mm: introduce VM_POPULATE flag to better deal with racy userspace programs (18693050) · Commits · e / devices / android_kernel_oneplus_sm8150

include/linux/mm.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -87,6 +87,7 @@ extern unsigned int kobjsize(const void *objp);
		#define VM_PFNMAP 0x00000400 /* Page-ranges managed without "struct page", just pure PFN */
		#define VM_DENYWRITE 0x00000800 /* ETXTBSY on write attempts.. */

		#define VM_POPULATE 0x00001000
		#define VM_LOCKED 0x00002000
		#define VM_IO 0x00004000 /* Memory mapped I/O or similar */

+3 −1

Original line number	Diff line number	Diff line
		@@ -79,6 +79,8 @@ calc_vm_flag_bits(unsigned long flags)
		{
		return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) \|
		_calc_vm_trans(flags, MAP_DENYWRITE, VM_DENYWRITE ) \|
		_calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED );
		((flags & MAP_LOCKED) ? (VM_LOCKED \| VM_POPULATE) : 0) \|
		(((flags & (MAP_POPULATE \| MAP_NONBLOCK)) == MAP_POPULATE) ?
		VM_POPULATE : 0);
		}
		#endif /* _LINUX_MMAN_H */

+10 −2

Original line number	Diff line number	Diff line
		@@ -204,8 +204,10 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
		unsigned long addr;
		struct file *file = get_file(vma->vm_file);

		addr = mmap_region(file, start, size,
		vma->vm_flags, pgoff);
		vm_flags = vma->vm_flags;
		if (!(flags & MAP_NONBLOCK))
		vm_flags \|= VM_POPULATE;
		addr = mmap_region(file, start, size, vm_flags, pgoff);
		fput(file);
		if (IS_ERR_VALUE(addr)) {
		err = addr;
		@@ -224,6 +226,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
		mutex_unlock(&mapping->i_mmap_mutex);
		}

		if (!(flags & MAP_NONBLOCK) && !(vma->vm_flags & VM_POPULATE)) {
		if (!has_write_lock)
		goto get_write_lock;
		vma->vm_flags \|= VM_POPULATE;
		}

		if (vma->vm_flags & VM_LOCKED) {
		/*
		* drop PG_Mlocked flag for over-mapped range

+10 −9

Original line number	Diff line number	Diff line
		@@ -340,9 +340,9 @@ static int do_mlock(unsigned long start, size_t len, int on)

		/* Here we know that vma->vm_start <= nstart < vma->vm_end. */

		newflags = vma->vm_flags \| VM_LOCKED;
		if (!on)
		newflags &= ~VM_LOCKED;
		newflags = vma->vm_flags & ~VM_LOCKED;
		if (on)
		newflags \|= VM_LOCKED \| VM_POPULATE;

		tmp = vma->vm_end;
		if (tmp > end)
		@@ -402,7 +402,8 @@ int __mm_populate(unsigned long start, unsigned long len, int ignore_errors)
		* range with the first VMA. Also, skip undesirable VMA types.
		*/
		nend = min(end, vma->vm_end);
		if (vma->vm_flags & (VM_IO \| VM_PFNMAP))
		if ((vma->vm_flags & (VM_IO \| VM_PFNMAP \| VM_POPULATE)) !=
		VM_POPULATE)
		continue;
		if (nstart < vma->vm_start)
		nstart = vma->vm_start;
		@@ -475,18 +476,18 @@ static int do_mlockall(int flags)
		struct vm_area_struct * vma, * prev = NULL;

		if (flags & MCL_FUTURE)
		current->mm->def_flags \|= VM_LOCKED;
		current->mm->def_flags \|= VM_LOCKED \| VM_POPULATE;
		else
		current->mm->def_flags &= ~VM_LOCKED;
		current->mm->def_flags &= ~(VM_LOCKED \| VM_POPULATE);
		if (flags == MCL_FUTURE)
		goto out;

		for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
		vm_flags_t newflags;

		newflags = vma->vm_flags \| VM_LOCKED;
		if (!(flags & MCL_CURRENT))
		newflags &= ~VM_LOCKED;
		newflags = vma->vm_flags & ~VM_LOCKED;
		if (flags & MCL_CURRENT)
		newflags \|= VM_LOCKED \| VM_POPULATE;

		/* Ignore errors */
		mlock_fixup(vma, &prev, vma->vm_start, vma->vm_end, newflags);

+1 −3

Original line number	Diff line number	Diff line
		@@ -1306,9 +1306,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
		}

		addr = mmap_region(file, addr, len, vm_flags, pgoff);
		if (!IS_ERR_VALUE(addr) &&
		((vm_flags & VM_LOCKED) \|\|
		(flags & (MAP_POPULATE \| MAP_NONBLOCK)) == MAP_POPULATE))
		if (!IS_ERR_VALUE(addr) && (vm_flags & VM_POPULATE))
		*populate = true;
		return addr;
		}