Commit 598d8ef8 authored by Lorenzo Stoakes's avatar Lorenzo Stoakes Committed by Juerg Haefliger

mm: replace access_remote_vm() write parameter with gup_flags

BugLink: https://bugs.launchpad.net/bugs/1811080

commit 6347e8d5 upstream.

This removes the 'write' argument from access_remote_vm() and replaces
it with 'gup_flags' as use of this function previously silently implied
FOLL_FORCE, whereas after this patch callers explicitly pass this flag.

We make this explicit as use of FOLL_FORCE can result in surprising
behaviour (and hence bugs) within the mm subsystem.
Signed-off-by: default avatarLorenzo Stoakes <lstoakes@gmail.com>
Acked-by: default avatarMichal Hocko <mhocko@suse.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent a2ae1b50
...@@ -254,7 +254,7 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, ...@@ -254,7 +254,7 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
* Inherently racy -- command line shares address space * Inherently racy -- command line shares address space
* with code and data. * with code and data.
*/ */
rv = access_remote_vm(mm, arg_end - 1, &c, 1, 0); rv = access_remote_vm(mm, arg_end - 1, &c, 1, FOLL_FORCE);
if (rv <= 0) if (rv <= 0)
goto out_free_page; goto out_free_page;
...@@ -272,7 +272,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, ...@@ -272,7 +272,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
int nr_read; int nr_read;
_count = min3(count, len, PAGE_SIZE); _count = min3(count, len, PAGE_SIZE);
nr_read = access_remote_vm(mm, p, page, _count, 0); nr_read = access_remote_vm(mm, p, page, _count,
FOLL_FORCE);
if (nr_read < 0) if (nr_read < 0)
rv = nr_read; rv = nr_read;
if (nr_read <= 0) if (nr_read <= 0)
...@@ -307,7 +308,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, ...@@ -307,7 +308,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
bool final; bool final;
_count = min3(count, len, PAGE_SIZE); _count = min3(count, len, PAGE_SIZE);
nr_read = access_remote_vm(mm, p, page, _count, 0); nr_read = access_remote_vm(mm, p, page, _count,
FOLL_FORCE);
if (nr_read < 0) if (nr_read < 0)
rv = nr_read; rv = nr_read;
if (nr_read <= 0) if (nr_read <= 0)
...@@ -356,7 +358,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf, ...@@ -356,7 +358,8 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
bool final; bool final;
_count = min3(count, len, PAGE_SIZE); _count = min3(count, len, PAGE_SIZE);
nr_read = access_remote_vm(mm, p, page, _count, 0); nr_read = access_remote_vm(mm, p, page, _count,
FOLL_FORCE);
if (nr_read < 0) if (nr_read < 0)
rv = nr_read; rv = nr_read;
if (nr_read <= 0) if (nr_read <= 0)
...@@ -875,6 +878,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ...@@ -875,6 +878,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
unsigned long addr = *ppos; unsigned long addr = *ppos;
ssize_t copied; ssize_t copied;
char *page; char *page;
unsigned int flags = FOLL_FORCE;
if (!mm) if (!mm)
return 0; return 0;
...@@ -887,6 +891,9 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ...@@ -887,6 +891,9 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
if (!atomic_inc_not_zero(&mm->mm_users)) if (!atomic_inc_not_zero(&mm->mm_users))
goto free; goto free;
if (write)
flags |= FOLL_WRITE;
while (count > 0) { while (count > 0) {
int this_len = min_t(int, count, PAGE_SIZE); int this_len = min_t(int, count, PAGE_SIZE);
...@@ -895,7 +902,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ...@@ -895,7 +902,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
break; break;
} }
this_len = access_remote_vm(mm, addr, page, this_len, write); this_len = access_remote_vm(mm, addr, page, this_len, flags);
if (!this_len) { if (!this_len) {
if (!copied) if (!copied)
copied = -EIO; copied = -EIO;
...@@ -1008,7 +1015,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, ...@@ -1008,7 +1015,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
this_len = min(max_len, this_len); this_len = min(max_len, this_len);
retval = access_remote_vm(mm, (env_start + src), retval = access_remote_vm(mm, (env_start + src),
page, this_len, 0); page, this_len, FOLL_FORCE);
if (retval <= 0) { if (retval <= 0) {
ret = retval; ret = retval;
......
...@@ -1213,7 +1213,7 @@ extern void vmr_do_fput(struct vm_region *, const char[], int); ...@@ -1213,7 +1213,7 @@ extern void vmr_do_fput(struct vm_region *, const char[], int);
extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write); extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
void *buf, int len, int write); void *buf, int len, unsigned int gup_flags);
long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
unsigned long start, unsigned long nr_pages, unsigned long start, unsigned long nr_pages,
......
...@@ -3778,19 +3778,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, ...@@ -3778,19 +3778,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
* @addr: start address to access * @addr: start address to access
* @buf: source or destination buffer * @buf: source or destination buffer
* @len: number of bytes to transfer * @len: number of bytes to transfer
* @write: whether the access is a write * @gup_flags: flags modifying lookup behaviour
* *
* The caller must hold a reference on @mm. * The caller must hold a reference on @mm.
*/ */
int access_remote_vm(struct mm_struct *mm, unsigned long addr, int access_remote_vm(struct mm_struct *mm, unsigned long addr,
void *buf, int len, int write) void *buf, int len, unsigned int gup_flags)
{ {
unsigned int flags = FOLL_FORCE; return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);
if (write)
flags |= FOLL_WRITE;
return __access_remote_vm(NULL, mm, addr, buf, len, flags);
} }
/* /*
......
...@@ -1967,15 +1967,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, ...@@ -1967,15 +1967,14 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
* @addr: start address to access * @addr: start address to access
* @buf: source or destination buffer * @buf: source or destination buffer
* @len: number of bytes to transfer * @len: number of bytes to transfer
* @write: whether the access is a write * @gup_flags: flags modifying lookup behaviour
* *
* The caller must hold a reference on @mm. * The caller must hold a reference on @mm.
*/ */
int access_remote_vm(struct mm_struct *mm, unsigned long addr, int access_remote_vm(struct mm_struct *mm, unsigned long addr,
void *buf, int len, int write) void *buf, int len, unsigned int gup_flags)
{ {
return __access_remote_vm(NULL, mm, addr, buf, len, return __access_remote_vm(NULL, mm, addr, buf, len, gup_flags);
write ? FOLL_WRITE : 0);
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment