Critical fixes for mmap_region(), backported to 6.6.y. Some notes on differences from upstream: * In this kernel is_shared_maywrite() does not exist and the code uses VM_SHARED to determine whether mapping_map_writable() / mapping_unmap_writable() should be invoked. This backport therefore follows suit. * Each version of these series is confronted by a slightly different mmap_region(), so we must adapt the change for each stable version. The approach remains the same throughout, however, and we correctly avoid closing the VMA part way through any __mmap_region() operation. Lorenzo Stoakes (5): mm: avoid unsafe VMA hook invocation when error arises on mmap hook mm: unconditionally close VMAs on error mm: refactor map_deny_write_exec() mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling mm: resolve faulty mmap_region() error path behaviour arch/arm64/include/asm/mman.h | 10 ++- arch/parisc/include/asm/mman.h | 5 +- include/linux/mman.h | 28 ++++++-- mm/internal.h | 45 ++++++++++++ mm/mmap.c | 128 ++++++++++++++++++--------------- mm/mprotect.c | 2 +- mm/nommu.c | 9 ++- mm/shmem.c | 3 - 8 files changed, 153 insertions(+), 77 deletions(-) -- 2.47.0
