Hi,
going over all VM_SHARED and VM_MAYSHARE user in the kernel, I stumbled
over the following dubious code in
drivers/staging/media/atomisp/pci/atomisp_fops.c:
if (!(vma->vm_flags & (VM_WRITE | VM_READ)))
return -EACCES;
...
if (!(vma->vm_flags & VM_SHARED)) {
/* Map private buffer.
* Set VM_SHARED to the flags since we need
* to map the buffer page by page.
* Without VM_SHARED, remap_pfn_range() treats
* this kind of mapping as invalid.
*/
vma->vm_flags |= VM_SHARED;
ret = hmm_mmap(vma, vma->vm_pgoff << PAGE_SHIFT);
...
}
We're converting a writable MAP_PRIVATE mapping ("COW mapping") into a
writable MAP_SHARED mapping, to hack around the is_cow_mapping() check
in remap_pfn_range_notrack().
We're not even setting VM_MAYSHARE and turn the mapping silently into
something with completely different semantics.
That code has to go.
One approach would be to reject such mappings (no idea if user space
relies on private mappings), the other one would be to remove this
driver. Judging that the driver already was marked broken in 2020
(ad85094b293e ("Revert "media: staging: atomisp: Remove driver"")),
maybe it's time for the driver to go.
Thoughts?
--
Thanks,
David / dhildenb