From patchwork Wed May 3 17:35:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 98505 Delivered-To: patch@linaro.org Received: by 10.140.89.200 with SMTP id v66csp166281qgd; Wed, 3 May 2017 10:36:21 -0700 (PDT) X-Received: by 10.98.78.193 with SMTP id c184mr6143264pfb.85.1493832981520; Wed, 03 May 2017 10:36:21 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p20si12867632pli.35.2017.05.03.10.36.21; Wed, 03 May 2017 10:36:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753469AbdECRgU (ORCPT + 6 others); Wed, 3 May 2017 13:36:20 -0400 Received: from mail-pg0-f49.google.com ([74.125.83.49]:32965 "EHLO mail-pg0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751880AbdECRgU (ORCPT ); Wed, 3 May 2017 13:36:20 -0400 Received: by mail-pg0-f49.google.com with SMTP id y4so76520075pge.0 for ; Wed, 03 May 2017 10:36:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=i1Qc/O16t2wyzY3DU0CCB5nT9demMlJ+4OT7gHb8tuk=; b=HdN181Z/CmIK/4S5fnNaFQ/6tv7XUMlxJxmVAJxesfYGkLh79Jy1h1D6UGnRpvOeNf gUJnEDdGUmokH5I9F6u7E4wX6Be0bpOzISlxjFnqgBGPM+eJI13NxIfmFuaXZ5yN0CWq 60T1v2rgK26wPwSG9hf2j3EZOaLPhQLyu/h3E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=i1Qc/O16t2wyzY3DU0CCB5nT9demMlJ+4OT7gHb8tuk=; b=jHqn7mypbhQeishZNn7Djgf3ck0kjkVbwJ5r7JTyieud2hPuRglcVlMfv6duz3JOUv zk112P5oyZHEaahPMEpRVXb2Jg3EI2EC2m/2QF9Y4PzbbvUeBhZHyE6JaBlryctAh6e/ z/kbLYZ8dlYu1kpWmOO9yqfRugx2RLmspUpckW5wWANZv+v9J1YW85mwgEp2vJ1enEDT d7tnwwXIpI+4HM5N4n4GsjPK4aeq1prtyE9pTAsDPHD8jbMZVGKodxywejECA2/kH3/J xr3HaQ6wrrfRu5ccLN32AGelC42WP56yrE/HussYpOinr5WvejiGK6sENXX1Gq3zjpOW 4gwg== X-Gm-Message-State: AN3rC/63/22ubOT4gdKxQJteqxCcVM2OXpWTg426xa1cX+kKjuUNzQL9 FqskpLjVR9u/UIZU X-Received: by 10.84.143.195 with SMTP id 61mr50572036plz.158.1493832979481; Wed, 03 May 2017 10:36:19 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.126]) by smtp.gmail.com with ESMTPSA id c3sm5895206pfg.46.2017.05.03.10.36.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 May 2017 10:36:18 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: stable@vger.kernel.org, "Kirill A. Shutemov" , Andrew Morton , Willy Tarreau , Linus Torvalds Subject: [PATCH for-3.18 7/7] mm: avoid setting up anonymous pages into file mapping Date: Wed, 3 May 2017 23:05:58 +0530 Message-Id: <1493832958-12489-8-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493832958-12489-1-git-send-email-amit.pundir@linaro.org> References: <1493832958-12489-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: "Kirill A. Shutemov" Reading page fault handler code I've noticed that under right circumstances kernel would map anonymous pages into file mappings: if the VMA doesn't have vm_ops->fault() and the VMA wasn't fully populated on ->mmap(), kernel would handle page fault to not populated pte with do_anonymous_page(). Let's change page fault handler to use do_anonymous_page() only on anonymous VMA (->vm_ops == NULL) and make sure that the VMA is not shared. For file mappings without vm_ops->fault() or shred VMA without vm_ops, page fault on pte_none() entry would lead to SIGBUS. Signed-off-by: Kirill A. Shutemov Acked-by: Oleg Nesterov Cc: Andrew Morton Cc: Willy Tarreau Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds (cherry picked from commit 6b7339f4c31ad69c8e9c0b2859276e22cf72176d) Signed-off-by: Amit Pundir --- mm/memory.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) -- 2.7.4 diff --git a/mm/memory.c b/mm/memory.c index e8e3cf7bd247..6ca26c332712 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2629,6 +2629,10 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, pte_unmap(page_table); + /* File mapping without ->vm_ops ? */ + if (vma->vm_flags & VM_SHARED) + return VM_FAULT_SIGBUS; + /* Check if we need to add a guard page to the stack */ if (check_stack_guard_page(vma, address) < 0) return VM_FAULT_SIGSEGV; @@ -3033,6 +3037,9 @@ static int do_linear_fault(struct mm_struct *mm, struct vm_area_struct *vma, - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; pte_unmap(page_table); + /* The VMA was not fully populated on mmap() or missing VM_DONTEXPAND */ + if (!vma->vm_ops->fault) + return VM_FAULT_SIGBUS; if (!(flags & FAULT_FLAG_WRITE)) return do_read_fault(mm, vma, address, pmd, pgoff, flags, orig_pte); @@ -3198,11 +3205,9 @@ static int handle_pte_fault(struct mm_struct *mm, entry = ACCESS_ONCE(*pte); if (!pte_present(entry)) { if (pte_none(entry)) { - if (vma->vm_ops) { - if (likely(vma->vm_ops->fault)) - return do_linear_fault(mm, vma, address, + if (vma->vm_ops) + return do_linear_fault(mm, vma, address, pte, pmd, flags, entry); - } return do_anonymous_page(mm, vma, address, pte, pmd, flags); }