Loading arch/arm64/Kconfig +1 −0 Original line number Diff line number Diff line Loading @@ -129,6 +129,7 @@ config ARM64 select SPARSE_IRQ select SYSCTL_EXCEPTION_TRACE select THREAD_INFO_IN_TASK select ARCH_SUPPORTS_SPECULATIVE_PAGE_FAULT help ARM 64-bit (AArch64) Linux support. Loading arch/arm64/mm/fault.c +45 −24 Original line number Diff line number Diff line Loading @@ -253,14 +253,12 @@ static void do_bad_area(unsigned long addr, unsigned int esr, struct pt_regs *re #define VM_FAULT_BADMAP 0x010000 #define VM_FAULT_BADACCESS 0x020000 static int __do_page_fault(struct mm_struct *mm, unsigned long addr, static int __do_page_fault(struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, struct task_struct *tsk) { struct vm_area_struct *vma; int fault; vma = find_vma(mm, addr); fault = VM_FAULT_BADMAP; if (unlikely(!vma)) goto out; Loading Loading @@ -318,6 +316,7 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, int fault, sig, code; unsigned long vm_flags = VM_READ | VM_WRITE; unsigned int mm_flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; struct vm_area_struct *vma = NULL; if (notify_page_fault(regs, esr)) return 0; Loading Loading @@ -355,6 +354,14 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, die("Accessing user space memory outside uaccess.h routines", regs, esr); } /* * let's try a speculative page fault without grabbing the * mmap_sem. */ fault = handle_speculative_fault(mm, addr, mm_flags, &vma); if (fault != VM_FAULT_RETRY) goto done; /* * As per x86, we may deadlock here. However, since the kernel only * validly references user space from well defined areas of the code, Loading @@ -377,19 +384,44 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, #endif } fault = __do_page_fault(mm, addr, mm_flags, vm_flags, tsk); if (!vma || !can_reuse_spf_vma(vma, addr)) vma = find_vma(mm, addr); fault = __do_page_fault(vma, addr, mm_flags, vm_flags, tsk); if (fault & VM_FAULT_RETRY) { /* * If we need to retry but a fatal signal is pending, handle the * signal first. We do not need to release the mmap_sem because it * would already be released in __lock_page_or_retry in mm/filemap.c. * signal first. We do not need to release the mmap_sem because * it would already be released in __lock_page_or_retry in * mm/filemap.c. */ if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) { if (fatal_signal_pending(current)) { if (!user_mode(regs)) goto no_context; return 0; } /* * Clear FAULT_FLAG_ALLOW_RETRY to avoid any risk of * starvation. */ if (mm_flags & FAULT_FLAG_ALLOW_RETRY) { mm_flags &= ~FAULT_FLAG_ALLOW_RETRY; mm_flags |= FAULT_FLAG_TRIED; /* * Do not try to reuse this vma and fetch it * again since we will release the mmap_sem. */ vma = NULL; goto retry; } } up_read(&mm->mmap_sem); done: /* * Major/minor page fault accounting is only done on the initial * attempt. If we go through a retry, it is extremely likely that the Loading @@ -407,19 +439,8 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, addr); } if (fault & VM_FAULT_RETRY) { /* * Clear FAULT_FLAG_ALLOW_RETRY to avoid any risk of * starvation. */ mm_flags &= ~FAULT_FLAG_ALLOW_RETRY; mm_flags |= FAULT_FLAG_TRIED; goto retry; } } up_read(&mm->mmap_sem); /* * Handle the "normal" case first - VM_FAULT_MAJOR */ Loading fs/exec.c +1 −1 Original line number Diff line number Diff line Loading @@ -306,7 +306,7 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_SOFTDIRTY | VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); INIT_VMA(vma); err = insert_vm_struct(mm, vma); if (err) Loading fs/proc/task_mmu.c +4 −1 Original line number Diff line number Diff line Loading @@ -1123,8 +1123,11 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf, goto out_mm; } for (vma = mm->mmap; vma; vma = vma->vm_next) { vma->vm_flags &= ~VM_SOFTDIRTY; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, vma->vm_flags & ~VM_SOFTDIRTY); vma_set_page_prot(vma); vm_write_end(vma); } downgrade_write(&mm->mmap_sem); break; Loading fs/userfaultfd.c +9 −3 Original line number Diff line number Diff line Loading @@ -499,8 +499,10 @@ static int userfaultfd_release(struct inode *inode, struct file *file) vma = prev; else prev = vma; vma->vm_flags = new_flags; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, new_flags); vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; vm_write_end(vma); } up_write(&mm->mmap_sem); mmput(mm); Loading Loading @@ -895,8 +897,10 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, * the next vma was merged into the current one and * the current one has not been updated yet. */ vma->vm_flags = new_flags; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, new_flags); vma->vm_userfaultfd_ctx.ctx = ctx; vm_write_end(vma); skip: prev = vma; Loading Loading @@ -1033,8 +1037,10 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, * the next vma was merged into the current one and * the current one has not been updated yet. */ vma->vm_flags = new_flags; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, new_flags); vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; vm_write_end(vma); skip: prev = vma; Loading Loading
arch/arm64/Kconfig +1 −0 Original line number Diff line number Diff line Loading @@ -129,6 +129,7 @@ config ARM64 select SPARSE_IRQ select SYSCTL_EXCEPTION_TRACE select THREAD_INFO_IN_TASK select ARCH_SUPPORTS_SPECULATIVE_PAGE_FAULT help ARM 64-bit (AArch64) Linux support. Loading
arch/arm64/mm/fault.c +45 −24 Original line number Diff line number Diff line Loading @@ -253,14 +253,12 @@ static void do_bad_area(unsigned long addr, unsigned int esr, struct pt_regs *re #define VM_FAULT_BADMAP 0x010000 #define VM_FAULT_BADACCESS 0x020000 static int __do_page_fault(struct mm_struct *mm, unsigned long addr, static int __do_page_fault(struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, struct task_struct *tsk) { struct vm_area_struct *vma; int fault; vma = find_vma(mm, addr); fault = VM_FAULT_BADMAP; if (unlikely(!vma)) goto out; Loading Loading @@ -318,6 +316,7 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, int fault, sig, code; unsigned long vm_flags = VM_READ | VM_WRITE; unsigned int mm_flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; struct vm_area_struct *vma = NULL; if (notify_page_fault(regs, esr)) return 0; Loading Loading @@ -355,6 +354,14 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, die("Accessing user space memory outside uaccess.h routines", regs, esr); } /* * let's try a speculative page fault without grabbing the * mmap_sem. */ fault = handle_speculative_fault(mm, addr, mm_flags, &vma); if (fault != VM_FAULT_RETRY) goto done; /* * As per x86, we may deadlock here. However, since the kernel only * validly references user space from well defined areas of the code, Loading @@ -377,19 +384,44 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, #endif } fault = __do_page_fault(mm, addr, mm_flags, vm_flags, tsk); if (!vma || !can_reuse_spf_vma(vma, addr)) vma = find_vma(mm, addr); fault = __do_page_fault(vma, addr, mm_flags, vm_flags, tsk); if (fault & VM_FAULT_RETRY) { /* * If we need to retry but a fatal signal is pending, handle the * signal first. We do not need to release the mmap_sem because it * would already be released in __lock_page_or_retry in mm/filemap.c. * signal first. We do not need to release the mmap_sem because * it would already be released in __lock_page_or_retry in * mm/filemap.c. */ if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) { if (fatal_signal_pending(current)) { if (!user_mode(regs)) goto no_context; return 0; } /* * Clear FAULT_FLAG_ALLOW_RETRY to avoid any risk of * starvation. */ if (mm_flags & FAULT_FLAG_ALLOW_RETRY) { mm_flags &= ~FAULT_FLAG_ALLOW_RETRY; mm_flags |= FAULT_FLAG_TRIED; /* * Do not try to reuse this vma and fetch it * again since we will release the mmap_sem. */ vma = NULL; goto retry; } } up_read(&mm->mmap_sem); done: /* * Major/minor page fault accounting is only done on the initial * attempt. If we go through a retry, it is extremely likely that the Loading @@ -407,19 +439,8 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, addr); } if (fault & VM_FAULT_RETRY) { /* * Clear FAULT_FLAG_ALLOW_RETRY to avoid any risk of * starvation. */ mm_flags &= ~FAULT_FLAG_ALLOW_RETRY; mm_flags |= FAULT_FLAG_TRIED; goto retry; } } up_read(&mm->mmap_sem); /* * Handle the "normal" case first - VM_FAULT_MAJOR */ Loading
fs/exec.c +1 −1 Original line number Diff line number Diff line Loading @@ -306,7 +306,7 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_SOFTDIRTY | VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); INIT_VMA(vma); err = insert_vm_struct(mm, vma); if (err) Loading
fs/proc/task_mmu.c +4 −1 Original line number Diff line number Diff line Loading @@ -1123,8 +1123,11 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf, goto out_mm; } for (vma = mm->mmap; vma; vma = vma->vm_next) { vma->vm_flags &= ~VM_SOFTDIRTY; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, vma->vm_flags & ~VM_SOFTDIRTY); vma_set_page_prot(vma); vm_write_end(vma); } downgrade_write(&mm->mmap_sem); break; Loading
fs/userfaultfd.c +9 −3 Original line number Diff line number Diff line Loading @@ -499,8 +499,10 @@ static int userfaultfd_release(struct inode *inode, struct file *file) vma = prev; else prev = vma; vma->vm_flags = new_flags; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, new_flags); vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; vm_write_end(vma); } up_write(&mm->mmap_sem); mmput(mm); Loading Loading @@ -895,8 +897,10 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, * the next vma was merged into the current one and * the current one has not been updated yet. */ vma->vm_flags = new_flags; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, new_flags); vma->vm_userfaultfd_ctx.ctx = ctx; vm_write_end(vma); skip: prev = vma; Loading Loading @@ -1033,8 +1037,10 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, * the next vma was merged into the current one and * the current one has not been updated yet. */ vma->vm_flags = new_flags; vm_write_begin(vma); WRITE_ONCE(vma->vm_flags, new_flags); vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; vm_write_end(vma); skip: prev = vma; Loading
