Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 53e6aac3 authored by Alexander Winkowski's avatar Alexander Winkowski Committed by basamaryan
Browse files

Revert "ANDROID: Re-enable fast mremap and fix UAF with SPF" 



This reverts commit 765b588f.

Change-Id: Ib977f22950887f417660b60738f26289d9422c39
Signed-off-by: default avatarAlexander Winkowski <dereference23@outlook.com>
parent 023e9a0b

mm/mmap.c

+2 −16
Original line number Diff line number Diff line
@@ -2285,22 +2285,8 @@ struct vm_area_struct *get_vma(struct mm_struct *mm, unsigned long addr) 


	read_lock(&mm->mm_rb_lock);

	vma = __find_vma(mm, addr);



	/*

	 * If there is a concurrent fast mremap, bail out since the entire

	 * PMD/PUD subtree may have been remapped.

	 *

	 * This is usually safe for conventional mremap since it takes the

	 * PTE locks as does SPF. However fast mremap only takes the lock

	 * at the PMD/PUD level which is ok as it is done with the mmap

	 * write lock held. But since SPF, as the term implies forgoes,

	 * taking the mmap read lock and also cannot take PTL lock at the

	 * larger PMD/PUD granualrity, since it would introduce huge

	 * contention in the page fault path; fall back to regular fault

	 * handling.

	 */

	if (vma && !atomic_inc_unless_negative(&vma->vm_ref_count))

		vma = NULL;

	if (vma)

		atomic_inc(&vma->vm_ref_count);

	read_unlock(&mm->mm_rb_lock);



	return vma;