c2ec4b3fbc
* refs/heads/tmp-5da1114:
Revert crypto changes from android-4.19.79-95
Revert "UPSTREAM: PM / wakeup updates"
Revert "ANDROID: of: property: Enable of_devlink by default"
Revert "UPSTREAM: dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu"
UPSTREAM: net: usbnet: Fix -Wcast-function-type
UPSTREAM: USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein
UPSTREAM: USB: dummy-hcd: increase max number of devices to 32
ANDROID: tty: serdev: Fix broken serial console input
ANDROID: update kernel ABI (perf_event changes)
BACKPORT: perf_event: Add support for LSM and SELinux checks
UPSTREAM: iommu: Allow io-pgtable to be used outside of drivers/iommu/
ANDROID: update abi for 4.19.94 release
ANDROID: update abi due to revert
Revert "BACKPORT: perf_event: Add support for LSM and SELinux checks"
UPSTREAM: selinux: sidtab reverse lookup hash table
UPSTREAM: selinux: avoid atomic_t usage in sidtab
UPSTREAM: selinux: check sidtab limit before adding a new entry
UPSTREAM: selinux: fix context string corruption in convert_context()
UPSTREAM: selinux: overhaul sidtab to fix bug and improve performance
UPSTREAM: selinux: refactor mls_context_to_sid() and make it stricter
UPSTREAM: selinux: use separate table for initial SID lookup
UPSTREAM: selinux: make "selinux_policycap_names[]" const char *
UPSTREAM: selinux: refactor sidtab conversion
ANDROID: Update ABI representation
ANDROID: GKI: clk: Don't disable unused clocks with sync state support
ANDROID: GKI: clk: Add support for clock providers with sync state
ANDROID: GKI: driver core: Add dev_has_sync_state()
ANDROID: update kernel ABI representation
BACKPORT: perf_event: Add support for LSM and SELinux checks
ANDROID: update ABI representation
UPSTREAM: exit: panic before exit_mm() on global init exit
ANDROID: serdev: Fix platform device support
ANDROID: Kconfig.gki: Add Hidden SPRD DRM configs
ANDROID: gki_defconfig: Disable TRANSPARENT_HUGEPAGE
ANDROID: gki_defconfig: Enable CONFIG_GNSS_CMDLINE_SERIAL
ANDROID: gnss: Add command line test driver
ANDROID: serdev: add platform device support
ANDROID: gki_defconfig: enable ARM64_SW_TTBR0_PAN
ANDROID: gki_defconfig: Set BINFMT_MISC as =m
UPSTREAM: binder: fix incorrect calculation for num_valid
ABI: Update ABI after f2fs merge
ANDROID: add initial ABI whitelist for android-4.19
ANDROID: staging: android: ion: Fix build when CONFIG_ION_SYSTEM_HEAP=n
ANDROID: staging: android: ion: Expose total heap and pool sizes via sysfs
ANDROID: Update ABI representation due to vmstat counter changes
UPSTREAM: include/linux/slab.h: fix sparse warning in kmalloc_type()
UPSTREAM: mm, slab: shorten kmalloc cache names for large sizes
UPSTREAM: mm, proc: add KReclaimable to /proc/meminfo
UPSTREAM: mm: rename and change semantics of nr_indirectly_reclaimable_bytes
UPSTREAM: dcache: allocate external names from reclaimable kmalloc caches
UPSTREAM: mm, slab/slub: introduce kmalloc-reclaimable caches
UPSTREAM: mm, slab: combine kmalloc_caches and kmalloc_dma_caches
ANDROID: abi update for 4.19.89
ANDROID: update abi_gki_aarch64.xml for LTO, CFI, and SCS
ANDROID: gki_defconfig: enable LTO, CFI, and SCS
ANDROID: update abi_gki_aarch64.xml for CONFIG_GNSS
ANDROID: cuttlefish_defconfig: Enable CONFIG_GNSS
UPSTREAM: arm64: Validate tagged addresses in access_ok() called from kernel threads
ANDROID: mm: Throttle rss_stat tracepoint
UPSTREAM: mm: slub: really fix slab walking for init_on_free
ANDROID: update abi_gki_aarch64.xml for nf change
ANDROID: kbuild: limit LTO inlining
ANDROID: kbuild: merge module sections with LTO
ANDROID: netfilter: nf_nat: remove static from nf_nat_ipv4_fn
UPSTREAM: drm/client: remove the exporting of drm_client_close
ANDROID: f2fs: fix possible merge of unencrypted with encrypted I/O
UPSTREAM: binder: Add binder_proc logging to binderfs
UPSTREAM: binder: Make transaction_log available in binderfs
UPSTREAM: binder: Add stats, state and transactions files
UPSTREAM: binder: add a mount option to show global stats
UPSTREAM: binder: Validate the default binderfs device names.
UPSTREAM: binder: Add default binder devices through binderfs when configured
UPSTREAM: binder: fix CONFIG_ANDROID_BINDER_DEVICES
UPSTREAM: android: binder: use kstrdup instead of open-coding it
UPSTREAM: binderfs: remove separate device_initcall()
UPSTREAM: binderfs: respect limit on binder control creation
UPSTREAM: binderfs: switch from d_add() to d_instantiate()
UPSTREAM: binderfs: drop lock in binderfs_binder_ctl_create
UPSTREAM: binderfs: kill_litter_super() before cleanup
UPSTREAM: binderfs: rework binderfs_binder_device_create()
UPSTREAM: binderfs: rework binderfs_fill_super()
UPSTREAM: binderfs: prevent renaming the control dentry
UPSTREAM: binderfs: remove outdated comment
UPSTREAM: binderfs: fix error return code in binderfs_fill_super()
UPSTREAM: binderfs: handle !CONFIG_IPC_NS builds
UPSTREAM: binderfs: reserve devices for initial mount
UPSTREAM: binderfs: rename header to binderfs.h
UPSTREAM: binderfs: implement "max" mount option
UPSTREAM: binderfs: make each binderfs mount a new instance
UPSTREAM: binderfs: remove wrong kern_mount() call
UPSTREAM: binder: implement binderfs
UPSTREAM: binder: remove BINDER_DEBUG_ENTRY()
ANDROID: Don't base allmodconfig on gki_defconfig
ANDROID: Disable UNWINDER_ORC for allmodconfig
ANDROID: update abi_gki_aarch64.xml for 4.19.87
BACKPORT: ARM: 8905/1: Emit __gnu_mcount_nc when using Clang 10.0.0 or newer
ANDROID: update abi_gki_aarch64.xml
ANDROID: gki_defconfig: =m's applied for virtio configs in arm64
UPSTREAM: of: property: Add device link support for interrupt-parent, dmas and -gpio(s)
UPSTREAM: of: property: Add device link support for "iommu-map"
UPSTREAM: of: property: Fix the semantics of of_is_ancestor_of()
UPSTREAM: i2c: of: Populate fwnode in of_i2c_get_board_info()
UPSTREAM: driver core: Clarify documentation for fwnode_operations.add_links()
UPSTREAM: dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu
BACKPORT: coresight: etm4x: Save/restore state across CPU low power states
ANDROID: Update ABI representation
ANDROID: gki_defconfig: IIO=y
f2fs: stop GC when the victim becomes fully valid
f2fs: expose main_blkaddr in sysfs
f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project()
f2fs: Fix deadlock in f2fs_gc() context during atomic files handling
f2fs: show f2fs instance in printk_ratelimited
f2fs: fix potential overflow
f2fs: fix to update dir's i_pino during cross_rename
f2fs: support aligned pinned file
f2fs: avoid kernel panic on corruption test
f2fs: fix wrong description in document
f2fs: cache global IPU bio
f2fs: fix to avoid memory leakage in f2fs_listxattr
f2fs: check total_segments from devices in raw_super
f2fs: update multi-dev metadata in resize_fs
f2fs: mark recovery flag correctly in read_raw_super_block()
f2fs: fix to update time in lazytime mode
vfs: don't allow writes to swap files
mm: set S_SWAPFILE on blockdev swap devices
BACKPORT: ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang
ANDROID: update abi_gki_aarch64.xml for 4.19.87
ANDROID: gki_defconfig: FW_CACHE to no
FROMGIT: firmware_class: make firmware caching configurable
FROMLIST: arm64: implement Shadow Call Stack
FROMLIST: arm64: disable SCS for hypervisor code
BACKPORT: FROMLIST: arm64: vdso: disable Shadow Call Stack
FROMLIST: arm64: efi: restore x18 if it was corrupted
FROMLIST: arm64: preserve x18 when CPU is suspended
FROMLIST: arm64: reserve x18 from general allocation with SCS
FROMLIST: arm64: disable function graph tracing with SCS
FROMLIST: scs: add support for stack usage debugging
FROMLIST: scs: add accounting
FROMLIST: add support for Clang's Shadow Call Stack (SCS)
FROMLIST: arm64: kernel: avoid x18 in __cpu_soft_restart
FROMLIST: arm64: kvm: stop treating register x18 as caller save
FROMLIST: arm64/lib: copy_page: avoid x18 register in assembler code
FROMLIST: arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings
ANDROID: use non-canonical CFI jump tables
ANDROID: arm64: add __nocfi to __apply_alternatives
ANDROID: arm64: add __pa_function
ANDROID: arm64: allow ThinLTO to be selected
ANDROID: soc/tegra: disable ARCH_TEGRA_210_SOC with LTO
FROMLIST: arm64: fix alternatives with LLVM's integrated assembler
ANDROID: irqchip/gic-v3: rename gic_of_init to work around a ThinLTO+CFI bug
ANDROID: init: ensure initcall ordering with LTO
Revert "ANDROID: init: ensure initcall ordering with LTO"
ANDROID: add support for ThinLTO
ANDROID: clang: update to 10.0.1
ANDROID: gki_defconfig: enable CONFIG_REGULATOR_FIXED_VOLTAGE
ANDROID: gki_defconfig: removed CONFIG_PM_WAKELOCKS
ANDROID: gki_defconfig: enable CONFIG_IKHEADERS as m
FROMGIT: pinctrl: devicetree: Avoid taking direct reference to device name string
ANDROID: update abi_gki_aarch64.xml for 4.19.86 update
ANDROID: Update ABI representation
ANDROID: gki_defconfig: disable FUNCTION_TRACER
ANDROID: Update the ABI representation
ANDROID: update ABI representation
ANDROID: add unstripped modules to the distribution
FROMLIST: vsprintf: Inline call to ptr_to_hashval
UPSTREAM: rss_stat: Add support to detect RSS updates of external mm
UPSTREAM: mm: emit tracepoint when RSS changes
FROMGIT: driver core: Allow device link operations inside sync_state()
ANDROID: uid_sys_stats: avoid double accounting of dying threads
ANDROID: scsi: ufs-qcom: Enable BROKEN_CRYPTO quirk flag
ANDROID: scsi: ufs-hisi: Enable BROKEN_CRYPTO quirk flag
ANDROID: scsi: ufs: Add quirk bit for controllers that don't play well with inline crypto
ANDROID: scsi: ufs: UFS init should not require inline crypto
ANDROID: scsi: ufs: UFS crypto variant operations API
ANDROID: gki_defconfig: enable inline encryption
BACKPORT: FROMLIST: ext4: add inline encryption support
BACKPORT: FROMLIST: f2fs: add inline encryption support
BACKPORT: FROMLIST: fscrypt: add inline encryption support
BACKPORT: FROMLIST: scsi: ufs: Add inline encryption support to UFS
BACKPORT: FROMLIST: scsi: ufs: UFS crypto API
BACKPORT: FROMLIST: scsi: ufs: UFS driver v2.1 spec crypto additions
BACKPORT: FROMLIST: block: blk-crypto for Inline Encryption
ANDROID: block: Fix bio_crypt_should_process WARN_ON
BACKPORT: FROMLIST: block: Add encryption context to struct bio
BACKPORT: FROMLIST: block: Keyslot Manager for Inline Encryption
FROMLIST: f2fs: add support for IV_INO_LBLK_64 encryption policies
FROMLIST: ext4: add support for IV_INO_LBLK_64 encryption policies
BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies
FROMLIST: fscrypt: zeroize fscrypt_info before freeing
FROMLIST: fscrypt: remove struct fscrypt_ctx
BACKPORT: FROMLIST: fscrypt: invoke crypto API for ESSIV handling
ANDROID: build kernels with llvm-nm and llvm-objcopy
ANDROID: Fix allmodconfig build with CC=clang
UPSTREAM: mm/page_poison: expose page_poisoning_enabled to kernel modules
FROMGIT: of: property: Add device link support for iommus, mboxes and io-channels
FROMGIT: of: property: Make it easy to add device links from DT properties
FROMGIT: of: property: Minor style clean up of of_link_to_phandle()
Revert "ANDROID: of/property: Add device link support for iommus"
ANDROID: Add allmodconfig build.configs for x86_64 and aarch64
ANDROID: fix allmodconfig build
ANDROID: nf: IDLETIMER: Fix possible use before initialization in idletimer_resume
BACKPORT: coresight: funnel: Support static funnel
BACKPORT:FROMGIT: coresight: replicator: Fix missing spin_lock_init()
BACKPORT:FROMGIT: coresight: funnel: Fix missing spin_lock_init()
BACKPORT:FROMGIT: coresight: Serialize enabling/disabling a link device.
UPSTREAM: coresight: tmc-etr: Add barrier packets when moving offset forward
UPSTREAM: coresight: tmc-etr: Decouple buffer sync and barrier packet insertion
UPSTREAM: coresight: tmc: Make memory width mask computation into a function
UPSTREAM: coresight: tmc-etr: Fix perf_data check
UPSTREAM: coresight: tmc-etr: Fix updating buffer in not-snapshot mode.
UPSTREAM: coresight: tmc-etr: Check if non-secure access is enabled
UPSTREAM: coresight: tmc-etr: Handle memory errors
BACKPORT: coresight: etr_buf: Consolidate refcount initialization
UPSTREAM: coresight: Fix DEBUG_LOCKS_WARN_ON for uninitialized attribute
UPSTREAM: coresight: Use coresight device names for sinks in PMU attribute
UPSTREAM: coresight: tmc-etr: alloc_perf_buf: Do not call smp_processor_id from preemptible
UPSTREAM: coresight: tmc-etr: Do not call smp_processor_id() from preemptible
UPSTREAM: coresight: perf: Don't set the truncated flag in snapshot mode
UPSTREAM: coresight: tmc-etf: Fix snapshot mode update function
UPSTREAM: coresight: tmc-etr: Properly set AUX buffer head in snapshot mode
UPSTREAM: coresight: tmc-etr: Add support for CPU-wide trace scenarios
UPSTREAM: coresight: tmc-etr: Allocate and free ETR memory buffers for CPU-wide scenarios
UPSTREAM: coresight: tmc-etr: Introduce the notion of IDR to ETR devices
UPSTREAM: coresight: tmc-etr: Introduce the notion of reference counting to ETR devices
UPSTREAM: coresight: tmc-etr: Introduce the notion of process ID to ETR devices
UPSTREAM: coresight: tmc-etr: Create per-thread buffer allocation function
UPSTREAM: coresight: tmc-etr: Refactor function tmc_etr_setup_perf_buf()
UPSTREAM: coresight: Communicate perf event to sink buffer allocation functions
UPSTREAM: coresight: perf: Refactor function free_event_data()
UPSTREAM: coresight: perf: Clean up function etm_setup_aux()
UPSTREAM: coresight: Properly address concurrency in sink::update() functions
UPSTREAM: coresight: Properly address errors in sink::disable() functions
UPSTREAM: coresight: Move reference counting inside sink drivers
UPSTREAM: coresight: Adding return code to sink::disable() operation
UPSTREAM: coresight: etm4x: Configure tracers to emit timestamps
UPSTREAM: coresight: etm4x: Skip selector pair 0
UPSTREAM: coresight: etm4x: Add kernel configuration for CONTEXTID
UPSTREAM: coresight: pmu: Adding ITRACE property to cs_etm PMU
UPSTREAM: coresight: tmc: Cleanup power management
UPSTREAM: coresight: Fix freeing up the coresight connections
UPSTREAM: coresight: tmc: Report DMA setup failures
UPSTREAM: coresight: catu: fix clang build warning
UPSTREAM: perf/core: Fix the address filtering fix
UPSTREAM: perf, pt, coresight: Fix address filters for vmas with non-zero offset
UPSTREAM: perf: Copy parent's address filter offsets on clone
UPSTREAM: coresight: Use event attributes for sink selection
UPSTREAM: coresight: perf: Add "sinks" group to PMU directory
UPSTREAM: coresight: etb10: Add support for CLAIM tag
UPSTREAM: coreisght: tmc: Claim device before use
UPSTREAM: coresight: dynamic-replicator: Claim device for use
UPSTREAM: coresight: funnel: Claim devices before use
UPSTREAM: coresight: etmx: Claim devices before use
UPSTREAM: coresight: Add support for CLAIM tag protocol
UPSTREAM: coresight: dynamic-replicator: Handle multiple connections
UPSTREAM: coresight: etb10: Handle errors enabling the device
UPSTREAM: coresight: etm3: Add support for handling errors
UPSTREAM: coresight: etm4x: Add support for handling errors
UPSTREAM: coresight: tmc-etb/etf: Prepare to handle errors enabling
UPSTREAM: coresight: tmc-etr: Handle errors enabling CATU
UPSTREAM: coresight: tmc-etr: Refactor for handling errors
UPSTREAM: coresight: Handle failures in enabling a trace path
UPSTREAM: coresight: tmc: Fix byte-address alignment for RRP
UPSTREAM: coresight: etm4x: Configure EL2 exception level when kernel is running in HYP
UPSTREAM: coresight: etb10: Splitting function etb_enable()
UPSTREAM: coresight: etb10: Refactor etb_drvdata::mode handling
UPSTREAM: coresight: etm-perf: Add support for ETR backend
UPSTREAM: coresight: perf: Remove set_buffer call back
UPSTREAM: coresight: perf: Add helper to retrieve sink configuration
UPSTREAM: coresight: perf: Remove reset_buffer call back for sinks
UPSTREAM: coresight: Convert driver messages to dev_dbg
UPSTREAM: coresight: tmc-etr: Relax collection of trace from sysfs mode
UPSTREAM: coresight: tmc-etr: Handle driver mode specific ETR buffers
UPSTREAM: coresight: perf: Disable trace path upon source error
UPSTREAM: coresight: perf: Allow tracing on hotplugged CPUs
UPSTREAM: coresight: perf: Avoid unncessary CPU hotplug read lock
UPSTREAM: coresight: perf: Fix per cpu path management
UPSTREAM: coresight: Fix handling of sinks
UPSTREAM: coresight: Use ERR_CAST instead of ERR_PTR
UPSTREAM: coresight: Fix remote endpoint parsing
UPSTREAM: coresight: platform: Fix leaking device reference
UPSTREAM: coresight: platform: Fix refcounting for graph nodes
UPSTREAM: coresight: platform: Refactor graph endpoint parsing
UPSTREAM: coresight: Document error handling in coresight_register
ANDROID: regression introduced override_creds=off
ANDROID: overlayfs: internal getxattr operations without sepolicy checking
ANDROID: overlayfs: add __get xattr method
ANDROID: Add optional __get xattr method paired to __vfs_getxattr
UPSTREAM: scsi: ufs: override auto suspend tunables for ufs
UPSTREAM: scsi: core: allow auto suspend override by low-level driver
FROMGIT: of: property: Skip adding device links to suppliers that aren't devices
ANDROID: gki_defconfig: enable CONFIG_KEYBOARD_GPIO
UPSTREAM: dm bufio: introduce a global cache replacement
UPSTREAM: dm bufio: remove old-style buffer cleanup
UPSTREAM: dm bufio: introduce a global queue
UPSTREAM: dm bufio: refactor adjust_total_allocated
UPSTREAM: dm bufio: call adjust_total_allocated from __link_buffer and __unlink_buffer
ANDROID: dummy_cpufreq: Implement get()
ANDROID: gki_defconfig: enable CONFIG_CPUSETS
ANDROID: virtio: virtio_input: Set the amount of multitouch slots in virtio input
rtlwifi: Fix potential overflow on P2P code
ANDROID: cpufreq: create dummy cpufreq driver
ANDROID: Allow DRM_IOCTL_MODE_*_DUMB for render clients.
Cuttlefish Wifi: Add data ops in virt_wifi driver for scan data simulation
ANDROID: of: property: Enable of_devlink by default
ANDROID: of: property: Make sure child dependencies don't block probing of parent
ANDROID: driver core: Allow fwnode_operations.add_links to differentiate errors
ANDROID: driver core: Allow a device to wait on optional suppliers
ANDROID: driver core: Add device link support for SYNC_STATE_ONLY flag
FROMGIT: docs: driver-model: Add documentation for sync_state
FROMGIT: driver: core: Improve documentation for fwnode_operations.add_links()
FROMGIT: of: property: Minor code formatting/style clean ups
ANDROID: of/property: Add device link support for iommus
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
BACKPORT: arm64: tags: Preserve tags for addresses translated via TTBR1
UPSTREAM: arm64: memory: Implement __tag_set() as common function
UPSTREAM: arm64/mm: fix variable 'tag' set but not used
UPSTREAM: arm64: avoid clang warning about self-assignment
ANDROID: sdcardfs: evict dentries on fscrypt key removal
ANDROID: fscrypt: add key removal notifier chain
ANDROID: refactor build.config files to remove duplication
ANDROID: Move from clang r353983c to r365631c
ANDROID: gki_defconfig: remove PWRSEQ_EMMC and PWRSEQ_SIMPLE
ANDROID: unconditionally compile sig_ok in struct module
ANDROID: gki_defconfig: enable fs-verity
UPSTREAM: mm: vmalloc: show number of vmalloc pages in /proc/meminfo
BACKPORT: PM/sleep: Expose suspend stats in sysfs
UPSTREAM: power: supply: Init device wakeup after device_add()
UPSTREAM: PM / wakeup: Unexport wakeup_source_sysfs_{add,remove}()
UPSTREAM: PM / wakeup: Register wakeup class kobj after device is added
UPSTREAM: PM / wakeup: Fix sysfs registration error path
UPSTREAM: PM / wakeup: Show wakeup sources stats in sysfs
UPSTREAM: PM / wakeup: Use wakeup_source_register() in wakelock.c
UPSTREAM: PM / wakeup: Drop wakeup_source_init(), wakeup_source_prepare()
UPSTREAM: PM / wakeup: Drop wakeup_source_drop()
UPSTREAM: PM / core: Add support to skip power management in device/driver model
gki_defconfig: Enable CONFIG_DM_SNAPSHOT
ANDROID: gki_defconfig: enable accelerated AES and SHA-256
ANDROID: fix overflow in /proc/uid_cputime/remove_uid_range
ANDROID: kasan: fix has_attribute check on older GCC versions
ANDROID: gki_defconfig: enable CONFIG_PARAVIRT and CONFIG_HYPERVISOR_GUEST
ANDROID: gki_defconfig: enable CONFIG_NLS_*
ANDROID: gki_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
FROMGIT: of: property: Create device links for all child-supplier depencencies
FROMGIT: of/platform: Pause/resume sync state during init and of_platform_populate()
BACKPORT: FROMGIT: driver core: Add sync_state driver/bus callback
BACKPORT: FROMGIT: of: property: Add functional dependency link from DT bindings
FROMGIT: driver core: Add support for linking devices during device addition
FROMGIT: driver core: Add fwnode_to_dev() to look up device from fwnode
UPSTREAM: mm: untag user pointers in mmap/munmap/mremap/brk
UPSTREAM: vfio/type1: untag user pointers in vaddr_get_pfn
UPSTREAM: tee/shm: untag user pointers in tee_shm_register
UPSTREAM: media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get
UPSTREAM: drm/radeon: untag user pointers in radeon_gem_userptr_ioctl
BACKPORT: drm/amdgpu: untag user pointers
UPSTREAM: userfaultfd: untag user pointers
UPSTREAM: fs/namespace: untag user pointers in copy_mount_options
UPSTREAM: mm: untag user pointers in get_vaddr_frames
UPSTREAM: mm: untag user pointers in mm/gup.c
UPSTREAM: mm: untag user pointers passed to memory syscalls
BACKPORT: lib: untag user pointers in strn*_user
UPSTREAM: arm64: Fix reference to docs for ARM64_TAGGED_ADDR_ABI
UPSTREAM: selftests, arm64: add kernel headers path for tags_test
BACKPORT: arm64: Relax Documentation/arm64/tagged-pointers.rst
UPSTREAM: arm64: Define Documentation/arm64/tagged-address-abi.rst
UPSTREAM: arm64: Change the tagged_addr sysctl control semantics to only prevent the opt-in
UPSTREAM: arm64: Tighten the PR_{SET, GET}_TAGGED_ADDR_CTRL prctl() unused arguments
UPSTREAM: selftests, arm64: fix uninitialized symbol in tags_test.c
UPSTREAM: arm64: mm: Really fix sparse warning in untagged_addr()
UPSTREAM: selftests, arm64: add a selftest for passing tagged pointers to kernel
BACKPORT: arm64: Introduce prctl() options to control the tagged user addresses ABI
UPSTREAM: arm64: untag user pointers in access_ok and __uaccess_mask_ptr
UPSTREAM: uaccess: add noop untagged_addr definition
BACKPORT: block: annotate refault stalls from IO submission
f2fs: add a condition to detect overflow in f2fs_ioc_gc_range()
f2fs: fix to add missing F2FS_IO_ALIGNED() condition
f2fs: fix to fallback to buffered IO in IO aligned mode
f2fs: fix to handle error path correctly in f2fs_map_blocks
f2fs: fix extent corrupotion during directIO in LFS mode
f2fs: check all the data segments against all node ones
f2fs: Add a small clarification to CONFIG_FS_F2FS_FS_SECURITY
f2fs: fix inode rwsem regression
f2fs: fix to avoid accessing uninitialized field of inode page in is_alive()
f2fs: avoid infinite GC loop due to stale atomic files
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: convert inline_data in prior to i_size_write
f2fs: fix error path of f2fs_convert_inline_page()
f2fs: add missing documents of reserve_root/resuid/resgid
f2fs: fix flushing node pages when checkpoint is disabled
f2fs: enhance f2fs_is_checkpoint_ready()'s readability
f2fs: clean up __bio_alloc()'s parameter
f2fs: fix wrong error injection path in inc_valid_block_count()
f2fs: fix to writeout dirty inode during node flush
f2fs: optimize case-insensitive lookups
f2fs: introduce f2fs_match_name() for cleanup
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: allocate memory in batch in build_sit_info()
f2fs: support FS_IOC_{GET,SET}FSLABEL
f2fs: fix to avoid data corruption by forbidding SSR overwrite
f2fs: Fix build error while CONFIG_NLS=m
Revert "f2fs: avoid out-of-range memory access"
f2fs: cleanup the code in build_sit_entries.
f2fs: fix wrong available node count calculation
f2fs: remove duplicate code in f2fs_file_write_iter
f2fs: fix to migrate blocks correctly during defragment
f2fs: use wrapped f2fs_cp_error()
f2fs: fix to use more generic EOPNOTSUPP
f2fs: use wrapped IS_SWAPFILE()
f2fs: Support case-insensitive file name lookups
f2fs: include charset encoding information in the superblock
fs: Reserve flag for casefolding
f2fs: fix to avoid call kvfree under spinlock
fs: f2fs: Remove unnecessary checks of SM_I(sbi) in update_general_status()
f2fs: disallow direct IO in atomic write
f2fs: fix to handle quota_{on,off} correctly
f2fs: fix to detect cp error in f2fs_setxattr()
f2fs: fix to spread f2fs_is_checkpoint_ready()
f2fs: support fiemap() for directory inode
f2fs: fix to avoid discard command leak
f2fs: fix to avoid tagging SBI_QUOTA_NEED_REPAIR incorrectly
f2fs: fix to drop meta/node pages during umount
f2fs: disallow switching io_bits option during remount
f2fs: fix panic of IO alignment feature
f2fs: introduce {page,io}_is_mergeable() for readability
f2fs: fix livelock in swapfile writes
f2fs: add fs-verity support
ext4: update on-disk format documentation for fs-verity
ext4: add fs-verity read support
ext4: add basic fs-verity support
fs-verity: support builtin file signatures
fs-verity: add SHA-512 support
fs-verity: implement FS_IOC_MEASURE_VERITY ioctl
fs-verity: implement FS_IOC_ENABLE_VERITY ioctl
fs-verity: add data verification hooks for ->readpages()
fs-verity: add the hook for file ->setattr()
fs-verity: add the hook for file ->open()
fs-verity: add inode and superblock fields
fs-verity: add Kconfig and the helper functions for hashing
fs: uapi: define verity bit for FS_IOC_GETFLAGS
fs-verity: add UAPI header
fs-verity: add MAINTAINERS file entry
fs-verity: add a documentation file
ext4: fix kernel oops caused by spurious casefold flag
ext4: fix coverity warning on error path of filename setup
ext4: optimize case-insensitive lookups
ext4: fix dcache lookup of !casefolded directories
unicode: update to Unicode 12.1.0 final
unicode: add missing check for an error return from utf8lookup()
ext4: export /sys/fs/ext4/feature/casefold if Unicode support is present
unicode: refactor the rule for regenerating utf8data.h
ext4: Support case-insensitive file name lookups
ext4: include charset encoding information in the superblock
unicode: update unicode database unicode version 12.1.0
unicode: introduce test module for normalized utf8 implementation
unicode: implement higher level API for string handling
unicode: reduce the size of utf8data[]
unicode: introduce code for UTF-8 normalization
unicode: introduce UTF-8 character database
ext4 crypto: fix to check feature status before get policy
fscrypt: document the new ioctls and policy version
ubifs: wire up new fscrypt ioctls
f2fs: wire up new fscrypt ioctls
ext4: wire up new fscrypt ioctls
fscrypt: require that key be added when setting a v2 encryption policy
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
fscrypt: allow unprivileged users to add/remove keys for v2 policies
fscrypt: v2 encryption policy support
fscrypt: add an HKDF-SHA512 implementation
fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
fscrypt: rename keyinfo.c to keysetup.c
fscrypt: move v1 policy key setup to keysetup_v1.c
fscrypt: refactor key setup code in preparation for v2 policies
fscrypt: rename fscrypt_master_key to fscrypt_direct_key
fscrypt: add ->ci_inode to fscrypt_info
fscrypt: use FSCRYPT_* definitions, not FS_*
fscrypt: use FSCRYPT_ prefix for uapi constants
fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h>
fscrypt: use ENOPKG when crypto API support missing
fscrypt: improve warnings for missing crypto API support
fscrypt: improve warning messages for unsupported encryption contexts
fscrypt: make fscrypt_msg() take inode instead of super_block
fscrypt: clean up base64 encoding/decoding
fscrypt: remove loadable module related code
Updated following files to fix build errors:
drivers/gpu/msm/kgsl_pool.c
drivers/hwtracing/coresight/coresight-dummy.c
drivers/iommu/dma-mapping-fast.c
drivers/iommu/io-pgtable-fast.c
drivers/iommu/io-pgtable-msm-secure.c
kernel/taskstats.c
mm/vmalloc.c
security/selinux/ss/sidtab.h
Conflicts:
arch/arm/Makefile
arch/arm64/Kconfig
arch/x86/include/asm/syscall_wrapper.h
build.config.common
drivers/clk/clk.c
drivers/hwtracing/coresight/coresight-etm-perf.c
drivers/hwtracing/coresight/coresight-funnel.c
drivers/hwtracing/coresight/coresight-tmc-etf.c
drivers/hwtracing/coresight/coresight-tmc-etr.c
drivers/hwtracing/coresight/coresight-tmc.c
drivers/hwtracing/coresight/coresight-tmc.h
drivers/hwtracing/coresight/coresight.c
drivers/hwtracing/coresight/of_coresight.c
drivers/iommu/arm-smmu.c
drivers/iommu/io-pgtable-arm.c
drivers/iommu/io-pgtable.c
drivers/scsi/scsi_sysfs.c
drivers/scsi/sd.c
drivers/scsi/ufs/ufshcd.c
drivers/scsi/ufs/ufshcd.h
drivers/staging/android/ion/ion.c
drivers/staging/android/ion/ion.h
drivers/staging/android/ion/ion_page_pool.c
fs/ext4/readpage.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/segment.c
fs/f2fs/super.c
include/linux/clk-provider.h
include/linux/compiler_types.h
include/linux/coresight.h
include/linux/mmzone.h
include/scsi/scsi_device.h
include/trace/events/kmem.h
kernel/events/core.c
kernel/sched/core.c
mm/vmstat.c
Change-Id: I2eca52b08b484f2b5c30437671cab8cb0195b8d6
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
640 lines
16 KiB
C
640 lines
16 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* mm/mprotect.c
|
|
*
|
|
* (C) Copyright 1994 Linus Torvalds
|
|
* (C) Copyright 2002 Christoph Hellwig
|
|
*
|
|
* Address space accounting code <alan@lxorguk.ukuu.org.uk>
|
|
* (C) Copyright 2002 Red Hat Inc, All Rights Reserved
|
|
*/
|
|
|
|
#include <linux/mm.h>
|
|
#include <linux/hugetlb.h>
|
|
#include <linux/shm.h>
|
|
#include <linux/mman.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/highmem.h>
|
|
#include <linux/security.h>
|
|
#include <linux/mempolicy.h>
|
|
#include <linux/personality.h>
|
|
#include <linux/syscalls.h>
|
|
#include <linux/swap.h>
|
|
#include <linux/swapops.h>
|
|
#include <linux/mmu_notifier.h>
|
|
#include <linux/migrate.h>
|
|
#include <linux/perf_event.h>
|
|
#include <linux/pkeys.h>
|
|
#include <linux/ksm.h>
|
|
#include <linux/uaccess.h>
|
|
#include <linux/mm_inline.h>
|
|
#include <asm/pgtable.h>
|
|
#include <asm/cacheflush.h>
|
|
#include <asm/mmu_context.h>
|
|
#include <asm/tlbflush.h>
|
|
|
|
#include "internal.h"
|
|
|
|
static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
|
|
unsigned long addr, unsigned long end, pgprot_t newprot,
|
|
int dirty_accountable, int prot_numa)
|
|
{
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
pte_t *pte, oldpte;
|
|
spinlock_t *ptl;
|
|
unsigned long pages = 0;
|
|
int target_node = NUMA_NO_NODE;
|
|
|
|
/*
|
|
* Can be called with only the mmap_sem for reading by
|
|
* prot_numa so we must check the pmd isn't constantly
|
|
* changing from under us from pmd_none to pmd_trans_huge
|
|
* and/or the other way around.
|
|
*/
|
|
if (pmd_trans_unstable(pmd))
|
|
return 0;
|
|
|
|
/*
|
|
* The pmd points to a regular pte so the pmd can't change
|
|
* from under us even if the mmap_sem is only hold for
|
|
* reading.
|
|
*/
|
|
pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
|
|
|
|
/* Get target node for single threaded private VMAs */
|
|
if (prot_numa && !(vma->vm_flags & VM_SHARED) &&
|
|
atomic_read(&vma->vm_mm->mm_users) == 1)
|
|
target_node = numa_node_id();
|
|
|
|
flush_tlb_batched_pending(vma->vm_mm);
|
|
arch_enter_lazy_mmu_mode();
|
|
do {
|
|
oldpte = *pte;
|
|
if (pte_present(oldpte)) {
|
|
pte_t ptent;
|
|
bool preserve_write = prot_numa && pte_write(oldpte);
|
|
|
|
/*
|
|
* Avoid trapping faults against the zero or KSM
|
|
* pages. See similar comment in change_huge_pmd.
|
|
*/
|
|
if (prot_numa) {
|
|
struct page *page;
|
|
|
|
page = vm_normal_page(vma, addr, oldpte);
|
|
if (!page || PageKsm(page))
|
|
continue;
|
|
|
|
/* Also skip shared copy-on-write pages */
|
|
if (is_cow_mapping(vma->vm_flags) &&
|
|
page_mapcount(page) != 1)
|
|
continue;
|
|
|
|
/*
|
|
* While migration can move some dirty pages,
|
|
* it cannot move them all from MIGRATE_ASYNC
|
|
* context.
|
|
*/
|
|
if (page_is_file_cache(page) && PageDirty(page))
|
|
continue;
|
|
|
|
/* Avoid TLB flush if possible */
|
|
if (pte_protnone(oldpte))
|
|
continue;
|
|
|
|
/*
|
|
* Don't mess with PTEs if page is already on the node
|
|
* a single-threaded process is running on.
|
|
*/
|
|
if (target_node == page_to_nid(page))
|
|
continue;
|
|
}
|
|
|
|
ptent = ptep_modify_prot_start(mm, addr, pte);
|
|
ptent = pte_modify(ptent, newprot);
|
|
if (preserve_write)
|
|
ptent = pte_mk_savedwrite(ptent);
|
|
|
|
/* Avoid taking write faults for known dirty pages */
|
|
if (dirty_accountable && pte_dirty(ptent) &&
|
|
(pte_soft_dirty(ptent) ||
|
|
!(vma->vm_flags & VM_SOFTDIRTY))) {
|
|
ptent = pte_mkwrite(ptent);
|
|
}
|
|
ptep_modify_prot_commit(mm, addr, pte, ptent);
|
|
pages++;
|
|
} else if (IS_ENABLED(CONFIG_MIGRATION)) {
|
|
swp_entry_t entry = pte_to_swp_entry(oldpte);
|
|
|
|
if (is_write_migration_entry(entry)) {
|
|
pte_t newpte;
|
|
/*
|
|
* A protection check is difficult so
|
|
* just be safe and disable write
|
|
*/
|
|
make_migration_entry_read(&entry);
|
|
newpte = swp_entry_to_pte(entry);
|
|
if (pte_swp_soft_dirty(oldpte))
|
|
newpte = pte_swp_mksoft_dirty(newpte);
|
|
set_pte_at(mm, addr, pte, newpte);
|
|
|
|
pages++;
|
|
}
|
|
|
|
if (is_write_device_private_entry(entry)) {
|
|
pte_t newpte;
|
|
|
|
/*
|
|
* We do not preserve soft-dirtiness. See
|
|
* copy_one_pte() for explanation.
|
|
*/
|
|
make_device_private_entry_read(&entry);
|
|
newpte = swp_entry_to_pte(entry);
|
|
set_pte_at(mm, addr, pte, newpte);
|
|
|
|
pages++;
|
|
}
|
|
}
|
|
} while (pte++, addr += PAGE_SIZE, addr != end);
|
|
arch_leave_lazy_mmu_mode();
|
|
pte_unmap_unlock(pte - 1, ptl);
|
|
|
|
return pages;
|
|
}
|
|
|
|
static inline unsigned long change_pmd_range(struct vm_area_struct *vma,
|
|
pud_t *pud, unsigned long addr, unsigned long end,
|
|
pgprot_t newprot, int dirty_accountable, int prot_numa)
|
|
{
|
|
pmd_t *pmd;
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
unsigned long next;
|
|
unsigned long pages = 0;
|
|
unsigned long nr_huge_updates = 0;
|
|
unsigned long mni_start = 0;
|
|
|
|
pmd = pmd_offset(pud, addr);
|
|
do {
|
|
unsigned long this_pages;
|
|
|
|
next = pmd_addr_end(addr, end);
|
|
if (!is_swap_pmd(*pmd) && !pmd_trans_huge(*pmd) && !pmd_devmap(*pmd)
|
|
&& pmd_none_or_clear_bad(pmd))
|
|
goto next;
|
|
|
|
/* invoke the mmu notifier if the pmd is populated */
|
|
if (!mni_start) {
|
|
mni_start = addr;
|
|
mmu_notifier_invalidate_range_start(mm, mni_start, end);
|
|
}
|
|
|
|
if (is_swap_pmd(*pmd) || pmd_trans_huge(*pmd) || pmd_devmap(*pmd)) {
|
|
if (next - addr != HPAGE_PMD_SIZE) {
|
|
__split_huge_pmd(vma, pmd, addr, false, NULL);
|
|
} else {
|
|
int nr_ptes = change_huge_pmd(vma, pmd, addr,
|
|
newprot, prot_numa);
|
|
|
|
if (nr_ptes) {
|
|
if (nr_ptes == HPAGE_PMD_NR) {
|
|
pages += HPAGE_PMD_NR;
|
|
nr_huge_updates++;
|
|
}
|
|
|
|
/* huge pmd was handled */
|
|
goto next;
|
|
}
|
|
}
|
|
/* fall through, the trans huge pmd just split */
|
|
}
|
|
this_pages = change_pte_range(vma, pmd, addr, next, newprot,
|
|
dirty_accountable, prot_numa);
|
|
pages += this_pages;
|
|
next:
|
|
cond_resched();
|
|
} while (pmd++, addr = next, addr != end);
|
|
|
|
if (mni_start)
|
|
mmu_notifier_invalidate_range_end(mm, mni_start, end);
|
|
|
|
if (nr_huge_updates)
|
|
count_vm_numa_events(NUMA_HUGE_PTE_UPDATES, nr_huge_updates);
|
|
return pages;
|
|
}
|
|
|
|
static inline unsigned long change_pud_range(struct vm_area_struct *vma,
|
|
p4d_t *p4d, unsigned long addr, unsigned long end,
|
|
pgprot_t newprot, int dirty_accountable, int prot_numa)
|
|
{
|
|
pud_t *pud;
|
|
unsigned long next;
|
|
unsigned long pages = 0;
|
|
|
|
pud = pud_offset(p4d, addr);
|
|
do {
|
|
next = pud_addr_end(addr, end);
|
|
if (pud_none_or_clear_bad(pud))
|
|
continue;
|
|
pages += change_pmd_range(vma, pud, addr, next, newprot,
|
|
dirty_accountable, prot_numa);
|
|
} while (pud++, addr = next, addr != end);
|
|
|
|
return pages;
|
|
}
|
|
|
|
static inline unsigned long change_p4d_range(struct vm_area_struct *vma,
|
|
pgd_t *pgd, unsigned long addr, unsigned long end,
|
|
pgprot_t newprot, int dirty_accountable, int prot_numa)
|
|
{
|
|
p4d_t *p4d;
|
|
unsigned long next;
|
|
unsigned long pages = 0;
|
|
|
|
p4d = p4d_offset(pgd, addr);
|
|
do {
|
|
next = p4d_addr_end(addr, end);
|
|
if (p4d_none_or_clear_bad(p4d))
|
|
continue;
|
|
pages += change_pud_range(vma, p4d, addr, next, newprot,
|
|
dirty_accountable, prot_numa);
|
|
} while (p4d++, addr = next, addr != end);
|
|
|
|
return pages;
|
|
}
|
|
|
|
static unsigned long change_protection_range(struct vm_area_struct *vma,
|
|
unsigned long addr, unsigned long end, pgprot_t newprot,
|
|
int dirty_accountable, int prot_numa)
|
|
{
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
pgd_t *pgd;
|
|
unsigned long next;
|
|
unsigned long start = addr;
|
|
unsigned long pages = 0;
|
|
|
|
BUG_ON(addr >= end);
|
|
pgd = pgd_offset(mm, addr);
|
|
flush_cache_range(vma, addr, end);
|
|
inc_tlb_flush_pending(mm);
|
|
do {
|
|
next = pgd_addr_end(addr, end);
|
|
if (pgd_none_or_clear_bad(pgd))
|
|
continue;
|
|
pages += change_p4d_range(vma, pgd, addr, next, newprot,
|
|
dirty_accountable, prot_numa);
|
|
} while (pgd++, addr = next, addr != end);
|
|
|
|
/* Only flush the TLB if we actually modified any entries: */
|
|
if (pages)
|
|
flush_tlb_range(vma, start, end);
|
|
dec_tlb_flush_pending(mm);
|
|
|
|
return pages;
|
|
}
|
|
|
|
unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
|
|
unsigned long end, pgprot_t newprot,
|
|
int dirty_accountable, int prot_numa)
|
|
{
|
|
unsigned long pages;
|
|
|
|
if (is_vm_hugetlb_page(vma))
|
|
pages = hugetlb_change_protection(vma, start, end, newprot);
|
|
else
|
|
pages = change_protection_range(vma, start, end, newprot, dirty_accountable, prot_numa);
|
|
|
|
return pages;
|
|
}
|
|
|
|
static int prot_none_pte_entry(pte_t *pte, unsigned long addr,
|
|
unsigned long next, struct mm_walk *walk)
|
|
{
|
|
return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ?
|
|
0 : -EACCES;
|
|
}
|
|
|
|
static int prot_none_hugetlb_entry(pte_t *pte, unsigned long hmask,
|
|
unsigned long addr, unsigned long next,
|
|
struct mm_walk *walk)
|
|
{
|
|
return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ?
|
|
0 : -EACCES;
|
|
}
|
|
|
|
static int prot_none_test(unsigned long addr, unsigned long next,
|
|
struct mm_walk *walk)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static int prot_none_walk(struct vm_area_struct *vma, unsigned long start,
|
|
unsigned long end, unsigned long newflags)
|
|
{
|
|
pgprot_t new_pgprot = vm_get_page_prot(newflags);
|
|
struct mm_walk prot_none_walk = {
|
|
.pte_entry = prot_none_pte_entry,
|
|
.hugetlb_entry = prot_none_hugetlb_entry,
|
|
.test_walk = prot_none_test,
|
|
.mm = current->mm,
|
|
.private = &new_pgprot,
|
|
};
|
|
|
|
return walk_page_range(start, end, &prot_none_walk);
|
|
}
|
|
|
|
int
|
|
mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
|
|
unsigned long start, unsigned long end, unsigned long newflags)
|
|
{
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
unsigned long oldflags = vma->vm_flags;
|
|
long nrpages = (end - start) >> PAGE_SHIFT;
|
|
unsigned long charged = 0;
|
|
pgoff_t pgoff;
|
|
int error;
|
|
int dirty_accountable = 0;
|
|
|
|
if (newflags == oldflags) {
|
|
*pprev = vma;
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Do PROT_NONE PFN permission checks here when we can still
|
|
* bail out without undoing a lot of state. This is a rather
|
|
* uncommon case, so doesn't need to be very optimized.
|
|
*/
|
|
if (arch_has_pfn_modify_check() &&
|
|
(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) &&
|
|
(newflags & (VM_READ|VM_WRITE|VM_EXEC)) == 0) {
|
|
error = prot_none_walk(vma, start, end, newflags);
|
|
if (error)
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* If we make a private mapping writable we increase our commit;
|
|
* but (without finer accounting) cannot reduce our commit if we
|
|
* make it unwritable again. hugetlb mapping were accounted for
|
|
* even if read-only so there is no need to account for them here
|
|
*/
|
|
if (newflags & VM_WRITE) {
|
|
/* Check space limits when area turns into data. */
|
|
if (!may_expand_vm(mm, newflags, nrpages) &&
|
|
may_expand_vm(mm, oldflags, nrpages))
|
|
return -ENOMEM;
|
|
if (!(oldflags & (VM_ACCOUNT|VM_WRITE|VM_HUGETLB|
|
|
VM_SHARED|VM_NORESERVE))) {
|
|
charged = nrpages;
|
|
if (security_vm_enough_memory_mm(mm, charged))
|
|
return -ENOMEM;
|
|
newflags |= VM_ACCOUNT;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* First try to merge with previous and/or next vma.
|
|
*/
|
|
pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
|
|
*pprev = vma_merge(mm, *pprev, start, end, newflags,
|
|
vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma),
|
|
vma->vm_userfaultfd_ctx, vma_get_anon_name(vma));
|
|
if (*pprev) {
|
|
vma = *pprev;
|
|
VM_WARN_ON((vma->vm_flags ^ newflags) & ~VM_SOFTDIRTY);
|
|
goto success;
|
|
}
|
|
|
|
*pprev = vma;
|
|
|
|
if (start != vma->vm_start) {
|
|
error = split_vma(mm, vma, start, 1);
|
|
if (error)
|
|
goto fail;
|
|
}
|
|
|
|
if (end != vma->vm_end) {
|
|
error = split_vma(mm, vma, end, 0);
|
|
if (error)
|
|
goto fail;
|
|
}
|
|
|
|
success:
|
|
/*
|
|
* vm_flags and vm_page_prot are protected by the mmap_sem
|
|
* held in write mode.
|
|
*/
|
|
vm_write_begin(vma);
|
|
WRITE_ONCE(vma->vm_flags, newflags);
|
|
dirty_accountable = vma_wants_writenotify(vma, vma->vm_page_prot);
|
|
vma_set_page_prot(vma);
|
|
|
|
change_protection(vma, start, end, vma->vm_page_prot,
|
|
dirty_accountable, 0);
|
|
vm_write_end(vma);
|
|
|
|
/*
|
|
* Private VM_LOCKED VMA becoming writable: trigger COW to avoid major
|
|
* fault on access.
|
|
*/
|
|
if ((oldflags & (VM_WRITE | VM_SHARED | VM_LOCKED)) == VM_LOCKED &&
|
|
(newflags & VM_WRITE)) {
|
|
populate_vma_page_range(vma, start, end, NULL);
|
|
}
|
|
|
|
vm_stat_account(mm, oldflags, -nrpages);
|
|
vm_stat_account(mm, newflags, nrpages);
|
|
perf_event_mmap(vma);
|
|
return 0;
|
|
|
|
fail:
|
|
vm_unacct_memory(charged);
|
|
return error;
|
|
}
|
|
|
|
/*
|
|
* pkey==-1 when doing a legacy mprotect()
|
|
*/
|
|
static int do_mprotect_pkey(unsigned long start, size_t len,
|
|
unsigned long prot, int pkey)
|
|
{
|
|
unsigned long nstart, end, tmp, reqprot;
|
|
struct vm_area_struct *vma, *prev;
|
|
int error = -EINVAL;
|
|
const int grows = prot & (PROT_GROWSDOWN|PROT_GROWSUP);
|
|
const bool rier = (current->personality & READ_IMPLIES_EXEC) &&
|
|
(prot & PROT_READ);
|
|
|
|
start = untagged_addr(start);
|
|
|
|
prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP);
|
|
if (grows == (PROT_GROWSDOWN|PROT_GROWSUP)) /* can't be both */
|
|
return -EINVAL;
|
|
|
|
if (start & ~PAGE_MASK)
|
|
return -EINVAL;
|
|
if (!len)
|
|
return 0;
|
|
len = PAGE_ALIGN(len);
|
|
end = start + len;
|
|
if (end <= start)
|
|
return -ENOMEM;
|
|
if (!arch_validate_prot(prot, start))
|
|
return -EINVAL;
|
|
|
|
reqprot = prot;
|
|
|
|
if (down_write_killable(¤t->mm->mmap_sem))
|
|
return -EINTR;
|
|
|
|
/*
|
|
* If userspace did not allocate the pkey, do not let
|
|
* them use it here.
|
|
*/
|
|
error = -EINVAL;
|
|
if ((pkey != -1) && !mm_pkey_is_allocated(current->mm, pkey))
|
|
goto out;
|
|
|
|
vma = find_vma(current->mm, start);
|
|
error = -ENOMEM;
|
|
if (!vma)
|
|
goto out;
|
|
prev = vma->vm_prev;
|
|
if (unlikely(grows & PROT_GROWSDOWN)) {
|
|
if (vma->vm_start >= end)
|
|
goto out;
|
|
start = vma->vm_start;
|
|
error = -EINVAL;
|
|
if (!(vma->vm_flags & VM_GROWSDOWN))
|
|
goto out;
|
|
} else {
|
|
if (vma->vm_start > start)
|
|
goto out;
|
|
if (unlikely(grows & PROT_GROWSUP)) {
|
|
end = vma->vm_end;
|
|
error = -EINVAL;
|
|
if (!(vma->vm_flags & VM_GROWSUP))
|
|
goto out;
|
|
}
|
|
}
|
|
if (start > vma->vm_start)
|
|
prev = vma;
|
|
|
|
for (nstart = start ; ; ) {
|
|
unsigned long mask_off_old_flags;
|
|
unsigned long newflags;
|
|
int new_vma_pkey;
|
|
|
|
/* Here we know that vma->vm_start <= nstart < vma->vm_end. */
|
|
|
|
/* Does the application expect PROT_READ to imply PROT_EXEC */
|
|
if (rier && (vma->vm_flags & VM_MAYEXEC))
|
|
prot |= PROT_EXEC;
|
|
|
|
/*
|
|
* Each mprotect() call explicitly passes r/w/x permissions.
|
|
* If a permission is not passed to mprotect(), it must be
|
|
* cleared from the VMA.
|
|
*/
|
|
mask_off_old_flags = VM_READ | VM_WRITE | VM_EXEC |
|
|
VM_FLAGS_CLEAR;
|
|
|
|
new_vma_pkey = arch_override_mprotect_pkey(vma, prot, pkey);
|
|
newflags = calc_vm_prot_bits(prot, new_vma_pkey);
|
|
newflags |= (vma->vm_flags & ~mask_off_old_flags);
|
|
|
|
/* newflags >> 4 shift VM_MAY% in place of VM_% */
|
|
if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
|
|
error = -EACCES;
|
|
goto out;
|
|
}
|
|
|
|
error = security_file_mprotect(vma, reqprot, prot);
|
|
if (error)
|
|
goto out;
|
|
|
|
tmp = vma->vm_end;
|
|
if (tmp > end)
|
|
tmp = end;
|
|
error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
|
|
if (error)
|
|
goto out;
|
|
nstart = tmp;
|
|
|
|
if (nstart < prev->vm_end)
|
|
nstart = prev->vm_end;
|
|
if (nstart >= end)
|
|
goto out;
|
|
|
|
vma = prev->vm_next;
|
|
if (!vma || vma->vm_start != nstart) {
|
|
error = -ENOMEM;
|
|
goto out;
|
|
}
|
|
prot = reqprot;
|
|
}
|
|
out:
|
|
up_write(¤t->mm->mmap_sem);
|
|
return error;
|
|
}
|
|
|
|
SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
|
|
unsigned long, prot)
|
|
{
|
|
return do_mprotect_pkey(start, len, prot, -1);
|
|
}
|
|
|
|
#ifdef CONFIG_ARCH_HAS_PKEYS
|
|
|
|
SYSCALL_DEFINE4(pkey_mprotect, unsigned long, start, size_t, len,
|
|
unsigned long, prot, int, pkey)
|
|
{
|
|
return do_mprotect_pkey(start, len, prot, pkey);
|
|
}
|
|
|
|
SYSCALL_DEFINE2(pkey_alloc, unsigned long, flags, unsigned long, init_val)
|
|
{
|
|
int pkey;
|
|
int ret;
|
|
|
|
/* No flags supported yet. */
|
|
if (flags)
|
|
return -EINVAL;
|
|
/* check for unsupported init values */
|
|
if (init_val & ~PKEY_ACCESS_MASK)
|
|
return -EINVAL;
|
|
|
|
down_write(¤t->mm->mmap_sem);
|
|
pkey = mm_pkey_alloc(current->mm);
|
|
|
|
ret = -ENOSPC;
|
|
if (pkey == -1)
|
|
goto out;
|
|
|
|
ret = arch_set_user_pkey_access(current, pkey, init_val);
|
|
if (ret) {
|
|
mm_pkey_free(current->mm, pkey);
|
|
goto out;
|
|
}
|
|
ret = pkey;
|
|
out:
|
|
up_write(¤t->mm->mmap_sem);
|
|
return ret;
|
|
}
|
|
|
|
SYSCALL_DEFINE1(pkey_free, int, pkey)
|
|
{
|
|
int ret;
|
|
|
|
down_write(¤t->mm->mmap_sem);
|
|
ret = mm_pkey_free(current->mm, pkey);
|
|
up_write(¤t->mm->mmap_sem);
|
|
|
|
/*
|
|
* We could provie warnings or errors if any VMA still
|
|
* has the pkey set here.
|
|
*/
|
|
return ret;
|
|
}
|
|
|
|
#endif /* CONFIG_ARCH_HAS_PKEYS */
|