Revert "mm: protect mremap() against SPF hanlder"

extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin);

extern int __vma_adjust(struct vm_area_struct *vma, unsigned long start,

	unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert,

	struct vm_area_struct *expand, bool keep_locked);

	struct vm_area_struct *expand);

static inline int vma_adjust(struct vm_area_struct *vma, unsigned long start,

	unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert)

{

	return __vma_adjust(vma, start, end, pgoff, insert, NULL, false);

	return __vma_adjust(vma, start, end, pgoff, insert, NULL);

}

extern struct vm_area_struct *__vma_merge(struct mm_struct *mm,

	struct vm_area_struct *prev, unsigned long addr, unsigned long end,

	unsigned long vm_flags, struct anon_vma *anon, struct file *file,

	pgoff_t pgoff, struct mempolicy *mpol, struct vm_userfaultfd_ctx uff,

	const char __user *user, bool keep_locked);

static inline struct vm_area_struct *vma_merge(struct mm_struct *mm,

extern struct vm_area_struct *vma_merge(struct mm_struct *,

	struct vm_area_struct *prev, unsigned long addr, unsigned long end,

	unsigned long vm_flags, struct anon_vma *anon, struct file *file,

	pgoff_t off, struct mempolicy *pol, struct vm_userfaultfd_ctx uff,

	const char __user *user)

{

	return __vma_merge(mm, prev, addr, end, vm_flags, anon, file, off,

			   pol, uff, user, false);

}

	unsigned long vm_flags, struct anon_vma *, struct file *, pgoff_t,

	struct mempolicy *, struct vm_userfaultfd_ctx, const char __user *);

extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *);

extern int __split_vma(struct mm_struct *, struct vm_area_struct *,

	unsigned long addr, int new_below);

 */

int __vma_adjust(struct vm_area_struct *vma, unsigned long start,

	unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert,

	struct vm_area_struct *expand, bool keep_locked)

	struct vm_area_struct *expand)

{

	struct mm_struct *mm = vma->vm_mm;

	struct vm_area_struct *next = vma->vm_next, *orig_vma = vma;

			importer->anon_vma = exporter->anon_vma;

			error = anon_vma_clone(importer, exporter);

			if (error) {

				if (next && next != vma)

					vm_raw_write_end(next);

				vm_raw_write_end(vma);

			if (error)

				return error;

		}

	}

	}

again:

	vma_adjust_trans_huge(orig_vma, start, end, adjust_next);

	if (next && next != vma)

		vm_raw_write_end(next);

	if (!keep_locked)

	vm_raw_write_end(vma);

	validate_mm(mm);

 * parameter) may establish ptes with the wrong permissions of NNNN

 * instead of the right permissions of XXXX.

 */

struct vm_area_struct *__vma_merge(struct mm_struct *mm,

struct vm_area_struct *vma_merge(struct mm_struct *mm,

			struct vm_area_struct *prev, unsigned long addr,

			unsigned long end, unsigned long vm_flags,

			struct anon_vma *anon_vma, struct file *file,

			pgoff_t pgoff, struct mempolicy *policy,

			struct vm_userfaultfd_ctx vm_userfaultfd_ctx,

			const char __user *anon_name, bool keep_locked)

			const char __user *anon_name)

{

	pgoff_t pglen = (end - addr) >> PAGE_SHIFT;

	struct vm_area_struct *area, *next;

							/* cases 1, 6 */

			err = __vma_adjust(prev, prev->vm_start,

					 next->vm_end, prev->vm_pgoff, NULL,

					 prev, keep_locked);

					 prev);

		} else					/* cases 2, 5, 7 */

			err = __vma_adjust(prev, prev->vm_start,

					   end, prev->vm_pgoff, NULL, prev,

					   keep_locked);

					 end, prev->vm_pgoff, NULL, prev);

		if (err)

			return NULL;

		khugepaged_enter_vma_merge(prev, vm_flags);

					     anon_name)) {

		if (prev && addr < prev->vm_end)	/* case 4 */

			err = __vma_adjust(prev, prev->vm_start,

					 addr, prev->vm_pgoff, NULL, next,

					 keep_locked);

					 addr, prev->vm_pgoff, NULL, next);

		else {					/* cases 3, 8 */

			err = __vma_adjust(area, addr, next->vm_end,

					 next->vm_pgoff - pglen, NULL, next,

					 keep_locked);

					 next->vm_pgoff - pglen, NULL, next);

			/*

			 * In case 3 area is already equal to next and

			 * this is a noop, but in case 8 "area" has

	if (find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent))

		return NULL;	/* should never get here */

	/* There is 3 cases to manage here in

	 *     AAAA            AAAA              AAAA              AAAA

	 * PPPP....      PPPP......NNNN      PPPP....NNNN      PP........NN

	 * PPPPPPPP(A)   PPPP..NNNNNNNN(B)   PPPPPPPPPPPP(1)       NULL

	 *                                   PPPPPPPPNNNN(2)

	 *                                   PPPPNNNNNNNN(3)

	 *

	 * new_vma == prev in case A,1,2

	 * new_vma == next in case B,3

	 */

	new_vma = __vma_merge(mm, prev, addr, addr + len, vma->vm_flags,

			      vma->anon_vma, vma->vm_file, pgoff,

			      vma_policy(vma), vma->vm_userfaultfd_ctx,

				vma_get_anon_name(vma), true);

	new_vma = vma_merge(mm, prev, addr, addr + len, vma->vm_flags,

			    vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma),

			    vma->vm_userfaultfd_ctx, vma_get_anon_name(vma));

	if (new_vma) {

		/*

		 * Source vma may have been merged into new_vma

			get_file(new_vma->vm_file);

		if (new_vma->vm_ops && new_vma->vm_ops->open)

			new_vma->vm_ops->open(new_vma);

		/*

		 * As the VMA is linked right now, it may be hit by the

		 * speculative page fault handler. But we don't want it to

		 * to start mapping page in this area until the caller has

		 * potentially move the pte from the moved VMA. To prevent

		 * that we protect it right now, and let the caller unprotect

		 * it once the move is done.

		 */

		vm_raw_write_begin(new_vma);

		vma_link(mm, new_vma, prev, rb_link, rb_parent);

		*need_rmap_locks = false;

	}

		return -ENOMEM;

	}

	/* new_vma is returned protected by copy_vma, to prevent speculative

	 * page fault to be done in the destination area before we move the pte.

	 * Now, we must also protect the source VMA since we don't want pages

	 * to be mapped in our back while we are copying the PTEs.

	 */

	if (vma != new_vma)

		vm_raw_write_begin(vma);

	moved_len = move_page_tables(vma, old_addr, new_vma, new_addr, old_len,

				     need_rmap_locks);

	if (moved_len < old_len) {

		 */

		move_page_tables(new_vma, new_addr, vma, old_addr, moved_len,

				 true);

		if (vma != new_vma)

			vm_raw_write_end(vma);

		vma = new_vma;

		old_len = new_len;

		old_addr = new_addr;

		mremap_userfaultfd_prep(new_vma, uf);

		arch_remap(mm, old_addr, old_addr + old_len,

			   new_addr, new_addr + new_len);

		if (vma != new_vma)

			vm_raw_write_end(vma);

	}

	vm_raw_write_end(new_vma);

	/* Conceal VM_ACCOUNT so old reservation is not undone */

	if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) {