Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 079d9ea8 authored by Lorenzo Stoakes's avatar Lorenzo Stoakes Committed by Greg Kroah-Hartman
Browse files

mm: replace access_remote_vm() write parameter with gup_flags 



commit 6347e8d5bcce33fc36e651901efefbe2c93a43ef upstream.

This removes the 'write' argument from access_remote_vm() and replaces
it with 'gup_flags' as use of this function previously silently implied
FOLL_FORCE, whereas after this patch callers explicitly pass this flag.

We make this explicit as use of FOLL_FORCE can result in surprising
behaviour (and hence bugs) within the mm subsystem.

Signed-off-by: default avatarLorenzo Stoakes <lstoakes@gmail.com>
Acked-by: default avatarMichal Hocko <mhocko@suse.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 2b8143d6

fs/proc/base.c

+13 −6
Original line number Diff line number Diff line
@@ -254,7 +254,7 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, 
	 * Inherently racy -- command line shares address space

	 * with code and data.

	 */

	rv = access_remote_vm(mm, arg_end - 1, &c, 1, 0);

	rv = access_remote_vm(mm, arg_end - 1, &c, 1, FOLL_FORCE);

	if (rv <= 0)

		goto out_free_page;
@@ -272,7 +272,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, 
			int nr_read;



			_count = min3(count, len, PAGE_SIZE);

			nr_read = access_remote_vm(mm, p, page, _count, 0);

			nr_read = access_remote_vm(mm, p, page, _count,

					FOLL_FORCE);

			if (nr_read < 0)

				rv = nr_read;

			if (nr_read <= 0)
@@ -307,7 +308,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, 
			bool final;



			_count = min3(count, len, PAGE_SIZE);

			nr_read = access_remote_vm(mm, p, page, _count, 0);

			nr_read = access_remote_vm(mm, p, page, _count,

					FOLL_FORCE);

			if (nr_read < 0)

				rv = nr_read;

			if (nr_read <= 0)
@@ -356,7 +358,8 @@ skip_argv: 
			bool final;



			_count = min3(count, len, PAGE_SIZE);

			nr_read = access_remote_vm(mm, p, page, _count, 0);

			nr_read = access_remote_vm(mm, p, page, _count,

					FOLL_FORCE);

			if (nr_read < 0)

				rv = nr_read;

			if (nr_read <= 0)
@@ -868,6 +871,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, 
	unsigned long addr = *ppos;

	ssize_t copied;

	char *page;

	unsigned int flags = FOLL_FORCE;



	if (!mm)

		return 0;
@@ -880,6 +884,9 @@ static ssize_t mem_rw(struct file *file, char __user *buf, 
	if (!atomic_inc_not_zero(&mm->mm_users))

		goto free;



	if (write)

		flags |= FOLL_WRITE;



	while (count > 0) {

		int this_len = min_t(int, count, PAGE_SIZE);
@@ -888,7 +895,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, 
			break;

		}



		this_len = access_remote_vm(mm, addr, page, this_len, write);

		this_len = access_remote_vm(mm, addr, page, this_len, flags);

		if (!this_len) {

			if (!copied)

				copied = -EIO;
@@ -1001,7 +1008,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, 
		this_len = min(max_len, this_len);



		retval = access_remote_vm(mm, (env_start + src),

			page, this_len, 0);

			page, this_len, FOLL_FORCE);



		if (retval <= 0) {

			ret = retval;

include/linux/mm.h

+1 −1
Original line number Diff line number Diff line
@@ -1191,7 +1191,7 @@ static inline int fixup_user_fault(struct task_struct *tsk, 


extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);

extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,

		void *buf, int len, int write);

		void *buf, int len, unsigned int gup_flags);



long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,

		      unsigned long start, unsigned long nr_pages,

mm/memory.c

+3 −8
Original line number Diff line number Diff line
@@ -3777,19 +3777,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, 
 * @addr:	start address to access

 * @buf:	source or destination buffer

 * @len:	number of bytes to transfer

 * @write:	whether the access is a write

 * @gup_flags:	flags modifying lookup behaviour

 *

 * The caller must hold a reference on @mm.

 */

int access_remote_vm(struct mm_struct *mm, unsigned long addr,

		void *buf, int len, int write)

		void *buf, int len, unsigned int gup_flags)

{

	unsigned int flags = FOLL_FORCE;



	if (write)

		flags |= FOLL_WRITE;



	return __access_remote_vm(NULL, mm, addr, buf, len, flags);

	return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);

}



/*

mm/nommu.c

+3 −4
Original line number Diff line number Diff line
@@ -1967,15 +1967,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, 
 * @addr:	start address to access

 * @buf:	source or destination buffer

 * @len:	number of bytes to transfer

 * @write:	whether the access is a write

 * @gup_flags:	flags modifying lookup behaviour

 *

 * The caller must hold a reference on @mm.

 */

int access_remote_vm(struct mm_struct *mm, unsigned long addr,

		void *buf, int len, int write)

		void *buf, int len, unsigned int gup_flags)

{

	return __access_remote_vm(NULL, mm, addr, buf, len,

			write ? FOLL_WRITE : 0);

	return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);

}



/*