+ mm-fix-vma_is_anonymous-false-positives-v2.patch added to -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Fri, 13 Jul 2018 13:45:54 -0700

The patch titled
     Subject: mm-fix-vma_is_anonymous-false-positives-v2
has been added to the -mm tree.  Its filename is
     mm-fix-vma_is_anonymous-false-positives-v2.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-fix-vma_is_anonymous-false-positives-v2.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-fix-vma_is_anonymous-false-positives-v2.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
Subject: mm-fix-vma_is_anonymous-false-positives-v2

Link: http://lkml.kernel.org/r/20180712145626.41665-2-kirill.shutemov@xxxxxxxxxxxxxxx
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Reported-by: syzbot+3f84280d52be9b7083cc@xxxxxxxxxxxxxxxxxxxxxxxxx
Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 arch/ia64/kernel/perfmon.c |    1 +
 arch/ia64/mm/init.c        |    2 ++
 mm/mmap.c                  |   21 +++++----------------
 mm/nommu.c                 |    9 ++++++++-
 mm/util.c                  |   12 ++++++++++++
 5 files changed, 28 insertions(+), 17 deletions(-)

diff -puN arch/ia64/kernel/perfmon.c~mm-fix-vma_is_anonymous-false-positives-v2 arch/ia64/kernel/perfmon.c

--- a/arch/ia64/kernel/perfmon.c~mm-fix-vma_is_anonymous-false-positives-v2
+++ a/arch/ia64/kernel/perfmon.c
@@ -2292,6 +2292,7 @@ pfm_smpl_buffer_alloc(struct task_struct
 	vma->vm_file	     = get_file(filp);
 	vma->vm_flags	     = VM_READ|VM_MAYREAD|VM_DONTEXPAND|VM_DONTDUMP;
 	vma->vm_page_prot    = PAGE_READONLY; /* XXX may need to change */
+	vma->vm_ops          = &dummy_vm_ops;
 
 	/*
 	 * Now we have everything we need and we can initialize
diff -puN arch/ia64/mm/init.c~mm-fix-vma_is_anonymous-false-positives-v2 arch/ia64/mm/init.c
--- a/arch/ia64/mm/init.c~mm-fix-vma_is_anonymous-false-positives-v2
+++ a/arch/ia64/mm/init.c
@@ -122,6 +122,7 @@ ia64_init_addr_space (void)
 		vma->vm_end = vma->vm_start + PAGE_SIZE;
 		vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
 		vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
+		vma->vm_ops = &dummy_vm_ops;
 		down_write(&current->mm->mmap_sem);
 		if (insert_vm_struct(current->mm, vma)) {
 			up_write(&current->mm->mmap_sem);
@@ -141,6 +142,7 @@ ia64_init_addr_space (void)
 			vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT);
 			vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO |
 					VM_DONTEXPAND | VM_DONTDUMP;
+			vma->vm_ops = &dummy_vm_ops;
 			down_write(&current->mm->mmap_sem);
 			if (insert_vm_struct(current->mm, vma)) {
 				up_write(&current->mm->mmap_sem);
diff -puN mm/mmap.c~mm-fix-vma_is_anonymous-false-positives-v2 mm/mmap.c
--- a/mm/mmap.c~mm-fix-vma_is_anonymous-false-positives-v2
+++ a/mm/mmap.c
@@ -71,18 +71,6 @@ int mmap_rnd_compat_bits __read_mostly =
 static bool ignore_rlimit_data;
 core_param(ignore_rlimit_data, ignore_rlimit_data, bool, 0644);
 
-/*
- * All anonymous VMAs have ->vm_ops set to anon_vm_ops.
- * vma_is_anonymous() reiles on anon_vm_ops to detect anonymous VMA.
- */
-const struct vm_operations_struct anon_vm_ops = {};
-
-/*
- * All VMAs have to have ->vm_ops set. dummy_vm_ops can be used if the VMA
- * doesn't need to handle any of the operations.
- */
-const struct vm_operations_struct dummy_vm_ops = {};
-
 static void unmap_region(struct mm_struct *mm,
 		struct vm_area_struct *vma, struct vm_area_struct *prev,
 		unsigned long start, unsigned long end);
@@ -1776,6 +1764,11 @@ unsigned long mmap_region(struct file *f
 		 */
 		vma->vm_file = get_file(file);
 		error = call_mmap(file, vma);
+
+		/* All mappings must have ->vm_ops set */
+		if (!vma->vm_ops)
+			vma->vm_ops = &dummy_vm_ops;
+
 		if (error)
 			goto unmap_and_free_vma;
 
@@ -1788,10 +1781,6 @@ unsigned long mmap_region(struct file *f
 		 */
 		WARN_ON_ONCE(addr != vma->vm_start);
 
-		/* All mappings must have ->vm_ops set */
-		if (!vma->vm_ops)
-			vma->vm_ops = &dummy_vm_ops;
-
 		addr = vma->vm_start;
 		vm_flags = vma->vm_flags;
 	} else if (vm_flags & VM_SHARED) {
diff -puN mm/nommu.c~mm-fix-vma_is_anonymous-false-positives-v2 mm/nommu.c
--- a/mm/nommu.c~mm-fix-vma_is_anonymous-false-positives-v2
+++ a/mm/nommu.c
@@ -1058,6 +1058,8 @@ static int do_mmap_shared_file(struct vm
 	int ret;
 
 	ret = call_mmap(vma->vm_file, vma);
+	if (!vma->vm_ops)
+		vma->vm_ops = &dummy_vm_ops;
 	if (ret == 0) {
 		vma->vm_region->vm_top = vma->vm_region->vm_end;
 		return 0;
@@ -1089,6 +1091,8 @@ static int do_mmap_private(struct vm_are
 	 */
 	if (capabilities & NOMMU_MAP_DIRECT) {
 		ret = call_mmap(vma->vm_file, vma);
+		if (!vma->vm_ops)
+			vma->vm_ops = &dummy_vm_ops;
 		if (ret == 0) {
 			/* shouldn't return success if we're not sharing */
 			BUG_ON(!(vma->vm_flags & VM_MAYSHARE));
@@ -1137,6 +1141,8 @@ static int do_mmap_private(struct vm_are
 		fpos = vma->vm_pgoff;
 		fpos <<= PAGE_SHIFT;
 
+		vma->vm_ops = &dummy_vm_ops;
+
 		ret = kernel_read(vma->vm_file, base, len, &fpos);
 		if (ret < 0)
 			goto error_free;
@@ -1144,7 +1150,8 @@ static int do_mmap_private(struct vm_are
 		/* clear the last little bit */
 		if (ret < len)
 			memset(base + ret, 0, len - ret);
-
+	} else {
+		vma->vm_ops = &anon_vm_ops;
 	}
 
 	return 0;
diff -puN mm/util.c~mm-fix-vma_is_anonymous-false-positives-v2 mm/util.c
--- a/mm/util.c~mm-fix-vma_is_anonymous-false-positives-v2
+++ a/mm/util.c
@@ -20,6 +20,18 @@
 
 #include "internal.h"
 
+/*
+ * All anonymous VMAs have ->vm_ops set to anon_vm_ops.
+ * vma_is_anonymous() reiles on anon_vm_ops to detect anonymous VMA.
+ */
+const struct vm_operations_struct anon_vm_ops = {};
+
+/*
+ * All VMAs have to have ->vm_ops set. dummy_vm_ops can be used if the VMA
+ * doesn't need to handle any of the operations.
+ */
+const struct vm_operations_struct dummy_vm_ops = {};
+
 static inline int is_kernel_rodata(unsigned long addr)
 {
 	return addr >= (unsigned long)__start_rodata &&
_

Patches currently in -mm which might be from kirill.shutemov@xxxxxxxxxxxxxxx are

mm-fix-vma_is_anonymous-false-positives.patch
mm-fix-vma_is_anonymous-false-positives-v2.patch
mm-page_ext-drop-definition-of-unused-page_ext_debug_poison.patch
mm-page_ext-constify-lookup_page_ext-argument.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






