mm/mremap: fail map duplication attempts for private mappings

mremap will attempt to create a 'duplicate' mapping if old_size == 0 is specified. In the case of private mappings, mremap will actually create a fresh separate private mapping unrelated to the original. This does not fit with the design semantics of mremap as the intention is to create a new mapping based on the original. Therefore, return EINVAL in the case where an attempt is made to duplicate a private mapping. Also, print a warning message (once) if such an attempt is made. Link: http://lkml.kernel.org/r/cb9d9f6a-7095-582f-15a5-62643d65c736@oracle.com Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Aaron Lu <aaron.lu@intel.com> Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Anshuman Khandual <khandual@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Mike Kravetz <mike.kravetz@oracle.com> 2017-09-06 19:20:55 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-09-06 20:27:26 -0400
commit: dba58d3b8c5045ad89c1c95d33d01451e3964db7 (patch)
tree: 39a5693fa2844a073a85be7ad9482fc4d55dfb51 /mm/mremap.c
parent: 10903027948d768d9639b31e9a555802e2dabafc (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/mm/mremap.c b/mm/mremap.c
index 3f23715d3c69..7395564daa6c 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -384,6 +384,19 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
        if (!vma || vma->vm_start > addr)
                return ERR_PTR(-EFAULT);
+        /*
+         * !old_len is a special case where an attempt is made to 'duplicate'
+         * a mapping.  This makes no sense for private mappings as it will
+         * instead create a fresh/new mapping unrelated to the original.  This
+         * is contrary to the basic idea of mremap which creates new mappings
+         * based on the original.  There are no known use cases for this
+         * behavior.  As a result, fail such attempts.
+         */
+        if (!old_len && !(vma->vm_flags & (VM_SHARED | VM_MAYSHARE))) {
+                pr_warn_once("%s (%d): attempted to duplicate a private mapping with mremap.  This is not supported.\n", current->comm, current->pid);
+                return ERR_PTR(-EINVAL);
+        }
        if (is_vm_hugetlb_page(vma))
                return ERR_PTR(-EINVAL);
author	Mike Kravetz <mike.kravetz@oracle.com>	2017-09-06 19:20:55 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-09-06 20:27:26 -0400
commit	dba58d3b8c5045ad89c1c95d33d01451e3964db7 (patch)
tree	39a5693fa2844a073a85be7ad9482fc4d55dfb51 /mm/mremap.c
parent	10903027948d768d9639b31e9a555802e2dabafc (diff)

diff --git a/mm/mremap.c b/mm/mremap.c index 3f23715d3c69..7395564daa6c 100644 --- a/mm/mremap.c +++ b/mm/mremap.c
@@ -384,6 +384,19 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
384	if (!vma \|\| vma->vm_start > addr)	384	if (!vma \|\| vma->vm_start > addr)
385	return ERR_PTR(-EFAULT);	385	return ERR_PTR(-EFAULT);
386		386
		387	/*
		388	* !old_len is a special case where an attempt is made to 'duplicate'
		389	* a mapping. This makes no sense for private mappings as it will
		390	* instead create a fresh/new mapping unrelated to the original. This
		391	* is contrary to the basic idea of mremap which creates new mappings
		392	* based on the original. There are no known use cases for this
		393	* behavior. As a result, fail such attempts.
		394	*/
		395	if (!old_len && !(vma->vm_flags & (VM_SHARED \| VM_MAYSHARE))) {
		396	pr_warn_once("%s (%d): attempted to duplicate a private mapping with mremap. This is not supported.\n", current->comm, current->pid);
		397	return ERR_PTR(-EINVAL);
		398	}
		399
387	if (is_vm_hugetlb_page(vma))	400	if (is_vm_hugetlb_page(vma))
388	return ERR_PTR(-EINVAL);	401	return ERR_PTR(-EINVAL);
389		402