remap_pfn_range() creates/modifies the mapping between user virtual
address and physical address, the caller of which must hold mmap
writer lock to achieve access consistency of mapping.
The callers fall into categories below:
1) fops->mmap() implemented by driver
For this case, mmap_lock has been taken externally, the rule holds true.
2) Some arch codes do mapping on their own(vdso e.g.), rather than via
fops->mmap().
3) Some driver codes do mapping into user address space, for some
reasons, the mapping is not implemented by fops->mmap().
For the last two cases, an explicit assertion must be made.
Signed-off-by: Dawei Li <set_pte_at@xxxxxxxxxxx>
---
mm/memory.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/mm/memory.c b/mm/memory.c
index 118e5f023597..fd0ec1250974 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2551,6 +2551,11 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
{
int err;
+ if (!vma->vm_mm)
+ return -EINVAL;
+
+ mmap_assert_write_locked(vma->vm_mm);
+
err = track_pfn_remap(vma, &prot, pfn, addr, PAGE_ALIGN(size));
if (err)
return -EINVAL;
--
2.25.1
