aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLorenzo Stoakes <lstoakes@gmail.com>2016-10-12 20:20:19 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2016-10-19 11:12:14 -0400
commit6347e8d5bcce33fc36e651901efefbe2c93a43ef (patch)
tree8b738e79772acf156b4bbeca09127afb7dae9554
parent442486ec1096781c50227b73f721a63974b0fdda (diff)
mm: replace access_remote_vm() write parameter with gup_flags
This removes the 'write' argument from access_remote_vm() and replaces it with 'gup_flags' as use of this function previously silently implied FOLL_FORCE, whereas after this patch callers explicitly pass this flag. We make this explicit as use of FOLL_FORCE can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat
-rw-r--r--fs/proc/base.c19
-rw-r--r--include/linux/mm.h2
-rw-r--r--mm/memory.c11
-rw-r--r--mm/nommu.c7
4 files changed, 20 insertions, 19 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index c2964d890c9a..8e654468ab67 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -252,7 +252,7 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
252 * Inherently racy -- command line shares address space 252 * Inherently racy -- command line shares address space
253 * with code and data. 253 * with code and data.
254 */ 254 */
255 rv = access_remote_vm(mm, arg_end - 1, &c, 1, 0); 255 rv = access_remote_vm(mm, arg_end - 1, &c, 1, FOLL_FORCE);
256 if (rv <= 0) 256 if (rv <= 0)
257 goto out_free_page; 257 goto out_free_page;
258 258
@@ -270,7 +270,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
270 int nr_read; 270 int nr_read;
271 271
272 _count = min3(count, len, PAGE_SIZE); 272 _count = min3(count, len, PAGE_SIZE);
273 nr_read = access_remote_vm(mm, p, page, _count, 0); 273 nr_read = access_remote_vm(mm, p, page, _count,
274 FOLL_FORCE);
274 if (nr_read < 0) 275 if (nr_read < 0)
275 rv = nr_read; 276 rv = nr_read;
276 if (nr_read <= 0) 277 if (nr_read <= 0)
@@ -305,7 +306,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
305 bool final; 306 bool final;
306 307
307 _count = min3(count, len, PAGE_SIZE); 308 _count = min3(count, len, PAGE_SIZE);
308 nr_read = access_remote_vm(mm, p, page, _count, 0); 309 nr_read = access_remote_vm(mm, p, page, _count,
310 FOLL_FORCE);
309 if (nr_read < 0) 311 if (nr_read < 0)
310 rv = nr_read; 312 rv = nr_read;
311 if (nr_read <= 0) 313 if (nr_read <= 0)
@@ -354,7 +356,8 @@ skip_argv:
354 bool final; 356 bool final;
355 357
356 _count = min3(count, len, PAGE_SIZE); 358 _count = min3(count, len, PAGE_SIZE);
357 nr_read = access_remote_vm(mm, p, page, _count, 0); 359 nr_read = access_remote_vm(mm, p, page, _count,
360 FOLL_FORCE);
358 if (nr_read < 0) 361 if (nr_read < 0)
359 rv = nr_read; 362 rv = nr_read;
360 if (nr_read <= 0) 363 if (nr_read <= 0)
@@ -832,6 +835,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
832 unsigned long addr = *ppos; 835 unsigned long addr = *ppos;
833 ssize_t copied; 836 ssize_t copied;
834 char *page; 837 char *page;
838 unsigned int flags = FOLL_FORCE;
835 839
836 if (!mm) 840 if (!mm)
837 return 0; 841 return 0;
@@ -844,6 +848,9 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
844 if (!atomic_inc_not_zero(&mm->mm_users)) 848 if (!atomic_inc_not_zero(&mm->mm_users))
845 goto free; 849 goto free;
846 850
851 if (write)
852 flags |= FOLL_WRITE;
853
847 while (count > 0) { 854 while (count > 0) {
848 int this_len = min_t(int, count, PAGE_SIZE); 855 int this_len = min_t(int, count, PAGE_SIZE);
849 856
@@ -852,7 +859,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
852 break; 859 break;
853 } 860 }
854 861
855 this_len = access_remote_vm(mm, addr, page, this_len, write); 862 this_len = access_remote_vm(mm, addr, page, this_len, flags);
856 if (!this_len) { 863 if (!this_len) {
857 if (!copied) 864 if (!copied)
858 copied = -EIO; 865 copied = -EIO;
@@ -965,7 +972,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
965 this_len = min(max_len, this_len); 972 this_len = min(max_len, this_len);
966 973
967 retval = access_remote_vm(mm, (env_start + src), 974 retval = access_remote_vm(mm, (env_start + src),
968 page, this_len, 0); 975 page, this_len, FOLL_FORCE);
969 976
970 if (retval <= 0) { 977 if (retval <= 0) {
971 ret = retval; 978 ret = retval;
diff --git a/include/linux/mm.h b/include/linux/mm.h
index ecc4be7b67e0..f31bf9058587 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1268,7 +1268,7 @@ static inline int fixup_user_fault(struct task_struct *tsk,
1268 1268
1269extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write); 1269extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
1270extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, 1270extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
1271 void *buf, int len, int write); 1271 void *buf, int len, unsigned int gup_flags);
1272 1272
1273long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 1273long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
1274 unsigned long start, unsigned long nr_pages, 1274 unsigned long start, unsigned long nr_pages,
diff --git a/mm/memory.c b/mm/memory.c
index 79ebed3a4c2b..bac2d994850e 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3935,19 +3935,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
3935 * @addr: start address to access 3935 * @addr: start address to access
3936 * @buf: source or destination buffer 3936 * @buf: source or destination buffer
3937 * @len: number of bytes to transfer 3937 * @len: number of bytes to transfer
3938 * @write: whether the access is a write 3938 * @gup_flags: flags modifying lookup behaviour
3939 * 3939 *
3940 * The caller must hold a reference on @mm. 3940 * The caller must hold a reference on @mm.
3941 */ 3941 */
3942int access_remote_vm(struct mm_struct *mm, unsigned long addr, 3942int access_remote_vm(struct mm_struct *mm, unsigned long addr,
3943 void *buf, int len, int write) 3943 void *buf, int len, unsigned int gup_flags)
3944{ 3944{
3945 unsigned int flags = FOLL_FORCE; 3945 return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);
3946
3947 if (write)
3948 flags |= FOLL_WRITE;
3949
3950 return __access_remote_vm(NULL, mm, addr, buf, len, flags);
3951} 3946}
3952 3947
3953/* 3948/*
diff --git a/mm/nommu.c b/mm/nommu.c
index bde7df35118b..93d5bb53fc63 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -1847,15 +1847,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
1847 * @addr: start address to access 1847 * @addr: start address to access
1848 * @buf: source or destination buffer 1848 * @buf: source or destination buffer
1849 * @len: number of bytes to transfer 1849 * @len: number of bytes to transfer
1850 * @write: whether the access is a write 1850 * @gup_flags: flags modifying lookup behaviour
1851 * 1851 *
1852 * The caller must hold a reference on @mm. 1852 * The caller must hold a reference on @mm.
1853 */ 1853 */
1854int access_remote_vm(struct mm_struct *mm, unsigned long addr, 1854int access_remote_vm(struct mm_struct *mm, unsigned long addr,
1855 void *buf, int len, int write) 1855 void *buf, int len, unsigned int gup_flags)
1856{ 1856{
1857 return __access_remote_vm(NULL, mm, addr, buf, len, 1857 return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);
1858 write ? FOLL_WRITE : 0);
1859} 1858}
1860 1859
1861/* 1860/*
generated by cgit v1.2.2 (git 2.25.0) at 2026-05-28 09:47:56 -0400