This is a note to let you know that I've just added the patch titled
binder: take read mode of mmap_sem in binder_alloc_free_page()
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
binder-take-read-mode-of-mmap_sem-in-binder_alloc_free_page.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 60d4885710836595192c42d3e04b27551d30ec91 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Fri, 12 Apr 2019 21:59:25 +0000
Subject: binder: take read mode of mmap_sem in binder_alloc_free_page()
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
commit 60d4885710836595192c42d3e04b27551d30ec91 upstream.
Restore the behavior of locking mmap_sem for reading in
binder_alloc_free_page(), as was first done in commit 3013bf62b67a
("binder: reduce mmap_sem write-side lock"). That change was
inadvertently reverted by commit 5cec2d2e5839 ("binder: fix race between
munmap() and direct reclaim").
In addition, change the name of the label for the error path to
accurately reflect that we're taking the lock for reading.
Backporting note: This fix is only needed when *both* of the commits
mentioned above are applied. That's an unlikely situation since they
both landed during the development of v5.1 but only one of them is
targeted for stable.
Fixes: 5cec2d2e5839 ("binder: fix race between munmap() and direct reclaim")
Signed-off-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Acked-by: Todd Kjos <tkjos@xxxxxxxxxxx>
Cc: Guenter Roeck <linux@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/android/binder_alloc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -951,8 +951,8 @@ enum lru_status binder_alloc_free_page(s
mm = alloc->vma_vm_mm;
if (!mmget_not_zero(mm))
goto err_mmget;
- if (!down_write_trylock(&mm->mmap_sem))
- goto err_down_write_mmap_sem_failed;
+ if (!down_read_trylock(&mm->mmap_sem))
+ goto err_down_read_mmap_sem_failed;
vma = binder_alloc_get_vma(alloc);
list_lru_isolate(lru, item);
@@ -967,7 +967,7 @@ enum lru_status binder_alloc_free_page(s
trace_binder_unmap_user_end(alloc, index);
}
- up_write(&mm->mmap_sem);
+ up_read(&mm->mmap_sem);
mmput(mm);
trace_binder_unmap_kernel_start(alloc, index);
@@ -982,7 +982,7 @@ enum lru_status binder_alloc_free_page(s
mutex_unlock(&alloc->mutex);
return LRU_REMOVED_RETRY;
-err_down_write_mmap_sem_failed:
+err_down_read_mmap_sem_failed:
mmput_async(mm);
err_mmget:
err_page_already_freed:
Patches currently in stable-queue which might be from tyhicks@xxxxxxxxxxxxx are
queue-4.14/binder-take-read-mode-of-mmap_sem-in-binder_alloc_free_page.patch
