I think. We really do need to keep control
over that.
And since partly the motivation here is 'drivers do insane things when given too
much freedom', I feel this would not improve that :)
If you look at do_mmap() -> mmap_region() -> __mmap_region() etc. you can see a
lot of that.
We also had a security issue arise as a result of incorrect error path handling,
I don't think letting a driver writer handle that is wise.
It's a nice idea, but I just think this stuff is too sensitive for that. And in
any case, it wouldn't likely be tractable to convert legacy code to this.
Cheers, Lorenzo
