mm: replace access_remote_vm() write parameter with gup_flags
This removes the 'write' argument from access_remote_vm() and replaces it with 'gup_flags' as use of this function previously silently implied FOLL_FORCE, whereas after this patch callers explicitly pass this flag. We make this explicit as use of FOLL_FORCE can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
442486ec10
commit
6347e8d5bc
|
@ -252,7 +252,7 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
|
|||
* Inherently racy -- command line shares address space
|
||||
* with code and data.
|
||||
*/
|
||||
rv = access_remote_vm(mm, arg_end - 1, &c, 1, 0);
|
||||
rv = access_remote_vm(mm, arg_end - 1, &c, 1, FOLL_FORCE);
|
||||
if (rv <= 0)
|
||||
goto out_free_page;
|
||||
|
||||
|
@ -270,7 +270,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
|
|||
int nr_read;
|
||||
|
||||
_count = min3(count, len, PAGE_SIZE);
|
||||
nr_read = access_remote_vm(mm, p, page, _count, 0);
|
||||
nr_read = access_remote_vm(mm, p, page, _count,
|
||||
FOLL_FORCE);
|
||||
if (nr_read < 0)
|
||||
rv = nr_read;
|
||||
if (nr_read <= 0)
|
||||
|
@ -305,7 +306,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
|
|||
bool final;
|
||||
|
||||
_count = min3(count, len, PAGE_SIZE);
|
||||
nr_read = access_remote_vm(mm, p, page, _count, 0);
|
||||
nr_read = access_remote_vm(mm, p, page, _count,
|
||||
FOLL_FORCE);
|
||||
if (nr_read < 0)
|
||||
rv = nr_read;
|
||||
if (nr_read <= 0)
|
||||
|
@ -354,7 +356,8 @@ skip_argv:
|
|||
bool final;
|
||||
|
||||
_count = min3(count, len, PAGE_SIZE);
|
||||
nr_read = access_remote_vm(mm, p, page, _count, 0);
|
||||
nr_read = access_remote_vm(mm, p, page, _count,
|
||||
FOLL_FORCE);
|
||||
if (nr_read < 0)
|
||||
rv = nr_read;
|
||||
if (nr_read <= 0)
|
||||
|
@ -832,6 +835,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
|
|||
unsigned long addr = *ppos;
|
||||
ssize_t copied;
|
||||
char *page;
|
||||
unsigned int flags = FOLL_FORCE;
|
||||
|
||||
if (!mm)
|
||||
return 0;
|
||||
|
@ -844,6 +848,9 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
|
|||
if (!atomic_inc_not_zero(&mm->mm_users))
|
||||
goto free;
|
||||
|
||||
if (write)
|
||||
flags |= FOLL_WRITE;
|
||||
|
||||
while (count > 0) {
|
||||
int this_len = min_t(int, count, PAGE_SIZE);
|
||||
|
||||
|
@ -852,7 +859,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
|
|||
break;
|
||||
}
|
||||
|
||||
this_len = access_remote_vm(mm, addr, page, this_len, write);
|
||||
this_len = access_remote_vm(mm, addr, page, this_len, flags);
|
||||
if (!this_len) {
|
||||
if (!copied)
|
||||
copied = -EIO;
|
||||
|
@ -965,7 +972,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
|
|||
this_len = min(max_len, this_len);
|
||||
|
||||
retval = access_remote_vm(mm, (env_start + src),
|
||||
page, this_len, 0);
|
||||
page, this_len, FOLL_FORCE);
|
||||
|
||||
if (retval <= 0) {
|
||||
ret = retval;
|
||||
|
|
|
@ -1268,7 +1268,7 @@ static inline int fixup_user_fault(struct task_struct *tsk,
|
|||
|
||||
extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
|
||||
extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
|
||||
void *buf, int len, int write);
|
||||
void *buf, int len, unsigned int gup_flags);
|
||||
|
||||
long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
|
||||
unsigned long start, unsigned long nr_pages,
|
||||
|
|
11
mm/memory.c
11
mm/memory.c
|
@ -3935,19 +3935,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
|
|||
* @addr: start address to access
|
||||
* @buf: source or destination buffer
|
||||
* @len: number of bytes to transfer
|
||||
* @write: whether the access is a write
|
||||
* @gup_flags: flags modifying lookup behaviour
|
||||
*
|
||||
* The caller must hold a reference on @mm.
|
||||
*/
|
||||
int access_remote_vm(struct mm_struct *mm, unsigned long addr,
|
||||
void *buf, int len, int write)
|
||||
void *buf, int len, unsigned int gup_flags)
|
||||
{
|
||||
unsigned int flags = FOLL_FORCE;
|
||||
|
||||
if (write)
|
||||
flags |= FOLL_WRITE;
|
||||
|
||||
return __access_remote_vm(NULL, mm, addr, buf, len, flags);
|
||||
return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -1847,15 +1847,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
|
|||
* @addr: start address to access
|
||||
* @buf: source or destination buffer
|
||||
* @len: number of bytes to transfer
|
||||
* @write: whether the access is a write
|
||||
* @gup_flags: flags modifying lookup behaviour
|
||||
*
|
||||
* The caller must hold a reference on @mm.
|
||||
*/
|
||||
int access_remote_vm(struct mm_struct *mm, unsigned long addr,
|
||||
void *buf, int len, int write)
|
||||
void *buf, int len, unsigned int gup_flags)
|
||||
{
|
||||
return __access_remote_vm(NULL, mm, addr, buf, len,
|
||||
write ? FOLL_WRITE : 0);
|
||||
return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue