nommu.c revision 2ed7c03ec17779afb4fcfa3b8c61df61bd4879ba
1/* 2 * linux/mm/nommu.c 3 * 4 * Replacement code for mm functions to support CPU's that don't 5 * have any form of memory management unit (thus no virtual memory). 6 * 7 * See Documentation/nommu-mmap.txt 8 * 9 * Copyright (c) 2004-2008 David Howells <dhowells@redhat.com> 10 * Copyright (c) 2000-2003 David McCullough <davidm@snapgear.com> 11 * Copyright (c) 2000-2001 D Jeff Dionne <jeff@uClinux.org> 12 * Copyright (c) 2002 Greg Ungerer <gerg@snapgear.com> 13 * Copyright (c) 2007-2008 Paul Mundt <lethal@linux-sh.org> 14 */ 15 16#include <linux/module.h> 17#include <linux/mm.h> 18#include <linux/mman.h> 19#include <linux/swap.h> 20#include <linux/file.h> 21#include <linux/highmem.h> 22#include <linux/pagemap.h> 23#include <linux/slab.h> 24#include <linux/vmalloc.h> 25#include <linux/tracehook.h> 26#include <linux/blkdev.h> 27#include <linux/backing-dev.h> 28#include <linux/mount.h> 29#include <linux/personality.h> 30#include <linux/security.h> 31#include <linux/syscalls.h> 32 33#include <asm/uaccess.h> 34#include <asm/tlb.h> 35#include <asm/tlbflush.h> 36#include "internal.h" 37 38static inline __attribute__((format(printf, 1, 2))) 39void no_printk(const char *fmt, ...) 40{ 41} 42 43#if 0 44#define kenter(FMT, ...) \ 45 printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) 46#define kleave(FMT, ...) \ 47 printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) 48#define kdebug(FMT, ...) \ 49 printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__) 50#else 51#define kenter(FMT, ...) \ 52 no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) 53#define kleave(FMT, ...) \ 54 no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) 55#define kdebug(FMT, ...) \ 56 no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__) 57#endif 58 59#include "internal.h" 60 61void *high_memory; 62struct page *mem_map; 63unsigned long max_mapnr; 64unsigned long num_physpages; 65atomic_long_t vm_committed_space = ATOMIC_LONG_INIT(0); 66int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ 67int sysctl_overcommit_ratio = 50; /* default is 50% */ 68int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; 69int sysctl_nr_trim_pages = 1; /* page trimming behaviour */ 70int heap_stack_gap = 0; 71 72atomic_t mmap_pages_allocated; 73 74EXPORT_SYMBOL(mem_map); 75EXPORT_SYMBOL(num_physpages); 76 77/* list of mapped, potentially shareable regions */ 78static struct kmem_cache *vm_region_jar; 79struct rb_root nommu_region_tree = RB_ROOT; 80DECLARE_RWSEM(nommu_region_sem); 81 82struct vm_operations_struct generic_file_vm_ops = { 83}; 84 85/* 86 * Handle all mappings that got truncated by a "truncate()" 87 * system call. 88 * 89 * NOTE! We have to be ready to update the memory sharing 90 * between the file and the memory map for a potential last 91 * incomplete page. Ugly, but necessary. 92 */ 93int vmtruncate(struct inode *inode, loff_t offset) 94{ 95 struct address_space *mapping = inode->i_mapping; 96 unsigned long limit; 97 98 if (inode->i_size < offset) 99 goto do_expand; 100 i_size_write(inode, offset); 101 102 truncate_inode_pages(mapping, offset); 103 goto out_truncate; 104 105do_expand: 106 limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; 107 if (limit != RLIM_INFINITY && offset > limit) 108 goto out_sig; 109 if (offset > inode->i_sb->s_maxbytes) 110 goto out; 111 i_size_write(inode, offset); 112 113out_truncate: 114 if (inode->i_op->truncate) 115 inode->i_op->truncate(inode); 116 return 0; 117out_sig: 118 send_sig(SIGXFSZ, current, 0); 119out: 120 return -EFBIG; 121} 122 123EXPORT_SYMBOL(vmtruncate); 124 125/* 126 * Return the total memory allocated for this pointer, not 127 * just what the caller asked for. 128 * 129 * Doesn't have to be accurate, i.e. may have races. 130 */ 131unsigned int kobjsize(const void *objp) 132{ 133 struct page *page; 134 135 /* 136 * If the object we have should not have ksize performed on it, 137 * return size of 0 138 */ 139 if (!objp || !virt_addr_valid(objp)) 140 return 0; 141 142 page = virt_to_head_page(objp); 143 144 /* 145 * If the allocator sets PageSlab, we know the pointer came from 146 * kmalloc(). 147 */ 148 if (PageSlab(page)) 149 return ksize(objp); 150 151 /* 152 * If it's not a compound page, see if we have a matching VMA 153 * region. This test is intentionally done in reverse order, 154 * so if there's no VMA, we still fall through and hand back 155 * PAGE_SIZE for 0-order pages. 156 */ 157 if (!PageCompound(page)) { 158 struct vm_area_struct *vma; 159 160 vma = find_vma(current->mm, (unsigned long)objp); 161 if (vma) 162 return vma->vm_end - vma->vm_start; 163 } 164 165 /* 166 * The ksize() function is only guaranteed to work for pointers 167 * returned by kmalloc(). So handle arbitrary pointers here. 168 */ 169 return PAGE_SIZE << compound_order(page); 170} 171 172int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 173 unsigned long start, int len, int flags, 174 struct page **pages, struct vm_area_struct **vmas) 175{ 176 struct vm_area_struct *vma; 177 unsigned long vm_flags; 178 int i; 179 int write = !!(flags & GUP_FLAGS_WRITE); 180 int force = !!(flags & GUP_FLAGS_FORCE); 181 int ignore = !!(flags & GUP_FLAGS_IGNORE_VMA_PERMISSIONS); 182 183 /* calculate required read or write permissions. 184 * - if 'force' is set, we only require the "MAY" flags. 185 */ 186 vm_flags = write ? (VM_WRITE | VM_MAYWRITE) : (VM_READ | VM_MAYREAD); 187 vm_flags &= force ? (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); 188 189 for (i = 0; i < len; i++) { 190 vma = find_vma(mm, start); 191 if (!vma) 192 goto finish_or_fault; 193 194 /* protect what we can, including chardevs */ 195 if (vma->vm_flags & (VM_IO | VM_PFNMAP) || 196 (!ignore && !(vm_flags & vma->vm_flags))) 197 goto finish_or_fault; 198 199 if (pages) { 200 pages[i] = virt_to_page(start); 201 if (pages[i]) 202 page_cache_get(pages[i]); 203 } 204 if (vmas) 205 vmas[i] = vma; 206 start += PAGE_SIZE; 207 } 208 209 return i; 210 211finish_or_fault: 212 return i ? : -EFAULT; 213} 214 215 216/* 217 * get a list of pages in an address range belonging to the specified process 218 * and indicate the VMA that covers each page 219 * - this is potentially dodgy as we may end incrementing the page count of a 220 * slab page or a secondary page from a compound page 221 * - don't permit access to VMAs that don't support it, such as I/O mappings 222 */ 223int get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 224 unsigned long start, int len, int write, int force, 225 struct page **pages, struct vm_area_struct **vmas) 226{ 227 int flags = 0; 228 229 if (write) 230 flags |= GUP_FLAGS_WRITE; 231 if (force) 232 flags |= GUP_FLAGS_FORCE; 233 234 return __get_user_pages(tsk, mm, 235 start, len, flags, 236 pages, vmas); 237} 238EXPORT_SYMBOL(get_user_pages); 239 240DEFINE_RWLOCK(vmlist_lock); 241struct vm_struct *vmlist; 242 243void vfree(const void *addr) 244{ 245 kfree(addr); 246} 247EXPORT_SYMBOL(vfree); 248 249void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) 250{ 251 /* 252 * You can't specify __GFP_HIGHMEM with kmalloc() since kmalloc() 253 * returns only a logical address. 254 */ 255 return kmalloc(size, (gfp_mask | __GFP_COMP) & ~__GFP_HIGHMEM); 256} 257EXPORT_SYMBOL(__vmalloc); 258 259void *vmalloc_user(unsigned long size) 260{ 261 void *ret; 262 263 ret = __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, 264 PAGE_KERNEL); 265 if (ret) { 266 struct vm_area_struct *vma; 267 268 down_write(¤t->mm->mmap_sem); 269 vma = find_vma(current->mm, (unsigned long)ret); 270 if (vma) 271 vma->vm_flags |= VM_USERMAP; 272 up_write(¤t->mm->mmap_sem); 273 } 274 275 return ret; 276} 277EXPORT_SYMBOL(vmalloc_user); 278 279struct page *vmalloc_to_page(const void *addr) 280{ 281 return virt_to_page(addr); 282} 283EXPORT_SYMBOL(vmalloc_to_page); 284 285unsigned long vmalloc_to_pfn(const void *addr) 286{ 287 return page_to_pfn(virt_to_page(addr)); 288} 289EXPORT_SYMBOL(vmalloc_to_pfn); 290 291long vread(char *buf, char *addr, unsigned long count) 292{ 293 memcpy(buf, addr, count); 294 return count; 295} 296 297long vwrite(char *buf, char *addr, unsigned long count) 298{ 299 /* Don't allow overflow */ 300 if ((unsigned long) addr + count < count) 301 count = -(unsigned long) addr; 302 303 memcpy(addr, buf, count); 304 return(count); 305} 306 307/* 308 * vmalloc - allocate virtually continguos memory 309 * 310 * @size: allocation size 311 * 312 * Allocate enough pages to cover @size from the page level 313 * allocator and map them into continguos kernel virtual space. 314 * 315 * For tight control over page level allocator and protection flags 316 * use __vmalloc() instead. 317 */ 318void *vmalloc(unsigned long size) 319{ 320 return __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL); 321} 322EXPORT_SYMBOL(vmalloc); 323 324void *vmalloc_node(unsigned long size, int node) 325{ 326 return vmalloc(size); 327} 328EXPORT_SYMBOL(vmalloc_node); 329 330#ifndef PAGE_KERNEL_EXEC 331# define PAGE_KERNEL_EXEC PAGE_KERNEL 332#endif 333 334/** 335 * vmalloc_exec - allocate virtually contiguous, executable memory 336 * @size: allocation size 337 * 338 * Kernel-internal function to allocate enough pages to cover @size 339 * the page level allocator and map them into contiguous and 340 * executable kernel virtual space. 341 * 342 * For tight control over page level allocator and protection flags 343 * use __vmalloc() instead. 344 */ 345 346void *vmalloc_exec(unsigned long size) 347{ 348 return __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC); 349} 350 351/** 352 * vmalloc_32 - allocate virtually contiguous memory (32bit addressable) 353 * @size: allocation size 354 * 355 * Allocate enough 32bit PA addressable pages to cover @size from the 356 * page level allocator and map them into continguos kernel virtual space. 357 */ 358void *vmalloc_32(unsigned long size) 359{ 360 return __vmalloc(size, GFP_KERNEL, PAGE_KERNEL); 361} 362EXPORT_SYMBOL(vmalloc_32); 363 364/** 365 * vmalloc_32_user - allocate zeroed virtually contiguous 32bit memory 366 * @size: allocation size 367 * 368 * The resulting memory area is 32bit addressable and zeroed so it can be 369 * mapped to userspace without leaking data. 370 * 371 * VM_USERMAP is set on the corresponding VMA so that subsequent calls to 372 * remap_vmalloc_range() are permissible. 373 */ 374void *vmalloc_32_user(unsigned long size) 375{ 376 /* 377 * We'll have to sort out the ZONE_DMA bits for 64-bit, 378 * but for now this can simply use vmalloc_user() directly. 379 */ 380 return vmalloc_user(size); 381} 382EXPORT_SYMBOL(vmalloc_32_user); 383 384void *vmap(struct page **pages, unsigned int count, unsigned long flags, pgprot_t prot) 385{ 386 BUG(); 387 return NULL; 388} 389EXPORT_SYMBOL(vmap); 390 391void vunmap(const void *addr) 392{ 393 BUG(); 394} 395EXPORT_SYMBOL(vunmap); 396 397/* 398 * Implement a stub for vmalloc_sync_all() if the architecture chose not to 399 * have one. 400 */ 401void __attribute__((weak)) vmalloc_sync_all(void) 402{ 403} 404 405int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, 406 struct page *page) 407{ 408 return -EINVAL; 409} 410EXPORT_SYMBOL(vm_insert_page); 411 412/* 413 * sys_brk() for the most part doesn't need the global kernel 414 * lock, except when an application is doing something nasty 415 * like trying to un-brk an area that has already been mapped 416 * to a regular file. in this case, the unmapping will need 417 * to invoke file system routines that need the global lock. 418 */ 419asmlinkage long sys_brk(unsigned long brk) 420{ 421 struct mm_struct *mm = current->mm; 422 423 if (brk < mm->start_brk || brk > mm->context.end_brk) 424 return mm->brk; 425 426 if (mm->brk == brk) 427 return mm->brk; 428 429 /* 430 * Always allow shrinking brk 431 */ 432 if (brk <= mm->brk) { 433 mm->brk = brk; 434 return brk; 435 } 436 437 /* 438 * Ok, looks good - let it rip. 439 */ 440 return mm->brk = brk; 441} 442 443/* 444 * initialise the VMA and region record slabs 445 */ 446void __init mmap_init(void) 447{ 448 vm_region_jar = kmem_cache_create("vm_region_jar", 449 sizeof(struct vm_region), 0, 450 SLAB_PANIC, NULL); 451 vm_area_cachep = kmem_cache_create("vm_area_struct", 452 sizeof(struct vm_area_struct), 0, 453 SLAB_PANIC, NULL); 454} 455 456/* 457 * validate the region tree 458 * - the caller must hold the region lock 459 */ 460#ifdef CONFIG_DEBUG_NOMMU_REGIONS 461static noinline void validate_nommu_regions(void) 462{ 463 struct vm_region *region, *last; 464 struct rb_node *p, *lastp; 465 466 lastp = rb_first(&nommu_region_tree); 467 if (!lastp) 468 return; 469 470 last = rb_entry(lastp, struct vm_region, vm_rb); 471 if (unlikely(last->vm_end <= last->vm_start)) 472 BUG(); 473 if (unlikely(last->vm_top < last->vm_end)) 474 BUG(); 475 476 while ((p = rb_next(lastp))) { 477 region = rb_entry(p, struct vm_region, vm_rb); 478 last = rb_entry(lastp, struct vm_region, vm_rb); 479 480 if (unlikely(region->vm_end <= region->vm_start)) 481 BUG(); 482 if (unlikely(region->vm_top < region->vm_end)) 483 BUG(); 484 if (unlikely(region->vm_start < last->vm_top)) 485 BUG(); 486 487 lastp = p; 488 } 489} 490#else 491#define validate_nommu_regions() do {} while(0) 492#endif 493 494/* 495 * add a region into the global tree 496 */ 497static void add_nommu_region(struct vm_region *region) 498{ 499 struct vm_region *pregion; 500 struct rb_node **p, *parent; 501 502 validate_nommu_regions(); 503 504 BUG_ON(region->vm_start & ~PAGE_MASK); 505 506 parent = NULL; 507 p = &nommu_region_tree.rb_node; 508 while (*p) { 509 parent = *p; 510 pregion = rb_entry(parent, struct vm_region, vm_rb); 511 if (region->vm_start < pregion->vm_start) 512 p = &(*p)->rb_left; 513 else if (region->vm_start > pregion->vm_start) 514 p = &(*p)->rb_right; 515 else if (pregion == region) 516 return; 517 else 518 BUG(); 519 } 520 521 rb_link_node(®ion->vm_rb, parent, p); 522 rb_insert_color(®ion->vm_rb, &nommu_region_tree); 523 524 validate_nommu_regions(); 525} 526 527/* 528 * delete a region from the global tree 529 */ 530static void delete_nommu_region(struct vm_region *region) 531{ 532 BUG_ON(!nommu_region_tree.rb_node); 533 534 validate_nommu_regions(); 535 rb_erase(®ion->vm_rb, &nommu_region_tree); 536 validate_nommu_regions(); 537} 538 539/* 540 * free a contiguous series of pages 541 */ 542static void free_page_series(unsigned long from, unsigned long to) 543{ 544 for (; from < to; from += PAGE_SIZE) { 545 struct page *page = virt_to_page(from); 546 547 kdebug("- free %lx", from); 548 atomic_dec(&mmap_pages_allocated); 549 if (page_count(page) != 1) 550 kdebug("free page %p [%d]", page, page_count(page)); 551 put_page(page); 552 } 553} 554 555/* 556 * release a reference to a region 557 * - the caller must hold the region semaphore, which this releases 558 * - the region may not have been added to the tree yet, in which case vm_top 559 * will equal vm_start 560 */ 561static void __put_nommu_region(struct vm_region *region) 562 __releases(nommu_region_sem) 563{ 564 kenter("%p{%d}", region, atomic_read(®ion->vm_usage)); 565 566 BUG_ON(!nommu_region_tree.rb_node); 567 568 if (atomic_dec_and_test(®ion->vm_usage)) { 569 if (region->vm_top > region->vm_start) 570 delete_nommu_region(region); 571 up_write(&nommu_region_sem); 572 573 if (region->vm_file) 574 fput(region->vm_file); 575 576 /* IO memory and memory shared directly out of the pagecache 577 * from ramfs/tmpfs mustn't be released here */ 578 if (region->vm_flags & VM_MAPPED_COPY) { 579 kdebug("free series"); 580 free_page_series(region->vm_start, region->vm_top); 581 } 582 kmem_cache_free(vm_region_jar, region); 583 } else { 584 up_write(&nommu_region_sem); 585 } 586} 587 588/* 589 * release a reference to a region 590 */ 591static void put_nommu_region(struct vm_region *region) 592{ 593 down_write(&nommu_region_sem); 594 __put_nommu_region(region); 595} 596 597/* 598 * add a VMA into a process's mm_struct in the appropriate place in the list 599 * and tree and add to the address space's page tree also if not an anonymous 600 * page 601 * - should be called with mm->mmap_sem held writelocked 602 */ 603static void add_vma_to_mm(struct mm_struct *mm, struct vm_area_struct *vma) 604{ 605 struct vm_area_struct *pvma, **pp; 606 struct address_space *mapping; 607 struct rb_node **p, *parent; 608 609 kenter(",%p", vma); 610 611 BUG_ON(!vma->vm_region); 612 613 mm->map_count++; 614 vma->vm_mm = mm; 615 616 /* add the VMA to the mapping */ 617 if (vma->vm_file) { 618 mapping = vma->vm_file->f_mapping; 619 620 flush_dcache_mmap_lock(mapping); 621 vma_prio_tree_insert(vma, &mapping->i_mmap); 622 flush_dcache_mmap_unlock(mapping); 623 } 624 625 /* add the VMA to the tree */ 626 parent = NULL; 627 p = &mm->mm_rb.rb_node; 628 while (*p) { 629 parent = *p; 630 pvma = rb_entry(parent, struct vm_area_struct, vm_rb); 631 632 /* sort by: start addr, end addr, VMA struct addr in that order 633 * (the latter is necessary as we may get identical VMAs) */ 634 if (vma->vm_start < pvma->vm_start) 635 p = &(*p)->rb_left; 636 else if (vma->vm_start > pvma->vm_start) 637 p = &(*p)->rb_right; 638 else if (vma->vm_end < pvma->vm_end) 639 p = &(*p)->rb_left; 640 else if (vma->vm_end > pvma->vm_end) 641 p = &(*p)->rb_right; 642 else if (vma < pvma) 643 p = &(*p)->rb_left; 644 else if (vma > pvma) 645 p = &(*p)->rb_right; 646 else 647 BUG(); 648 } 649 650 rb_link_node(&vma->vm_rb, parent, p); 651 rb_insert_color(&vma->vm_rb, &mm->mm_rb); 652 653 /* add VMA to the VMA list also */ 654 for (pp = &mm->mmap; (pvma = *pp); pp = &(*pp)->vm_next) { 655 if (pvma->vm_start > vma->vm_start) 656 break; 657 if (pvma->vm_start < vma->vm_start) 658 continue; 659 if (pvma->vm_end < vma->vm_end) 660 break; 661 } 662 663 vma->vm_next = *pp; 664 *pp = vma; 665} 666 667/* 668 * delete a VMA from its owning mm_struct and address space 669 */ 670static void delete_vma_from_mm(struct vm_area_struct *vma) 671{ 672 struct vm_area_struct **pp; 673 struct address_space *mapping; 674 struct mm_struct *mm = vma->vm_mm; 675 676 kenter("%p", vma); 677 678 mm->map_count--; 679 if (mm->mmap_cache == vma) 680 mm->mmap_cache = NULL; 681 682 /* remove the VMA from the mapping */ 683 if (vma->vm_file) { 684 mapping = vma->vm_file->f_mapping; 685 686 flush_dcache_mmap_lock(mapping); 687 vma_prio_tree_remove(vma, &mapping->i_mmap); 688 flush_dcache_mmap_unlock(mapping); 689 } 690 691 /* remove from the MM's tree and list */ 692 rb_erase(&vma->vm_rb, &mm->mm_rb); 693 for (pp = &mm->mmap; *pp; pp = &(*pp)->vm_next) { 694 if (*pp == vma) { 695 *pp = vma->vm_next; 696 break; 697 } 698 } 699 700 vma->vm_mm = NULL; 701} 702 703/* 704 * destroy a VMA record 705 */ 706static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma) 707{ 708 kenter("%p", vma); 709 if (vma->vm_ops && vma->vm_ops->close) 710 vma->vm_ops->close(vma); 711 if (vma->vm_file) { 712 fput(vma->vm_file); 713 if (vma->vm_flags & VM_EXECUTABLE) 714 removed_exe_file_vma(mm); 715 } 716 put_nommu_region(vma->vm_region); 717 kmem_cache_free(vm_area_cachep, vma); 718} 719 720/* 721 * look up the first VMA in which addr resides, NULL if none 722 * - should be called with mm->mmap_sem at least held readlocked 723 */ 724struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) 725{ 726 struct vm_area_struct *vma; 727 struct rb_node *n = mm->mm_rb.rb_node; 728 729 /* check the cache first */ 730 vma = mm->mmap_cache; 731 if (vma && vma->vm_start <= addr && vma->vm_end > addr) 732 return vma; 733 734 /* trawl the tree (there may be multiple mappings in which addr 735 * resides) */ 736 for (n = rb_first(&mm->mm_rb); n; n = rb_next(n)) { 737 vma = rb_entry(n, struct vm_area_struct, vm_rb); 738 if (vma->vm_start > addr) 739 return NULL; 740 if (vma->vm_end > addr) { 741 mm->mmap_cache = vma; 742 return vma; 743 } 744 } 745 746 return NULL; 747} 748EXPORT_SYMBOL(find_vma); 749 750/* 751 * find a VMA 752 * - we don't extend stack VMAs under NOMMU conditions 753 */ 754struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr) 755{ 756 return find_vma(mm, addr); 757} 758 759/* 760 * expand a stack to a given address 761 * - not supported under NOMMU conditions 762 */ 763int expand_stack(struct vm_area_struct *vma, unsigned long address) 764{ 765 return -ENOMEM; 766} 767 768/* 769 * look up the first VMA exactly that exactly matches addr 770 * - should be called with mm->mmap_sem at least held readlocked 771 */ 772static struct vm_area_struct *find_vma_exact(struct mm_struct *mm, 773 unsigned long addr, 774 unsigned long len) 775{ 776 struct vm_area_struct *vma; 777 struct rb_node *n = mm->mm_rb.rb_node; 778 unsigned long end = addr + len; 779 780 /* check the cache first */ 781 vma = mm->mmap_cache; 782 if (vma && vma->vm_start == addr && vma->vm_end == end) 783 return vma; 784 785 /* trawl the tree (there may be multiple mappings in which addr 786 * resides) */ 787 for (n = rb_first(&mm->mm_rb); n; n = rb_next(n)) { 788 vma = rb_entry(n, struct vm_area_struct, vm_rb); 789 if (vma->vm_start < addr) 790 continue; 791 if (vma->vm_start > addr) 792 return NULL; 793 if (vma->vm_end == end) { 794 mm->mmap_cache = vma; 795 return vma; 796 } 797 } 798 799 return NULL; 800} 801 802/* 803 * determine whether a mapping should be permitted and, if so, what sort of 804 * mapping we're capable of supporting 805 */ 806static int validate_mmap_request(struct file *file, 807 unsigned long addr, 808 unsigned long len, 809 unsigned long prot, 810 unsigned long flags, 811 unsigned long pgoff, 812 unsigned long *_capabilities) 813{ 814 unsigned long capabilities, rlen; 815 unsigned long reqprot = prot; 816 int ret; 817 818 /* do the simple checks first */ 819 if (flags & MAP_FIXED || addr) { 820 printk(KERN_DEBUG 821 "%d: Can't do fixed-address/overlay mmap of RAM\n", 822 current->pid); 823 return -EINVAL; 824 } 825 826 if ((flags & MAP_TYPE) != MAP_PRIVATE && 827 (flags & MAP_TYPE) != MAP_SHARED) 828 return -EINVAL; 829 830 if (!len) 831 return -EINVAL; 832 833 /* Careful about overflows.. */ 834 rlen = PAGE_ALIGN(len); 835 if (!rlen || rlen > TASK_SIZE) 836 return -ENOMEM; 837 838 /* offset overflow? */ 839 if ((pgoff + (rlen >> PAGE_SHIFT)) < pgoff) 840 return -EOVERFLOW; 841 842 if (file) { 843 /* validate file mapping requests */ 844 struct address_space *mapping; 845 846 /* files must support mmap */ 847 if (!file->f_op || !file->f_op->mmap) 848 return -ENODEV; 849 850 /* work out if what we've got could possibly be shared 851 * - we support chardevs that provide their own "memory" 852 * - we support files/blockdevs that are memory backed 853 */ 854 mapping = file->f_mapping; 855 if (!mapping) 856 mapping = file->f_path.dentry->d_inode->i_mapping; 857 858 capabilities = 0; 859 if (mapping && mapping->backing_dev_info) 860 capabilities = mapping->backing_dev_info->capabilities; 861 862 if (!capabilities) { 863 /* no explicit capabilities set, so assume some 864 * defaults */ 865 switch (file->f_path.dentry->d_inode->i_mode & S_IFMT) { 866 case S_IFREG: 867 case S_IFBLK: 868 capabilities = BDI_CAP_MAP_COPY; 869 break; 870 871 case S_IFCHR: 872 capabilities = 873 BDI_CAP_MAP_DIRECT | 874 BDI_CAP_READ_MAP | 875 BDI_CAP_WRITE_MAP; 876 break; 877 878 default: 879 return -EINVAL; 880 } 881 } 882 883 /* eliminate any capabilities that we can't support on this 884 * device */ 885 if (!file->f_op->get_unmapped_area) 886 capabilities &= ~BDI_CAP_MAP_DIRECT; 887 if (!file->f_op->read) 888 capabilities &= ~BDI_CAP_MAP_COPY; 889 890 if (flags & MAP_SHARED) { 891 /* do checks for writing, appending and locking */ 892 if ((prot & PROT_WRITE) && 893 !(file->f_mode & FMODE_WRITE)) 894 return -EACCES; 895 896 if (IS_APPEND(file->f_path.dentry->d_inode) && 897 (file->f_mode & FMODE_WRITE)) 898 return -EACCES; 899 900 if (locks_verify_locked(file->f_path.dentry->d_inode)) 901 return -EAGAIN; 902 903 if (!(capabilities & BDI_CAP_MAP_DIRECT)) 904 return -ENODEV; 905 906 if (((prot & PROT_READ) && !(capabilities & BDI_CAP_READ_MAP)) || 907 ((prot & PROT_WRITE) && !(capabilities & BDI_CAP_WRITE_MAP)) || 908 ((prot & PROT_EXEC) && !(capabilities & BDI_CAP_EXEC_MAP)) 909 ) { 910 printk("MAP_SHARED not completely supported on !MMU\n"); 911 return -EINVAL; 912 } 913 914 /* we mustn't privatise shared mappings */ 915 capabilities &= ~BDI_CAP_MAP_COPY; 916 } 917 else { 918 /* we're going to read the file into private memory we 919 * allocate */ 920 if (!(capabilities & BDI_CAP_MAP_COPY)) 921 return -ENODEV; 922 923 /* we don't permit a private writable mapping to be 924 * shared with the backing device */ 925 if (prot & PROT_WRITE) 926 capabilities &= ~BDI_CAP_MAP_DIRECT; 927 } 928 929 /* handle executable mappings and implied executable 930 * mappings */ 931 if (file->f_path.mnt->mnt_flags & MNT_NOEXEC) { 932 if (prot & PROT_EXEC) 933 return -EPERM; 934 } 935 else if ((prot & PROT_READ) && !(prot & PROT_EXEC)) { 936 /* handle implication of PROT_EXEC by PROT_READ */ 937 if (current->personality & READ_IMPLIES_EXEC) { 938 if (capabilities & BDI_CAP_EXEC_MAP) 939 prot |= PROT_EXEC; 940 } 941 } 942 else if ((prot & PROT_READ) && 943 (prot & PROT_EXEC) && 944 !(capabilities & BDI_CAP_EXEC_MAP) 945 ) { 946 /* backing file is not executable, try to copy */ 947 capabilities &= ~BDI_CAP_MAP_DIRECT; 948 } 949 } 950 else { 951 /* anonymous mappings are always memory backed and can be 952 * privately mapped 953 */ 954 capabilities = BDI_CAP_MAP_COPY; 955 956 /* handle PROT_EXEC implication by PROT_READ */ 957 if ((prot & PROT_READ) && 958 (current->personality & READ_IMPLIES_EXEC)) 959 prot |= PROT_EXEC; 960 } 961 962 /* allow the security API to have its say */ 963 ret = security_file_mmap(file, reqprot, prot, flags, addr, 0); 964 if (ret < 0) 965 return ret; 966 967 /* looks okay */ 968 *_capabilities = capabilities; 969 return 0; 970} 971 972/* 973 * we've determined that we can make the mapping, now translate what we 974 * now know into VMA flags 975 */ 976static unsigned long determine_vm_flags(struct file *file, 977 unsigned long prot, 978 unsigned long flags, 979 unsigned long capabilities) 980{ 981 unsigned long vm_flags; 982 983 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags); 984 vm_flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; 985 /* vm_flags |= mm->def_flags; */ 986 987 if (!(capabilities & BDI_CAP_MAP_DIRECT)) { 988 /* attempt to share read-only copies of mapped file chunks */ 989 if (file && !(prot & PROT_WRITE)) 990 vm_flags |= VM_MAYSHARE; 991 } 992 else { 993 /* overlay a shareable mapping on the backing device or inode 994 * if possible - used for chardevs, ramfs/tmpfs/shmfs and 995 * romfs/cramfs */ 996 if (flags & MAP_SHARED) 997 vm_flags |= VM_MAYSHARE | VM_SHARED; 998 else if ((((vm_flags & capabilities) ^ vm_flags) & BDI_CAP_VMFLAGS) == 0) 999 vm_flags |= VM_MAYSHARE; 1000 } 1001 1002 /* refuse to let anyone share private mappings with this process if 1003 * it's being traced - otherwise breakpoints set in it may interfere 1004 * with another untraced process 1005 */ 1006 if ((flags & MAP_PRIVATE) && tracehook_expect_breakpoints(current)) 1007 vm_flags &= ~VM_MAYSHARE; 1008 1009 return vm_flags; 1010} 1011 1012/* 1013 * set up a shared mapping on a file (the driver or filesystem provides and 1014 * pins the storage) 1015 */ 1016static int do_mmap_shared_file(struct vm_area_struct *vma) 1017{ 1018 int ret; 1019 1020 ret = vma->vm_file->f_op->mmap(vma->vm_file, vma); 1021 if (ret == 0) { 1022 vma->vm_region->vm_top = vma->vm_region->vm_end; 1023 return ret; 1024 } 1025 if (ret != -ENOSYS) 1026 return ret; 1027 1028 /* getting an ENOSYS error indicates that direct mmap isn't 1029 * possible (as opposed to tried but failed) so we'll fall 1030 * through to making a private copy of the data and mapping 1031 * that if we can */ 1032 return -ENODEV; 1033} 1034 1035/* 1036 * set up a private mapping or an anonymous shared mapping 1037 */ 1038static int do_mmap_private(struct vm_area_struct *vma, 1039 struct vm_region *region, 1040 unsigned long len) 1041{ 1042 struct page *pages; 1043 unsigned long total, point, n, rlen; 1044 void *base; 1045 int ret, order; 1046 1047 /* invoke the file's mapping function so that it can keep track of 1048 * shared mappings on devices or memory 1049 * - VM_MAYSHARE will be set if it may attempt to share 1050 */ 1051 if (vma->vm_file) { 1052 ret = vma->vm_file->f_op->mmap(vma->vm_file, vma); 1053 if (ret == 0) { 1054 /* shouldn't return success if we're not sharing */ 1055 BUG_ON(!(vma->vm_flags & VM_MAYSHARE)); 1056 vma->vm_region->vm_top = vma->vm_region->vm_end; 1057 return ret; 1058 } 1059 if (ret != -ENOSYS) 1060 return ret; 1061 1062 /* getting an ENOSYS error indicates that direct mmap isn't 1063 * possible (as opposed to tried but failed) so we'll try to 1064 * make a private copy of the data and map that instead */ 1065 } 1066 1067 rlen = PAGE_ALIGN(len); 1068 1069 /* allocate some memory to hold the mapping 1070 * - note that this may not return a page-aligned address if the object 1071 * we're allocating is smaller than a page 1072 */ 1073 order = get_order(rlen); 1074 kdebug("alloc order %d for %lx", order, len); 1075 1076 pages = alloc_pages(GFP_KERNEL, order); 1077 if (!pages) 1078 goto enomem; 1079 1080 total = 1 << order; 1081 atomic_add(total, &mmap_pages_allocated); 1082 1083 point = rlen >> PAGE_SHIFT; 1084 1085 /* we allocated a power-of-2 sized page set, so we may want to trim off 1086 * the excess */ 1087 if (sysctl_nr_trim_pages && total - point >= sysctl_nr_trim_pages) { 1088 while (total > point) { 1089 order = ilog2(total - point); 1090 n = 1 << order; 1091 kdebug("shave %lu/%lu @%lu", n, total - point, total); 1092 atomic_sub(n, &mmap_pages_allocated); 1093 total -= n; 1094 set_page_refcounted(pages + total); 1095 __free_pages(pages + total, order); 1096 } 1097 } 1098 1099 for (point = 1; point < total; point++) 1100 set_page_refcounted(&pages[point]); 1101 1102 base = page_address(pages); 1103 region->vm_flags = vma->vm_flags |= VM_MAPPED_COPY; 1104 region->vm_start = (unsigned long) base; 1105 region->vm_end = region->vm_start + rlen; 1106 region->vm_top = region->vm_start + (total << PAGE_SHIFT); 1107 1108 vma->vm_start = region->vm_start; 1109 vma->vm_end = region->vm_start + len; 1110 1111 if (vma->vm_file) { 1112 /* read the contents of a file into the copy */ 1113 mm_segment_t old_fs; 1114 loff_t fpos; 1115 1116 fpos = vma->vm_pgoff; 1117 fpos <<= PAGE_SHIFT; 1118 1119 old_fs = get_fs(); 1120 set_fs(KERNEL_DS); 1121 ret = vma->vm_file->f_op->read(vma->vm_file, base, rlen, &fpos); 1122 set_fs(old_fs); 1123 1124 if (ret < 0) 1125 goto error_free; 1126 1127 /* clear the last little bit */ 1128 if (ret < rlen) 1129 memset(base + ret, 0, rlen - ret); 1130 1131 } else { 1132 /* if it's an anonymous mapping, then just clear it */ 1133 memset(base, 0, rlen); 1134 } 1135 1136 return 0; 1137 1138error_free: 1139 free_page_series(region->vm_start, region->vm_end); 1140 region->vm_start = vma->vm_start = 0; 1141 region->vm_end = vma->vm_end = 0; 1142 region->vm_top = 0; 1143 return ret; 1144 1145enomem: 1146 printk("Allocation of length %lu from process %d failed\n", 1147 len, current->pid); 1148 show_free_areas(); 1149 return -ENOMEM; 1150} 1151 1152/* 1153 * handle mapping creation for uClinux 1154 */ 1155unsigned long do_mmap_pgoff(struct file *file, 1156 unsigned long addr, 1157 unsigned long len, 1158 unsigned long prot, 1159 unsigned long flags, 1160 unsigned long pgoff) 1161{ 1162 struct vm_area_struct *vma; 1163 struct vm_region *region; 1164 struct rb_node *rb; 1165 unsigned long capabilities, vm_flags, result; 1166 int ret; 1167 1168 kenter(",%lx,%lx,%lx,%lx,%lx", addr, len, prot, flags, pgoff); 1169 1170 if (!(flags & MAP_FIXED)) 1171 addr = round_hint_to_min(addr); 1172 1173 /* decide whether we should attempt the mapping, and if so what sort of 1174 * mapping */ 1175 ret = validate_mmap_request(file, addr, len, prot, flags, pgoff, 1176 &capabilities); 1177 if (ret < 0) { 1178 kleave(" = %d [val]", ret); 1179 return ret; 1180 } 1181 1182 /* we've determined that we can make the mapping, now translate what we 1183 * now know into VMA flags */ 1184 vm_flags = determine_vm_flags(file, prot, flags, capabilities); 1185 1186 /* we're going to need to record the mapping */ 1187 region = kmem_cache_zalloc(vm_region_jar, GFP_KERNEL); 1188 if (!region) 1189 goto error_getting_region; 1190 1191 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); 1192 if (!vma) 1193 goto error_getting_vma; 1194 1195 atomic_set(®ion->vm_usage, 1); 1196 region->vm_flags = vm_flags; 1197 region->vm_pgoff = pgoff; 1198 1199 INIT_LIST_HEAD(&vma->anon_vma_node); 1200 vma->vm_flags = vm_flags; 1201 vma->vm_pgoff = pgoff; 1202 1203 if (file) { 1204 region->vm_file = file; 1205 get_file(file); 1206 vma->vm_file = file; 1207 get_file(file); 1208 if (vm_flags & VM_EXECUTABLE) { 1209 added_exe_file_vma(current->mm); 1210 vma->vm_mm = current->mm; 1211 } 1212 } 1213 1214 down_write(&nommu_region_sem); 1215 1216 /* if we want to share, we need to check for regions created by other 1217 * mmap() calls that overlap with our proposed mapping 1218 * - we can only share with a superset match on most regular files 1219 * - shared mappings on character devices and memory backed files are 1220 * permitted to overlap inexactly as far as we are concerned for in 1221 * these cases, sharing is handled in the driver or filesystem rather 1222 * than here 1223 */ 1224 if (vm_flags & VM_MAYSHARE) { 1225 struct vm_region *pregion; 1226 unsigned long pglen, rpglen, pgend, rpgend, start; 1227 1228 pglen = (len + PAGE_SIZE - 1) >> PAGE_SHIFT; 1229 pgend = pgoff + pglen; 1230 1231 for (rb = rb_first(&nommu_region_tree); rb; rb = rb_next(rb)) { 1232 pregion = rb_entry(rb, struct vm_region, vm_rb); 1233 1234 if (!(pregion->vm_flags & VM_MAYSHARE)) 1235 continue; 1236 1237 /* search for overlapping mappings on the same file */ 1238 if (pregion->vm_file->f_path.dentry->d_inode != 1239 file->f_path.dentry->d_inode) 1240 continue; 1241 1242 if (pregion->vm_pgoff >= pgend) 1243 continue; 1244 1245 rpglen = pregion->vm_end - pregion->vm_start; 1246 rpglen = (rpglen + PAGE_SIZE - 1) >> PAGE_SHIFT; 1247 rpgend = pregion->vm_pgoff + rpglen; 1248 if (pgoff >= rpgend) 1249 continue; 1250 1251 /* handle inexactly overlapping matches between 1252 * mappings */ 1253 if ((pregion->vm_pgoff != pgoff || rpglen != pglen) && 1254 !(pgoff >= pregion->vm_pgoff && pgend <= rpgend)) { 1255 /* new mapping is not a subset of the region */ 1256 if (!(capabilities & BDI_CAP_MAP_DIRECT)) 1257 goto sharing_violation; 1258 continue; 1259 } 1260 1261 /* we've found a region we can share */ 1262 atomic_inc(&pregion->vm_usage); 1263 vma->vm_region = pregion; 1264 start = pregion->vm_start; 1265 start += (pgoff - pregion->vm_pgoff) << PAGE_SHIFT; 1266 vma->vm_start = start; 1267 vma->vm_end = start + len; 1268 1269 if (pregion->vm_flags & VM_MAPPED_COPY) { 1270 kdebug("share copy"); 1271 vma->vm_flags |= VM_MAPPED_COPY; 1272 } else { 1273 kdebug("share mmap"); 1274 ret = do_mmap_shared_file(vma); 1275 if (ret < 0) { 1276 vma->vm_region = NULL; 1277 vma->vm_start = 0; 1278 vma->vm_end = 0; 1279 atomic_dec(&pregion->vm_usage); 1280 pregion = NULL; 1281 goto error_just_free; 1282 } 1283 } 1284 fput(region->vm_file); 1285 kmem_cache_free(vm_region_jar, region); 1286 region = pregion; 1287 result = start; 1288 goto share; 1289 } 1290 1291 /* obtain the address at which to make a shared mapping 1292 * - this is the hook for quasi-memory character devices to 1293 * tell us the location of a shared mapping 1294 */ 1295 if (file && file->f_op->get_unmapped_area) { 1296 addr = file->f_op->get_unmapped_area(file, addr, len, 1297 pgoff, flags); 1298 if (IS_ERR((void *) addr)) { 1299 ret = addr; 1300 if (ret != (unsigned long) -ENOSYS) 1301 goto error_just_free; 1302 1303 /* the driver refused to tell us where to site 1304 * the mapping so we'll have to attempt to copy 1305 * it */ 1306 ret = (unsigned long) -ENODEV; 1307 if (!(capabilities & BDI_CAP_MAP_COPY)) 1308 goto error_just_free; 1309 1310 capabilities &= ~BDI_CAP_MAP_DIRECT; 1311 } else { 1312 vma->vm_start = region->vm_start = addr; 1313 vma->vm_end = region->vm_end = addr + len; 1314 } 1315 } 1316 } 1317 1318 vma->vm_region = region; 1319 1320 /* set up the mapping */ 1321 if (file && vma->vm_flags & VM_SHARED) 1322 ret = do_mmap_shared_file(vma); 1323 else 1324 ret = do_mmap_private(vma, region, len); 1325 if (ret < 0) 1326 goto error_put_region; 1327 1328 add_nommu_region(region); 1329 1330 /* okay... we have a mapping; now we have to register it */ 1331 result = vma->vm_start; 1332 1333 current->mm->total_vm += len >> PAGE_SHIFT; 1334 1335share: 1336 add_vma_to_mm(current->mm, vma); 1337 1338 up_write(&nommu_region_sem); 1339 1340 if (prot & PROT_EXEC) 1341 flush_icache_range(result, result + len); 1342 1343 kleave(" = %lx", result); 1344 return result; 1345 1346error_put_region: 1347 __put_nommu_region(region); 1348 if (vma) { 1349 if (vma->vm_file) { 1350 fput(vma->vm_file); 1351 if (vma->vm_flags & VM_EXECUTABLE) 1352 removed_exe_file_vma(vma->vm_mm); 1353 } 1354 kmem_cache_free(vm_area_cachep, vma); 1355 } 1356 kleave(" = %d [pr]", ret); 1357 return ret; 1358 1359error_just_free: 1360 up_write(&nommu_region_sem); 1361error: 1362 fput(region->vm_file); 1363 kmem_cache_free(vm_region_jar, region); 1364 fput(vma->vm_file); 1365 if (vma->vm_flags & VM_EXECUTABLE) 1366 removed_exe_file_vma(vma->vm_mm); 1367 kmem_cache_free(vm_area_cachep, vma); 1368 kleave(" = %d", ret); 1369 return ret; 1370 1371sharing_violation: 1372 up_write(&nommu_region_sem); 1373 printk(KERN_WARNING "Attempt to share mismatched mappings\n"); 1374 ret = -EINVAL; 1375 goto error; 1376 1377error_getting_vma: 1378 kmem_cache_free(vm_region_jar, region); 1379 printk(KERN_WARNING "Allocation of vma for %lu byte allocation" 1380 " from process %d failed\n", 1381 len, current->pid); 1382 show_free_areas(); 1383 return -ENOMEM; 1384 1385error_getting_region: 1386 printk(KERN_WARNING "Allocation of vm region for %lu byte allocation" 1387 " from process %d failed\n", 1388 len, current->pid); 1389 show_free_areas(); 1390 return -ENOMEM; 1391} 1392EXPORT_SYMBOL(do_mmap_pgoff); 1393 1394/* 1395 * split a vma into two pieces at address 'addr', a new vma is allocated either 1396 * for the first part or the tail. 1397 */ 1398int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, 1399 unsigned long addr, int new_below) 1400{ 1401 struct vm_area_struct *new; 1402 struct vm_region *region; 1403 unsigned long npages; 1404 1405 kenter(""); 1406 1407 /* we're only permitted to split anonymous regions that have a single 1408 * owner */ 1409 if (vma->vm_file || 1410 atomic_read(&vma->vm_region->vm_usage) != 1) 1411 return -ENOMEM; 1412 1413 if (mm->map_count >= sysctl_max_map_count) 1414 return -ENOMEM; 1415 1416 region = kmem_cache_alloc(vm_region_jar, GFP_KERNEL); 1417 if (!region) 1418 return -ENOMEM; 1419 1420 new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); 1421 if (!new) { 1422 kmem_cache_free(vm_region_jar, region); 1423 return -ENOMEM; 1424 } 1425 1426 /* most fields are the same, copy all, and then fixup */ 1427 *new = *vma; 1428 *region = *vma->vm_region; 1429 new->vm_region = region; 1430 1431 npages = (addr - vma->vm_start) >> PAGE_SHIFT; 1432 1433 if (new_below) { 1434 region->vm_top = region->vm_end = new->vm_end = addr; 1435 } else { 1436 region->vm_start = new->vm_start = addr; 1437 region->vm_pgoff = new->vm_pgoff += npages; 1438 } 1439 1440 if (new->vm_ops && new->vm_ops->open) 1441 new->vm_ops->open(new); 1442 1443 delete_vma_from_mm(vma); 1444 down_write(&nommu_region_sem); 1445 delete_nommu_region(vma->vm_region); 1446 if (new_below) { 1447 vma->vm_region->vm_start = vma->vm_start = addr; 1448 vma->vm_region->vm_pgoff = vma->vm_pgoff += npages; 1449 } else { 1450 vma->vm_region->vm_end = vma->vm_end = addr; 1451 vma->vm_region->vm_top = addr; 1452 } 1453 add_nommu_region(vma->vm_region); 1454 add_nommu_region(new->vm_region); 1455 up_write(&nommu_region_sem); 1456 add_vma_to_mm(mm, vma); 1457 add_vma_to_mm(mm, new); 1458 return 0; 1459} 1460 1461/* 1462 * shrink a VMA by removing the specified chunk from either the beginning or 1463 * the end 1464 */ 1465static int shrink_vma(struct mm_struct *mm, 1466 struct vm_area_struct *vma, 1467 unsigned long from, unsigned long to) 1468{ 1469 struct vm_region *region; 1470 1471 kenter(""); 1472 1473 /* adjust the VMA's pointers, which may reposition it in the MM's tree 1474 * and list */ 1475 delete_vma_from_mm(vma); 1476 if (from > vma->vm_start) 1477 vma->vm_end = from; 1478 else 1479 vma->vm_start = to; 1480 add_vma_to_mm(mm, vma); 1481 1482 /* cut the backing region down to size */ 1483 region = vma->vm_region; 1484 BUG_ON(atomic_read(®ion->vm_usage) != 1); 1485 1486 down_write(&nommu_region_sem); 1487 delete_nommu_region(region); 1488 if (from > region->vm_start) { 1489 to = region->vm_top; 1490 region->vm_top = region->vm_end = from; 1491 } else { 1492 region->vm_start = to; 1493 } 1494 add_nommu_region(region); 1495 up_write(&nommu_region_sem); 1496 1497 free_page_series(from, to); 1498 return 0; 1499} 1500 1501/* 1502 * release a mapping 1503 * - under NOMMU conditions the chunk to be unmapped must be backed by a single 1504 * VMA, though it need not cover the whole VMA 1505 */ 1506int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) 1507{ 1508 struct vm_area_struct *vma; 1509 struct rb_node *rb; 1510 unsigned long end = start + len; 1511 int ret; 1512 1513 kenter(",%lx,%zx", start, len); 1514 1515 if (len == 0) 1516 return -EINVAL; 1517 1518 /* find the first potentially overlapping VMA */ 1519 vma = find_vma(mm, start); 1520 if (!vma) { 1521 printk(KERN_WARNING 1522 "munmap of memory not mmapped by process %d (%s):" 1523 " 0x%lx-0x%lx\n", 1524 current->pid, current->comm, start, start + len - 1); 1525 return -EINVAL; 1526 } 1527 1528 /* we're allowed to split an anonymous VMA but not a file-backed one */ 1529 if (vma->vm_file) { 1530 do { 1531 if (start > vma->vm_start) { 1532 kleave(" = -EINVAL [miss]"); 1533 return -EINVAL; 1534 } 1535 if (end == vma->vm_end) 1536 goto erase_whole_vma; 1537 rb = rb_next(&vma->vm_rb); 1538 vma = rb_entry(rb, struct vm_area_struct, vm_rb); 1539 } while (rb); 1540 kleave(" = -EINVAL [split file]"); 1541 return -EINVAL; 1542 } else { 1543 /* the chunk must be a subset of the VMA found */ 1544 if (start == vma->vm_start && end == vma->vm_end) 1545 goto erase_whole_vma; 1546 if (start < vma->vm_start || end > vma->vm_end) { 1547 kleave(" = -EINVAL [superset]"); 1548 return -EINVAL; 1549 } 1550 if (start & ~PAGE_MASK) { 1551 kleave(" = -EINVAL [unaligned start]"); 1552 return -EINVAL; 1553 } 1554 if (end != vma->vm_end && end & ~PAGE_MASK) { 1555 kleave(" = -EINVAL [unaligned split]"); 1556 return -EINVAL; 1557 } 1558 if (start != vma->vm_start && end != vma->vm_end) { 1559 ret = split_vma(mm, vma, start, 1); 1560 if (ret < 0) { 1561 kleave(" = %d [split]", ret); 1562 return ret; 1563 } 1564 } 1565 return shrink_vma(mm, vma, start, end); 1566 } 1567 1568erase_whole_vma: 1569 delete_vma_from_mm(vma); 1570 delete_vma(mm, vma); 1571 kleave(" = 0"); 1572 return 0; 1573} 1574EXPORT_SYMBOL(do_munmap); 1575 1576asmlinkage long sys_munmap(unsigned long addr, size_t len) 1577{ 1578 int ret; 1579 struct mm_struct *mm = current->mm; 1580 1581 down_write(&mm->mmap_sem); 1582 ret = do_munmap(mm, addr, len); 1583 up_write(&mm->mmap_sem); 1584 return ret; 1585} 1586 1587/* 1588 * release all the mappings made in a process's VM space 1589 */ 1590void exit_mmap(struct mm_struct *mm) 1591{ 1592 struct vm_area_struct *vma; 1593 1594 if (!mm) 1595 return; 1596 1597 kenter(""); 1598 1599 mm->total_vm = 0; 1600 1601 while ((vma = mm->mmap)) { 1602 mm->mmap = vma->vm_next; 1603 delete_vma_from_mm(vma); 1604 delete_vma(mm, vma); 1605 } 1606 1607 kleave(""); 1608} 1609 1610unsigned long do_brk(unsigned long addr, unsigned long len) 1611{ 1612 return -ENOMEM; 1613} 1614 1615/* 1616 * expand (or shrink) an existing mapping, potentially moving it at the same 1617 * time (controlled by the MREMAP_MAYMOVE flag and available VM space) 1618 * 1619 * under NOMMU conditions, we only permit changing a mapping's size, and only 1620 * as long as it stays within the region allocated by do_mmap_private() and the 1621 * block is not shareable 1622 * 1623 * MREMAP_FIXED is not supported under NOMMU conditions 1624 */ 1625unsigned long do_mremap(unsigned long addr, 1626 unsigned long old_len, unsigned long new_len, 1627 unsigned long flags, unsigned long new_addr) 1628{ 1629 struct vm_area_struct *vma; 1630 1631 /* insanity checks first */ 1632 if (old_len == 0 || new_len == 0) 1633 return (unsigned long) -EINVAL; 1634 1635 if (addr & ~PAGE_MASK) 1636 return -EINVAL; 1637 1638 if (flags & MREMAP_FIXED && new_addr != addr) 1639 return (unsigned long) -EINVAL; 1640 1641 vma = find_vma_exact(current->mm, addr, old_len); 1642 if (!vma) 1643 return (unsigned long) -EINVAL; 1644 1645 if (vma->vm_end != vma->vm_start + old_len) 1646 return (unsigned long) -EFAULT; 1647 1648 if (vma->vm_flags & VM_MAYSHARE) 1649 return (unsigned long) -EPERM; 1650 1651 if (new_len > vma->vm_region->vm_end - vma->vm_region->vm_start) 1652 return (unsigned long) -ENOMEM; 1653 1654 /* all checks complete - do it */ 1655 vma->vm_end = vma->vm_start + new_len; 1656 return vma->vm_start; 1657} 1658EXPORT_SYMBOL(do_mremap); 1659 1660asmlinkage 1661unsigned long sys_mremap(unsigned long addr, 1662 unsigned long old_len, unsigned long new_len, 1663 unsigned long flags, unsigned long new_addr) 1664{ 1665 unsigned long ret; 1666 1667 down_write(¤t->mm->mmap_sem); 1668 ret = do_mremap(addr, old_len, new_len, flags, new_addr); 1669 up_write(¤t->mm->mmap_sem); 1670 return ret; 1671} 1672 1673struct page *follow_page(struct vm_area_struct *vma, unsigned long address, 1674 unsigned int foll_flags) 1675{ 1676 return NULL; 1677} 1678 1679int remap_pfn_range(struct vm_area_struct *vma, unsigned long from, 1680 unsigned long to, unsigned long size, pgprot_t prot) 1681{ 1682 vma->vm_start = vma->vm_pgoff << PAGE_SHIFT; 1683 return 0; 1684} 1685EXPORT_SYMBOL(remap_pfn_range); 1686 1687int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, 1688 unsigned long pgoff) 1689{ 1690 unsigned int size = vma->vm_end - vma->vm_start; 1691 1692 if (!(vma->vm_flags & VM_USERMAP)) 1693 return -EINVAL; 1694 1695 vma->vm_start = (unsigned long)(addr + (pgoff << PAGE_SHIFT)); 1696 vma->vm_end = vma->vm_start + size; 1697 1698 return 0; 1699} 1700EXPORT_SYMBOL(remap_vmalloc_range); 1701 1702void swap_unplug_io_fn(struct backing_dev_info *bdi, struct page *page) 1703{ 1704} 1705 1706unsigned long arch_get_unmapped_area(struct file *file, unsigned long addr, 1707 unsigned long len, unsigned long pgoff, unsigned long flags) 1708{ 1709 return -ENOMEM; 1710} 1711 1712void arch_unmap_area(struct mm_struct *mm, unsigned long addr) 1713{ 1714} 1715 1716void unmap_mapping_range(struct address_space *mapping, 1717 loff_t const holebegin, loff_t const holelen, 1718 int even_cows) 1719{ 1720} 1721EXPORT_SYMBOL(unmap_mapping_range); 1722 1723/* 1724 * ask for an unmapped area at which to create a mapping on a file 1725 */ 1726unsigned long get_unmapped_area(struct file *file, unsigned long addr, 1727 unsigned long len, unsigned long pgoff, 1728 unsigned long flags) 1729{ 1730 unsigned long (*get_area)(struct file *, unsigned long, unsigned long, 1731 unsigned long, unsigned long); 1732 1733 get_area = current->mm->get_unmapped_area; 1734 if (file && file->f_op && file->f_op->get_unmapped_area) 1735 get_area = file->f_op->get_unmapped_area; 1736 1737 if (!get_area) 1738 return -ENOSYS; 1739 1740 return get_area(file, addr, len, pgoff, flags); 1741} 1742EXPORT_SYMBOL(get_unmapped_area); 1743 1744/* 1745 * Check that a process has enough memory to allocate a new virtual 1746 * mapping. 0 means there is enough memory for the allocation to 1747 * succeed and -ENOMEM implies there is not. 1748 * 1749 * We currently support three overcommit policies, which are set via the 1750 * vm.overcommit_memory sysctl. See Documentation/vm/overcommit-accounting 1751 * 1752 * Strict overcommit modes added 2002 Feb 26 by Alan Cox. 1753 * Additional code 2002 Jul 20 by Robert Love. 1754 * 1755 * cap_sys_admin is 1 if the process has admin privileges, 0 otherwise. 1756 * 1757 * Note this is a helper function intended to be used by LSMs which 1758 * wish to use this logic. 1759 */ 1760int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) 1761{ 1762 unsigned long free, allowed; 1763 1764 vm_acct_memory(pages); 1765 1766 /* 1767 * Sometimes we want to use more memory than we have 1768 */ 1769 if (sysctl_overcommit_memory == OVERCOMMIT_ALWAYS) 1770 return 0; 1771 1772 if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) { 1773 unsigned long n; 1774 1775 free = global_page_state(NR_FILE_PAGES); 1776 free += nr_swap_pages; 1777 1778 /* 1779 * Any slabs which are created with the 1780 * SLAB_RECLAIM_ACCOUNT flag claim to have contents 1781 * which are reclaimable, under pressure. The dentry 1782 * cache and most inode caches should fall into this 1783 */ 1784 free += global_page_state(NR_SLAB_RECLAIMABLE); 1785 1786 /* 1787 * Leave the last 3% for root 1788 */ 1789 if (!cap_sys_admin) 1790 free -= free / 32; 1791 1792 if (free > pages) 1793 return 0; 1794 1795 /* 1796 * nr_free_pages() is very expensive on large systems, 1797 * only call if we're about to fail. 1798 */ 1799 n = nr_free_pages(); 1800 1801 /* 1802 * Leave reserved pages. The pages are not for anonymous pages. 1803 */ 1804 if (n <= totalreserve_pages) 1805 goto error; 1806 else 1807 n -= totalreserve_pages; 1808 1809 /* 1810 * Leave the last 3% for root 1811 */ 1812 if (!cap_sys_admin) 1813 n -= n / 32; 1814 free += n; 1815 1816 if (free > pages) 1817 return 0; 1818 1819 goto error; 1820 } 1821 1822 allowed = totalram_pages * sysctl_overcommit_ratio / 100; 1823 /* 1824 * Leave the last 3% for root 1825 */ 1826 if (!cap_sys_admin) 1827 allowed -= allowed / 32; 1828 allowed += total_swap_pages; 1829 1830 /* Don't let a single process grow too big: 1831 leave 3% of the size of this process for other processes */ 1832 if (mm) 1833 allowed -= mm->total_vm / 32; 1834 1835 /* 1836 * cast `allowed' as a signed long because vm_committed_space 1837 * sometimes has a negative value 1838 */ 1839 if (atomic_long_read(&vm_committed_space) < (long)allowed) 1840 return 0; 1841error: 1842 vm_unacct_memory(pages); 1843 1844 return -ENOMEM; 1845} 1846 1847int in_gate_area_no_task(unsigned long addr) 1848{ 1849 return 0; 1850} 1851 1852int filemap_fault(struct vm_area_struct *vma, struct vm_fault *vmf) 1853{ 1854 BUG(); 1855 return 0; 1856} 1857EXPORT_SYMBOL(filemap_fault); 1858 1859/* 1860 * Access another process' address space. 1861 * - source/target buffer must be kernel space 1862 */ 1863int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write) 1864{ 1865 struct vm_area_struct *vma; 1866 struct mm_struct *mm; 1867 1868 if (addr + len < addr) 1869 return 0; 1870 1871 mm = get_task_mm(tsk); 1872 if (!mm) 1873 return 0; 1874 1875 down_read(&mm->mmap_sem); 1876 1877 /* the access must start within one of the target process's mappings */ 1878 vma = find_vma(mm, addr); 1879 if (vma) { 1880 /* don't overrun this mapping */ 1881 if (addr + len >= vma->vm_end) 1882 len = vma->vm_end - addr; 1883 1884 /* only read or write mappings where it is permitted */ 1885 if (write && vma->vm_flags & VM_MAYWRITE) 1886 len -= copy_to_user((void *) addr, buf, len); 1887 else if (!write && vma->vm_flags & VM_MAYREAD) 1888 len -= copy_from_user(buf, (void *) addr, len); 1889 else 1890 len = 0; 1891 } else { 1892 len = 0; 1893 } 1894 1895 up_read(&mm->mmap_sem); 1896 mmput(mm); 1897 return len; 1898} 1899