1 // SPDX-License-Identifier: GPL-2.0-only
5 * Replacement code for mm functions to support CPU's that don't
6 * have any form of memory management unit (thus no virtual memory).
8 * See Documentation/admin-guide/mm/nommu-mmap.rst
10 * Copyright (c) 2004-2008 David Howells <dhowells@redhat.com>
11 * Copyright (c) 2000-2003 David McCullough <davidm@snapgear.com>
12 * Copyright (c) 2000-2001 D Jeff Dionne <jeff@uClinux.org>
13 * Copyright (c) 2002 Greg Ungerer <gerg@snapgear.com>
14 * Copyright (c) 2007-2010 Paul Mundt <lethal@linux-sh.org>
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19 #include <linux/export.h>
21 #include <linux/sched/mm.h>
22 #include <linux/mman.h>
23 #include <linux/swap.h>
24 #include <linux/file.h>
25 #include <linux/highmem.h>
26 #include <linux/pagemap.h>
27 #include <linux/slab.h>
28 #include <linux/vmalloc.h>
29 #include <linux/backing-dev.h>
30 #include <linux/compiler.h>
31 #include <linux/mount.h>
32 #include <linux/personality.h>
33 #include <linux/security.h>
34 #include <linux/syscalls.h>
35 #include <linux/audit.h>
36 #include <linux/printk.h>
38 #include <linux/uaccess.h>
39 #include <linux/uio.h>
41 #include <asm/tlbflush.h>
42 #include <asm/mmu_context.h>
46 EXPORT_SYMBOL(high_memory);
48 unsigned long max_mapnr;
49 EXPORT_SYMBOL(max_mapnr);
50 unsigned long highest_memmap_pfn;
51 int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
52 int heap_stack_gap = 0;
54 atomic_long_t mmap_pages_allocated;
56 EXPORT_SYMBOL(mem_map);
58 /* list of mapped, potentially shareable regions */
59 static struct kmem_cache *vm_region_jar;
60 struct rb_root nommu_region_tree = RB_ROOT;
61 DECLARE_RWSEM(nommu_region_sem);
63 const struct vm_operations_struct generic_file_vm_ops = {
67 * Return the total memory allocated for this pointer, not
68 * just what the caller asked for.
70 * Doesn't have to be accurate, i.e. may have races.
72 unsigned int kobjsize(const void *objp)
77 * If the object we have should not have ksize performed on it,
80 if (!objp || !virt_addr_valid(objp))
83 page = virt_to_head_page(objp);
86 * If the allocator sets PageSlab, we know the pointer came from
93 * If it's not a compound page, see if we have a matching VMA
94 * region. This test is intentionally done in reverse order,
95 * so if there's no VMA, we still fall through and hand back
96 * PAGE_SIZE for 0-order pages.
98 if (!PageCompound(page)) {
99 struct vm_area_struct *vma;
101 vma = find_vma(current->mm, (unsigned long)objp);
103 return vma->vm_end - vma->vm_start;
107 * The ksize() function is only guaranteed to work for pointers
108 * returned by kmalloc(). So handle arbitrary pointers here.
110 return page_size(page);
113 void vfree(const void *addr)
117 EXPORT_SYMBOL(vfree);
119 void *__vmalloc_noprof(unsigned long size, gfp_t gfp_mask)
122 * You can't specify __GFP_HIGHMEM with kmalloc() since kmalloc()
123 * returns only a logical address.
125 return kmalloc_noprof(size, (gfp_mask | __GFP_COMP) & ~__GFP_HIGHMEM);
127 EXPORT_SYMBOL(__vmalloc_noprof);
129 void *__vmalloc_node_range_noprof(unsigned long size, unsigned long align,
130 unsigned long start, unsigned long end, gfp_t gfp_mask,
131 pgprot_t prot, unsigned long vm_flags, int node,
134 return __vmalloc_noprof(size, gfp_mask);
137 void *__vmalloc_node_noprof(unsigned long size, unsigned long align, gfp_t gfp_mask,
138 int node, const void *caller)
140 return __vmalloc_noprof(size, gfp_mask);
143 static void *__vmalloc_user_flags(unsigned long size, gfp_t flags)
147 ret = __vmalloc(size, flags);
149 struct vm_area_struct *vma;
151 mmap_write_lock(current->mm);
152 vma = find_vma(current->mm, (unsigned long)ret);
154 vm_flags_set(vma, VM_USERMAP);
155 mmap_write_unlock(current->mm);
161 void *vmalloc_user_noprof(unsigned long size)
163 return __vmalloc_user_flags(size, GFP_KERNEL | __GFP_ZERO);
165 EXPORT_SYMBOL(vmalloc_user_noprof);
167 struct page *vmalloc_to_page(const void *addr)
169 return virt_to_page(addr);
171 EXPORT_SYMBOL(vmalloc_to_page);
173 unsigned long vmalloc_to_pfn(const void *addr)
175 return page_to_pfn(virt_to_page(addr));
177 EXPORT_SYMBOL(vmalloc_to_pfn);
179 long vread_iter(struct iov_iter *iter, const char *addr, size_t count)
181 /* Don't allow overflow */
182 if ((unsigned long) addr + count < count)
183 count = -(unsigned long) addr;
185 return copy_to_iter(addr, count, iter);
189 * vmalloc - allocate virtually contiguous memory
191 * @size: allocation size
193 * Allocate enough pages to cover @size from the page level
194 * allocator and map them into contiguous kernel virtual space.
196 * For tight control over page level allocator and protection flags
197 * use __vmalloc() instead.
199 void *vmalloc_noprof(unsigned long size)
201 return __vmalloc_noprof(size, GFP_KERNEL);
203 EXPORT_SYMBOL(vmalloc_noprof);
205 void *vmalloc_huge_noprof(unsigned long size, gfp_t gfp_mask) __weak __alias(__vmalloc_noprof);
208 * vzalloc - allocate virtually contiguous memory with zero fill
210 * @size: allocation size
212 * Allocate enough pages to cover @size from the page level
213 * allocator and map them into contiguous kernel virtual space.
214 * The memory allocated is set to zero.
216 * For tight control over page level allocator and protection flags
217 * use __vmalloc() instead.
219 void *vzalloc_noprof(unsigned long size)
221 return __vmalloc_noprof(size, GFP_KERNEL | __GFP_ZERO);
223 EXPORT_SYMBOL(vzalloc_noprof);
226 * vmalloc_node - allocate memory on a specific node
227 * @size: allocation size
230 * Allocate enough pages to cover @size from the page level
231 * allocator and map them into contiguous kernel virtual space.
233 * For tight control over page level allocator and protection flags
234 * use __vmalloc() instead.
236 void *vmalloc_node_noprof(unsigned long size, int node)
238 return vmalloc_noprof(size);
240 EXPORT_SYMBOL(vmalloc_node_noprof);
243 * vzalloc_node - allocate memory on a specific node with zero fill
244 * @size: allocation size
247 * Allocate enough pages to cover @size from the page level
248 * allocator and map them into contiguous kernel virtual space.
249 * The memory allocated is set to zero.
251 * For tight control over page level allocator and protection flags
252 * use __vmalloc() instead.
254 void *vzalloc_node_noprof(unsigned long size, int node)
256 return vzalloc_noprof(size);
258 EXPORT_SYMBOL(vzalloc_node_noprof);
261 * vmalloc_32 - allocate virtually contiguous memory (32bit addressable)
262 * @size: allocation size
264 * Allocate enough 32bit PA addressable pages to cover @size from the
265 * page level allocator and map them into contiguous kernel virtual space.
267 void *vmalloc_32_noprof(unsigned long size)
269 return __vmalloc_noprof(size, GFP_KERNEL);
271 EXPORT_SYMBOL(vmalloc_32_noprof);
274 * vmalloc_32_user - allocate zeroed virtually contiguous 32bit memory
275 * @size: allocation size
277 * The resulting memory area is 32bit addressable and zeroed so it can be
278 * mapped to userspace without leaking data.
280 * VM_USERMAP is set on the corresponding VMA so that subsequent calls to
281 * remap_vmalloc_range() are permissible.
283 void *vmalloc_32_user_noprof(unsigned long size)
286 * We'll have to sort out the ZONE_DMA bits for 64-bit,
287 * but for now this can simply use vmalloc_user() directly.
289 return vmalloc_user_noprof(size);
291 EXPORT_SYMBOL(vmalloc_32_user_noprof);
293 void *vmap(struct page **pages, unsigned int count, unsigned long flags, pgprot_t prot)
300 void vunmap(const void *addr)
304 EXPORT_SYMBOL(vunmap);
306 void *vm_map_ram(struct page **pages, unsigned int count, int node)
311 EXPORT_SYMBOL(vm_map_ram);
313 void vm_unmap_ram(const void *mem, unsigned int count)
317 EXPORT_SYMBOL(vm_unmap_ram);
319 void vm_unmap_aliases(void)
322 EXPORT_SYMBOL_GPL(vm_unmap_aliases);
324 void free_vm_area(struct vm_struct *area)
328 EXPORT_SYMBOL_GPL(free_vm_area);
330 int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
335 EXPORT_SYMBOL(vm_insert_page);
337 int vm_map_pages(struct vm_area_struct *vma, struct page **pages,
342 EXPORT_SYMBOL(vm_map_pages);
344 int vm_map_pages_zero(struct vm_area_struct *vma, struct page **pages,
349 EXPORT_SYMBOL(vm_map_pages_zero);
352 * sys_brk() for the most part doesn't need the global kernel
353 * lock, except when an application is doing something nasty
354 * like trying to un-brk an area that has already been mapped
355 * to a regular file. in this case, the unmapping will need
356 * to invoke file system routines that need the global lock.
358 SYSCALL_DEFINE1(brk, unsigned long, brk)
360 struct mm_struct *mm = current->mm;
362 if (brk < mm->start_brk || brk > mm->context.end_brk)
369 * Always allow shrinking brk
371 if (brk <= mm->brk) {
377 * Ok, looks good - let it rip.
379 flush_icache_user_range(mm->brk, brk);
380 return mm->brk = brk;
384 * initialise the percpu counter for VM and region record slabs
386 void __init mmap_init(void)
390 ret = percpu_counter_init(&vm_committed_as, 0, GFP_KERNEL);
392 vm_region_jar = KMEM_CACHE(vm_region, SLAB_PANIC|SLAB_ACCOUNT);
396 * validate the region tree
397 * - the caller must hold the region lock
399 #ifdef CONFIG_DEBUG_NOMMU_REGIONS
400 static noinline void validate_nommu_regions(void)
402 struct vm_region *region, *last;
403 struct rb_node *p, *lastp;
405 lastp = rb_first(&nommu_region_tree);
409 last = rb_entry(lastp, struct vm_region, vm_rb);
410 BUG_ON(last->vm_end <= last->vm_start);
411 BUG_ON(last->vm_top < last->vm_end);
413 while ((p = rb_next(lastp))) {
414 region = rb_entry(p, struct vm_region, vm_rb);
415 last = rb_entry(lastp, struct vm_region, vm_rb);
417 BUG_ON(region->vm_end <= region->vm_start);
418 BUG_ON(region->vm_top < region->vm_end);
419 BUG_ON(region->vm_start < last->vm_top);
425 static void validate_nommu_regions(void)
431 * add a region into the global tree
433 static void add_nommu_region(struct vm_region *region)
435 struct vm_region *pregion;
436 struct rb_node **p, *parent;
438 validate_nommu_regions();
441 p = &nommu_region_tree.rb_node;
444 pregion = rb_entry(parent, struct vm_region, vm_rb);
445 if (region->vm_start < pregion->vm_start)
447 else if (region->vm_start > pregion->vm_start)
449 else if (pregion == region)
455 rb_link_node(®ion->vm_rb, parent, p);
456 rb_insert_color(®ion->vm_rb, &nommu_region_tree);
458 validate_nommu_regions();
462 * delete a region from the global tree
464 static void delete_nommu_region(struct vm_region *region)
466 BUG_ON(!nommu_region_tree.rb_node);
468 validate_nommu_regions();
469 rb_erase(®ion->vm_rb, &nommu_region_tree);
470 validate_nommu_regions();
474 * free a contiguous series of pages
476 static void free_page_series(unsigned long from, unsigned long to)
478 for (; from < to; from += PAGE_SIZE) {
479 struct page *page = virt_to_page((void *)from);
481 atomic_long_dec(&mmap_pages_allocated);
487 * release a reference to a region
488 * - the caller must hold the region semaphore for writing, which this releases
489 * - the region may not have been added to the tree yet, in which case vm_top
490 * will equal vm_start
492 static void __put_nommu_region(struct vm_region *region)
493 __releases(nommu_region_sem)
495 BUG_ON(!nommu_region_tree.rb_node);
497 if (--region->vm_usage == 0) {
498 if (region->vm_top > region->vm_start)
499 delete_nommu_region(region);
500 up_write(&nommu_region_sem);
503 fput(region->vm_file);
505 /* IO memory and memory shared directly out of the pagecache
506 * from ramfs/tmpfs mustn't be released here */
507 if (region->vm_flags & VM_MAPPED_COPY)
508 free_page_series(region->vm_start, region->vm_top);
509 kmem_cache_free(vm_region_jar, region);
511 up_write(&nommu_region_sem);
516 * release a reference to a region
518 static void put_nommu_region(struct vm_region *region)
520 down_write(&nommu_region_sem);
521 __put_nommu_region(region);
524 static void setup_vma_to_mm(struct vm_area_struct *vma, struct mm_struct *mm)
528 /* add the VMA to the mapping */
530 struct address_space *mapping = vma->vm_file->f_mapping;
532 i_mmap_lock_write(mapping);
533 flush_dcache_mmap_lock(mapping);
534 vma_interval_tree_insert(vma, &mapping->i_mmap);
535 flush_dcache_mmap_unlock(mapping);
536 i_mmap_unlock_write(mapping);
540 static void cleanup_vma_from_mm(struct vm_area_struct *vma)
542 vma->vm_mm->map_count--;
543 /* remove the VMA from the mapping */
545 struct address_space *mapping;
546 mapping = vma->vm_file->f_mapping;
548 i_mmap_lock_write(mapping);
549 flush_dcache_mmap_lock(mapping);
550 vma_interval_tree_remove(vma, &mapping->i_mmap);
551 flush_dcache_mmap_unlock(mapping);
552 i_mmap_unlock_write(mapping);
557 * delete a VMA from its owning mm_struct and address space
559 static int delete_vma_from_mm(struct vm_area_struct *vma)
561 VMA_ITERATOR(vmi, vma->vm_mm, vma->vm_start);
563 vma_iter_config(&vmi, vma->vm_start, vma->vm_end);
564 if (vma_iter_prealloc(&vmi, vma)) {
565 pr_warn("Allocation of vma tree for process %d failed\n",
569 cleanup_vma_from_mm(vma);
571 /* remove from the MM's tree and list */
572 vma_iter_clear(&vmi);
576 * destroy a VMA record
578 static void delete_vma(struct mm_struct *mm, struct vm_area_struct *vma)
580 if (vma->vm_ops && vma->vm_ops->close)
581 vma->vm_ops->close(vma);
584 put_nommu_region(vma->vm_region);
588 struct vm_area_struct *find_vma_intersection(struct mm_struct *mm,
589 unsigned long start_addr,
590 unsigned long end_addr)
592 unsigned long index = start_addr;
594 mmap_assert_locked(mm);
595 return mt_find(&mm->mm_mt, &index, end_addr - 1);
597 EXPORT_SYMBOL(find_vma_intersection);
600 * look up the first VMA in which addr resides, NULL if none
601 * - should be called with mm->mmap_lock at least held readlocked
603 struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
605 VMA_ITERATOR(vmi, mm, addr);
607 return vma_iter_load(&vmi);
609 EXPORT_SYMBOL(find_vma);
612 * At least xtensa ends up having protection faults even with no
613 * MMU.. No stack expansion, at least.
615 struct vm_area_struct *lock_mm_and_find_vma(struct mm_struct *mm,
616 unsigned long addr, struct pt_regs *regs)
618 struct vm_area_struct *vma;
621 vma = vma_lookup(mm, addr);
623 mmap_read_unlock(mm);
628 * expand a stack to a given address
629 * - not supported under NOMMU conditions
631 int expand_stack_locked(struct vm_area_struct *vma, unsigned long addr)
636 struct vm_area_struct *expand_stack(struct mm_struct *mm, unsigned long addr)
638 mmap_read_unlock(mm);
643 * look up the first VMA exactly that exactly matches addr
644 * - should be called with mm->mmap_lock at least held readlocked
646 static struct vm_area_struct *find_vma_exact(struct mm_struct *mm,
650 struct vm_area_struct *vma;
651 unsigned long end = addr + len;
652 VMA_ITERATOR(vmi, mm, addr);
654 vma = vma_iter_load(&vmi);
657 if (vma->vm_start != addr)
659 if (vma->vm_end != end)
666 * determine whether a mapping should be permitted and, if so, what sort of
667 * mapping we're capable of supporting
669 static int validate_mmap_request(struct file *file,
675 unsigned long *_capabilities)
677 unsigned long capabilities, rlen;
680 /* do the simple checks first */
681 if (flags & MAP_FIXED)
684 if ((flags & MAP_TYPE) != MAP_PRIVATE &&
685 (flags & MAP_TYPE) != MAP_SHARED)
691 /* Careful about overflows.. */
692 rlen = PAGE_ALIGN(len);
693 if (!rlen || rlen > TASK_SIZE)
696 /* offset overflow? */
697 if ((pgoff + (rlen >> PAGE_SHIFT)) < pgoff)
701 /* files must support mmap */
702 if (!file->f_op->mmap)
705 /* work out if what we've got could possibly be shared
706 * - we support chardevs that provide their own "memory"
707 * - we support files/blockdevs that are memory backed
709 if (file->f_op->mmap_capabilities) {
710 capabilities = file->f_op->mmap_capabilities(file);
712 /* no explicit capabilities set, so assume some
714 switch (file_inode(file)->i_mode & S_IFMT) {
717 capabilities = NOMMU_MAP_COPY;
732 /* eliminate any capabilities that we can't support on this
734 if (!file->f_op->get_unmapped_area)
735 capabilities &= ~NOMMU_MAP_DIRECT;
736 if (!(file->f_mode & FMODE_CAN_READ))
737 capabilities &= ~NOMMU_MAP_COPY;
739 /* The file shall have been opened with read permission. */
740 if (!(file->f_mode & FMODE_READ))
743 if (flags & MAP_SHARED) {
744 /* do checks for writing, appending and locking */
745 if ((prot & PROT_WRITE) &&
746 !(file->f_mode & FMODE_WRITE))
749 if (IS_APPEND(file_inode(file)) &&
750 (file->f_mode & FMODE_WRITE))
753 if (!(capabilities & NOMMU_MAP_DIRECT))
756 /* we mustn't privatise shared mappings */
757 capabilities &= ~NOMMU_MAP_COPY;
759 /* we're going to read the file into private memory we
761 if (!(capabilities & NOMMU_MAP_COPY))
764 /* we don't permit a private writable mapping to be
765 * shared with the backing device */
766 if (prot & PROT_WRITE)
767 capabilities &= ~NOMMU_MAP_DIRECT;
770 if (capabilities & NOMMU_MAP_DIRECT) {
771 if (((prot & PROT_READ) && !(capabilities & NOMMU_MAP_READ)) ||
772 ((prot & PROT_WRITE) && !(capabilities & NOMMU_MAP_WRITE)) ||
773 ((prot & PROT_EXEC) && !(capabilities & NOMMU_MAP_EXEC))
775 capabilities &= ~NOMMU_MAP_DIRECT;
776 if (flags & MAP_SHARED) {
777 pr_warn("MAP_SHARED not completely supported on !MMU\n");
783 /* handle executable mappings and implied executable
785 if (path_noexec(&file->f_path)) {
786 if (prot & PROT_EXEC)
788 } else if ((prot & PROT_READ) && !(prot & PROT_EXEC)) {
789 /* handle implication of PROT_EXEC by PROT_READ */
790 if (current->personality & READ_IMPLIES_EXEC) {
791 if (capabilities & NOMMU_MAP_EXEC)
794 } else if ((prot & PROT_READ) &&
795 (prot & PROT_EXEC) &&
796 !(capabilities & NOMMU_MAP_EXEC)
798 /* backing file is not executable, try to copy */
799 capabilities &= ~NOMMU_MAP_DIRECT;
802 /* anonymous mappings are always memory backed and can be
805 capabilities = NOMMU_MAP_COPY;
807 /* handle PROT_EXEC implication by PROT_READ */
808 if ((prot & PROT_READ) &&
809 (current->personality & READ_IMPLIES_EXEC))
813 /* allow the security API to have its say */
814 ret = security_mmap_addr(addr);
819 *_capabilities = capabilities;
824 * we've determined that we can make the mapping, now translate what we
825 * now know into VMA flags
827 static unsigned long determine_vm_flags(struct file *file,
830 unsigned long capabilities)
832 unsigned long vm_flags;
834 vm_flags = calc_vm_prot_bits(prot, 0) | calc_vm_flag_bits(flags);
838 * MAP_ANONYMOUS. MAP_SHARED is mapped to MAP_PRIVATE, because
839 * there is no fork().
841 vm_flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
842 } else if (flags & MAP_PRIVATE) {
843 /* MAP_PRIVATE file mapping */
844 if (capabilities & NOMMU_MAP_DIRECT)
845 vm_flags |= (capabilities & NOMMU_VMFLAGS);
847 vm_flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
849 if (!(prot & PROT_WRITE) && !current->ptrace)
851 * R/O private file mapping which cannot be used to
852 * modify memory, especially also not via active ptrace
853 * (e.g., set breakpoints) or later by upgrading
854 * permissions (no mprotect()). We can try overlaying
855 * the file mapping, which will work e.g., on chardevs,
856 * ramfs/tmpfs/shmfs and romfs/cramf.
858 vm_flags |= VM_MAYOVERLAY;
860 /* MAP_SHARED file mapping: NOMMU_MAP_DIRECT is set. */
861 vm_flags |= VM_SHARED | VM_MAYSHARE |
862 (capabilities & NOMMU_VMFLAGS);
869 * set up a shared mapping on a file (the driver or filesystem provides and
872 static int do_mmap_shared_file(struct vm_area_struct *vma)
876 ret = call_mmap(vma->vm_file, vma);
878 vma->vm_region->vm_top = vma->vm_region->vm_end;
884 /* getting -ENOSYS indicates that direct mmap isn't possible (as
885 * opposed to tried but failed) so we can only give a suitable error as
886 * it's not possible to make a private copy if MAP_SHARED was given */
891 * set up a private mapping or an anonymous shared mapping
893 static int do_mmap_private(struct vm_area_struct *vma,
894 struct vm_region *region,
896 unsigned long capabilities)
898 unsigned long total, point;
903 * Invoke the file's mapping function so that it can keep track of
904 * shared mappings on devices or memory. VM_MAYOVERLAY will be set if
905 * it may attempt to share, which will make is_nommu_shared_mapping()
908 if (capabilities & NOMMU_MAP_DIRECT) {
909 ret = call_mmap(vma->vm_file, vma);
910 /* shouldn't return success if we're not sharing */
911 if (WARN_ON_ONCE(!is_nommu_shared_mapping(vma->vm_flags)))
914 vma->vm_region->vm_top = vma->vm_region->vm_end;
920 /* getting an ENOSYS error indicates that direct mmap isn't
921 * possible (as opposed to tried but failed) so we'll try to
922 * make a private copy of the data and map that instead */
926 /* allocate some memory to hold the mapping
927 * - note that this may not return a page-aligned address if the object
928 * we're allocating is smaller than a page
930 order = get_order(len);
932 point = len >> PAGE_SHIFT;
934 /* we don't want to allocate a power-of-2 sized page set */
935 if (sysctl_nr_trim_pages && total - point >= sysctl_nr_trim_pages)
938 base = alloc_pages_exact(total << PAGE_SHIFT, GFP_KERNEL);
942 atomic_long_add(total, &mmap_pages_allocated);
944 vm_flags_set(vma, VM_MAPPED_COPY);
945 region->vm_flags = vma->vm_flags;
946 region->vm_start = (unsigned long) base;
947 region->vm_end = region->vm_start + len;
948 region->vm_top = region->vm_start + (total << PAGE_SHIFT);
950 vma->vm_start = region->vm_start;
951 vma->vm_end = region->vm_start + len;
954 /* read the contents of a file into the copy */
957 fpos = vma->vm_pgoff;
960 ret = kernel_read(vma->vm_file, base, len, &fpos);
964 /* clear the last little bit */
966 memset(base + ret, 0, len - ret);
969 vma_set_anonymous(vma);
975 free_page_series(region->vm_start, region->vm_top);
976 region->vm_start = vma->vm_start = 0;
977 region->vm_end = vma->vm_end = 0;
982 pr_err("Allocation of length %lu from process %d (%s) failed\n",
983 len, current->pid, current->comm);
989 * handle mapping creation for uClinux
991 unsigned long do_mmap(struct file *file,
998 unsigned long *populate,
999 struct list_head *uf)
1001 struct vm_area_struct *vma;
1002 struct vm_region *region;
1004 unsigned long capabilities, result;
1006 VMA_ITERATOR(vmi, current->mm, 0);
1010 /* decide whether we should attempt the mapping, and if so what sort of
1012 ret = validate_mmap_request(file, addr, len, prot, flags, pgoff,
1017 /* we ignore the address hint */
1019 len = PAGE_ALIGN(len);
1021 /* we've determined that we can make the mapping, now translate what we
1022 * now know into VMA flags */
1023 vm_flags |= determine_vm_flags(file, prot, flags, capabilities);
1026 /* we're going to need to record the mapping */
1027 region = kmem_cache_zalloc(vm_region_jar, GFP_KERNEL);
1029 goto error_getting_region;
1031 vma = vm_area_alloc(current->mm);
1033 goto error_getting_vma;
1035 region->vm_usage = 1;
1036 region->vm_flags = vm_flags;
1037 region->vm_pgoff = pgoff;
1039 vm_flags_init(vma, vm_flags);
1040 vma->vm_pgoff = pgoff;
1043 region->vm_file = get_file(file);
1044 vma->vm_file = get_file(file);
1047 down_write(&nommu_region_sem);
1049 /* if we want to share, we need to check for regions created by other
1050 * mmap() calls that overlap with our proposed mapping
1051 * - we can only share with a superset match on most regular files
1052 * - shared mappings on character devices and memory backed files are
1053 * permitted to overlap inexactly as far as we are concerned for in
1054 * these cases, sharing is handled in the driver or filesystem rather
1057 if (is_nommu_shared_mapping(vm_flags)) {
1058 struct vm_region *pregion;
1059 unsigned long pglen, rpglen, pgend, rpgend, start;
1061 pglen = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1062 pgend = pgoff + pglen;
1064 for (rb = rb_first(&nommu_region_tree); rb; rb = rb_next(rb)) {
1065 pregion = rb_entry(rb, struct vm_region, vm_rb);
1067 if (!is_nommu_shared_mapping(pregion->vm_flags))
1070 /* search for overlapping mappings on the same file */
1071 if (file_inode(pregion->vm_file) !=
1075 if (pregion->vm_pgoff >= pgend)
1078 rpglen = pregion->vm_end - pregion->vm_start;
1079 rpglen = (rpglen + PAGE_SIZE - 1) >> PAGE_SHIFT;
1080 rpgend = pregion->vm_pgoff + rpglen;
1081 if (pgoff >= rpgend)
1084 /* handle inexactly overlapping matches between
1086 if ((pregion->vm_pgoff != pgoff || rpglen != pglen) &&
1087 !(pgoff >= pregion->vm_pgoff && pgend <= rpgend)) {
1088 /* new mapping is not a subset of the region */
1089 if (!(capabilities & NOMMU_MAP_DIRECT))
1090 goto sharing_violation;
1094 /* we've found a region we can share */
1095 pregion->vm_usage++;
1096 vma->vm_region = pregion;
1097 start = pregion->vm_start;
1098 start += (pgoff - pregion->vm_pgoff) << PAGE_SHIFT;
1099 vma->vm_start = start;
1100 vma->vm_end = start + len;
1102 if (pregion->vm_flags & VM_MAPPED_COPY)
1103 vm_flags_set(vma, VM_MAPPED_COPY);
1105 ret = do_mmap_shared_file(vma);
1107 vma->vm_region = NULL;
1110 pregion->vm_usage--;
1112 goto error_just_free;
1115 fput(region->vm_file);
1116 kmem_cache_free(vm_region_jar, region);
1122 /* obtain the address at which to make a shared mapping
1123 * - this is the hook for quasi-memory character devices to
1124 * tell us the location of a shared mapping
1126 if (capabilities & NOMMU_MAP_DIRECT) {
1127 addr = file->f_op->get_unmapped_area(file, addr, len,
1129 if (IS_ERR_VALUE(addr)) {
1132 goto error_just_free;
1134 /* the driver refused to tell us where to site
1135 * the mapping so we'll have to attempt to copy
1138 if (!(capabilities & NOMMU_MAP_COPY))
1139 goto error_just_free;
1141 capabilities &= ~NOMMU_MAP_DIRECT;
1143 vma->vm_start = region->vm_start = addr;
1144 vma->vm_end = region->vm_end = addr + len;
1149 vma->vm_region = region;
1151 /* set up the mapping
1152 * - the region is filled in if NOMMU_MAP_DIRECT is still set
1154 if (file && vma->vm_flags & VM_SHARED)
1155 ret = do_mmap_shared_file(vma);
1157 ret = do_mmap_private(vma, region, len, capabilities);
1159 goto error_just_free;
1160 add_nommu_region(region);
1162 /* clear anonymous mappings that don't ask for uninitialized data */
1163 if (!vma->vm_file &&
1164 (!IS_ENABLED(CONFIG_MMAP_ALLOW_UNINITIALIZED) ||
1165 !(flags & MAP_UNINITIALIZED)))
1166 memset((void *)region->vm_start, 0,
1167 region->vm_end - region->vm_start);
1169 /* okay... we have a mapping; now we have to register it */
1170 result = vma->vm_start;
1172 current->mm->total_vm += len >> PAGE_SHIFT;
1175 BUG_ON(!vma->vm_region);
1176 vma_iter_config(&vmi, vma->vm_start, vma->vm_end);
1177 if (vma_iter_prealloc(&vmi, vma))
1178 goto error_just_free;
1180 setup_vma_to_mm(vma, current->mm);
1181 current->mm->map_count++;
1182 /* add the VMA to the tree */
1183 vma_iter_store(&vmi, vma);
1185 /* we flush the region from the icache only when the first executable
1186 * mapping of it is made */
1187 if (vma->vm_flags & VM_EXEC && !region->vm_icache_flushed) {
1188 flush_icache_user_range(region->vm_start, region->vm_end);
1189 region->vm_icache_flushed = true;
1192 up_write(&nommu_region_sem);
1197 up_write(&nommu_region_sem);
1199 vma_iter_free(&vmi);
1200 if (region->vm_file)
1201 fput(region->vm_file);
1202 kmem_cache_free(vm_region_jar, region);
1209 up_write(&nommu_region_sem);
1210 pr_warn("Attempt to share mismatched mappings\n");
1215 kmem_cache_free(vm_region_jar, region);
1216 pr_warn("Allocation of vma for %lu byte allocation from process %d failed\n",
1221 error_getting_region:
1222 pr_warn("Allocation of vm region for %lu byte allocation from process %d failed\n",
1228 unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len,
1229 unsigned long prot, unsigned long flags,
1230 unsigned long fd, unsigned long pgoff)
1232 struct file *file = NULL;
1233 unsigned long retval = -EBADF;
1235 audit_mmap_fd(fd, flags);
1236 if (!(flags & MAP_ANONYMOUS)) {
1242 retval = vm_mmap_pgoff(file, addr, len, prot, flags, pgoff);
1250 SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
1251 unsigned long, prot, unsigned long, flags,
1252 unsigned long, fd, unsigned long, pgoff)
1254 return ksys_mmap_pgoff(addr, len, prot, flags, fd, pgoff);
1257 #ifdef __ARCH_WANT_SYS_OLD_MMAP
1258 struct mmap_arg_struct {
1262 unsigned long flags;
1264 unsigned long offset;
1267 SYSCALL_DEFINE1(old_mmap, struct mmap_arg_struct __user *, arg)
1269 struct mmap_arg_struct a;
1271 if (copy_from_user(&a, arg, sizeof(a)))
1273 if (offset_in_page(a.offset))
1276 return ksys_mmap_pgoff(a.addr, a.len, a.prot, a.flags, a.fd,
1277 a.offset >> PAGE_SHIFT);
1279 #endif /* __ARCH_WANT_SYS_OLD_MMAP */
1282 * split a vma into two pieces at address 'addr', a new vma is allocated either
1283 * for the first part or the tail.
1285 static int split_vma(struct vma_iterator *vmi, struct vm_area_struct *vma,
1286 unsigned long addr, int new_below)
1288 struct vm_area_struct *new;
1289 struct vm_region *region;
1290 unsigned long npages;
1291 struct mm_struct *mm;
1293 /* we're only permitted to split anonymous regions (these should have
1294 * only a single usage on the region) */
1299 if (mm->map_count >= sysctl_max_map_count)
1302 region = kmem_cache_alloc(vm_region_jar, GFP_KERNEL);
1306 new = vm_area_dup(vma);
1310 /* most fields are the same, copy all, and then fixup */
1311 *region = *vma->vm_region;
1312 new->vm_region = region;
1314 npages = (addr - vma->vm_start) >> PAGE_SHIFT;
1317 region->vm_top = region->vm_end = new->vm_end = addr;
1319 region->vm_start = new->vm_start = addr;
1320 region->vm_pgoff = new->vm_pgoff += npages;
1323 vma_iter_config(vmi, new->vm_start, new->vm_end);
1324 if (vma_iter_prealloc(vmi, vma)) {
1325 pr_warn("Allocation of vma tree for process %d failed\n",
1327 goto err_vmi_preallocate;
1330 if (new->vm_ops && new->vm_ops->open)
1331 new->vm_ops->open(new);
1333 down_write(&nommu_region_sem);
1334 delete_nommu_region(vma->vm_region);
1336 vma->vm_region->vm_start = vma->vm_start = addr;
1337 vma->vm_region->vm_pgoff = vma->vm_pgoff += npages;
1339 vma->vm_region->vm_end = vma->vm_end = addr;
1340 vma->vm_region->vm_top = addr;
1342 add_nommu_region(vma->vm_region);
1343 add_nommu_region(new->vm_region);
1344 up_write(&nommu_region_sem);
1346 setup_vma_to_mm(vma, mm);
1347 setup_vma_to_mm(new, mm);
1348 vma_iter_store(vmi, new);
1352 err_vmi_preallocate:
1355 kmem_cache_free(vm_region_jar, region);
1360 * shrink a VMA by removing the specified chunk from either the beginning or
1363 static int vmi_shrink_vma(struct vma_iterator *vmi,
1364 struct vm_area_struct *vma,
1365 unsigned long from, unsigned long to)
1367 struct vm_region *region;
1369 /* adjust the VMA's pointers, which may reposition it in the MM's tree
1371 if (from > vma->vm_start) {
1372 if (vma_iter_clear_gfp(vmi, from, vma->vm_end, GFP_KERNEL))
1376 if (vma_iter_clear_gfp(vmi, vma->vm_start, to, GFP_KERNEL))
1381 /* cut the backing region down to size */
1382 region = vma->vm_region;
1383 BUG_ON(region->vm_usage != 1);
1385 down_write(&nommu_region_sem);
1386 delete_nommu_region(region);
1387 if (from > region->vm_start) {
1388 to = region->vm_top;
1389 region->vm_top = region->vm_end = from;
1391 region->vm_start = to;
1393 add_nommu_region(region);
1394 up_write(&nommu_region_sem);
1396 free_page_series(from, to);
1402 * - under NOMMU conditions the chunk to be unmapped must be backed by a single
1403 * VMA, though it need not cover the whole VMA
1405 int do_munmap(struct mm_struct *mm, unsigned long start, size_t len, struct list_head *uf)
1407 VMA_ITERATOR(vmi, mm, start);
1408 struct vm_area_struct *vma;
1412 len = PAGE_ALIGN(len);
1418 /* find the first potentially overlapping VMA */
1419 vma = vma_find(&vmi, end);
1423 pr_warn("munmap of memory not mmapped by process %d (%s): 0x%lx-0x%lx\n",
1424 current->pid, current->comm,
1425 start, start + len - 1);
1431 /* we're allowed to split an anonymous VMA but not a file-backed one */
1434 if (start > vma->vm_start)
1436 if (end == vma->vm_end)
1437 goto erase_whole_vma;
1438 vma = vma_find(&vmi, end);
1442 /* the chunk must be a subset of the VMA found */
1443 if (start == vma->vm_start && end == vma->vm_end)
1444 goto erase_whole_vma;
1445 if (start < vma->vm_start || end > vma->vm_end)
1447 if (offset_in_page(start))
1449 if (end != vma->vm_end && offset_in_page(end))
1451 if (start != vma->vm_start && end != vma->vm_end) {
1452 ret = split_vma(&vmi, vma, start, 1);
1456 return vmi_shrink_vma(&vmi, vma, start, end);
1460 if (delete_vma_from_mm(vma))
1463 delete_vma(mm, vma);
1467 int vm_munmap(unsigned long addr, size_t len)
1469 struct mm_struct *mm = current->mm;
1472 mmap_write_lock(mm);
1473 ret = do_munmap(mm, addr, len, NULL);
1474 mmap_write_unlock(mm);
1477 EXPORT_SYMBOL(vm_munmap);
1479 SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
1481 return vm_munmap(addr, len);
1485 * release all the mappings made in a process's VM space
1487 void exit_mmap(struct mm_struct *mm)
1489 VMA_ITERATOR(vmi, mm, 0);
1490 struct vm_area_struct *vma;
1498 * Lock the mm to avoid assert complaining even though this is the only
1501 mmap_write_lock(mm);
1502 for_each_vma(vmi, vma) {
1503 cleanup_vma_from_mm(vma);
1504 delete_vma(mm, vma);
1507 __mt_destroy(&mm->mm_mt);
1508 mmap_write_unlock(mm);
1512 * expand (or shrink) an existing mapping, potentially moving it at the same
1513 * time (controlled by the MREMAP_MAYMOVE flag and available VM space)
1515 * under NOMMU conditions, we only permit changing a mapping's size, and only
1516 * as long as it stays within the region allocated by do_mmap_private() and the
1517 * block is not shareable
1519 * MREMAP_FIXED is not supported under NOMMU conditions
1521 static unsigned long do_mremap(unsigned long addr,
1522 unsigned long old_len, unsigned long new_len,
1523 unsigned long flags, unsigned long new_addr)
1525 struct vm_area_struct *vma;
1527 /* insanity checks first */
1528 old_len = PAGE_ALIGN(old_len);
1529 new_len = PAGE_ALIGN(new_len);
1530 if (old_len == 0 || new_len == 0)
1531 return (unsigned long) -EINVAL;
1533 if (offset_in_page(addr))
1536 if (flags & MREMAP_FIXED && new_addr != addr)
1537 return (unsigned long) -EINVAL;
1539 vma = find_vma_exact(current->mm, addr, old_len);
1541 return (unsigned long) -EINVAL;
1543 if (vma->vm_end != vma->vm_start + old_len)
1544 return (unsigned long) -EFAULT;
1546 if (is_nommu_shared_mapping(vma->vm_flags))
1547 return (unsigned long) -EPERM;
1549 if (new_len > vma->vm_region->vm_end - vma->vm_region->vm_start)
1550 return (unsigned long) -ENOMEM;
1552 /* all checks complete - do it */
1553 vma->vm_end = vma->vm_start + new_len;
1554 return vma->vm_start;
1557 SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
1558 unsigned long, new_len, unsigned long, flags,
1559 unsigned long, new_addr)
1563 mmap_write_lock(current->mm);
1564 ret = do_mremap(addr, old_len, new_len, flags, new_addr);
1565 mmap_write_unlock(current->mm);
1569 struct page *follow_page(struct vm_area_struct *vma, unsigned long address,
1570 unsigned int foll_flags)
1575 int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
1576 unsigned long pfn, unsigned long size, pgprot_t prot)
1578 if (addr != (pfn << PAGE_SHIFT))
1581 vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP);
1584 EXPORT_SYMBOL(remap_pfn_range);
1586 int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len)
1588 unsigned long pfn = start >> PAGE_SHIFT;
1589 unsigned long vm_len = vma->vm_end - vma->vm_start;
1591 pfn += vma->vm_pgoff;
1592 return io_remap_pfn_range(vma, vma->vm_start, pfn, vm_len, vma->vm_page_prot);
1594 EXPORT_SYMBOL(vm_iomap_memory);
1596 int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
1597 unsigned long pgoff)
1599 unsigned int size = vma->vm_end - vma->vm_start;
1601 if (!(vma->vm_flags & VM_USERMAP))
1604 vma->vm_start = (unsigned long)(addr + (pgoff << PAGE_SHIFT));
1605 vma->vm_end = vma->vm_start + size;
1609 EXPORT_SYMBOL(remap_vmalloc_range);
1611 vm_fault_t filemap_fault(struct vm_fault *vmf)
1616 EXPORT_SYMBOL(filemap_fault);
1618 vm_fault_t filemap_map_pages(struct vm_fault *vmf,
1619 pgoff_t start_pgoff, pgoff_t end_pgoff)
1624 EXPORT_SYMBOL(filemap_map_pages);
1626 static int __access_remote_vm(struct mm_struct *mm, unsigned long addr,
1627 void *buf, int len, unsigned int gup_flags)
1629 struct vm_area_struct *vma;
1630 int write = gup_flags & FOLL_WRITE;
1632 if (mmap_read_lock_killable(mm))
1635 /* the access must start within one of the target process's mappings */
1636 vma = find_vma(mm, addr);
1638 /* don't overrun this mapping */
1639 if (addr + len >= vma->vm_end)
1640 len = vma->vm_end - addr;
1642 /* only read or write mappings where it is permitted */
1643 if (write && vma->vm_flags & VM_MAYWRITE)
1644 copy_to_user_page(vma, NULL, addr,
1645 (void *) addr, buf, len);
1646 else if (!write && vma->vm_flags & VM_MAYREAD)
1647 copy_from_user_page(vma, NULL, addr,
1648 buf, (void *) addr, len);
1655 mmap_read_unlock(mm);
1661 * access_remote_vm - access another process' address space
1662 * @mm: the mm_struct of the target address space
1663 * @addr: start address to access
1664 * @buf: source or destination buffer
1665 * @len: number of bytes to transfer
1666 * @gup_flags: flags modifying lookup behaviour
1668 * The caller must hold a reference on @mm.
1670 int access_remote_vm(struct mm_struct *mm, unsigned long addr,
1671 void *buf, int len, unsigned int gup_flags)
1673 return __access_remote_vm(mm, addr, buf, len, gup_flags);
1677 * Access another process' address space.
1678 * - source/target buffer must be kernel space
1680 int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len,
1681 unsigned int gup_flags)
1683 struct mm_struct *mm;
1685 if (addr + len < addr)
1688 mm = get_task_mm(tsk);
1692 len = __access_remote_vm(mm, addr, buf, len, gup_flags);
1697 EXPORT_SYMBOL_GPL(access_process_vm);
1700 * nommu_shrink_inode_mappings - Shrink the shared mappings on an inode
1701 * @inode: The inode to check
1702 * @size: The current filesize of the inode
1703 * @newsize: The proposed filesize of the inode
1705 * Check the shared mappings on an inode on behalf of a shrinking truncate to
1706 * make sure that any outstanding VMAs aren't broken and then shrink the
1707 * vm_regions that extend beyond so that do_mmap() doesn't
1708 * automatically grant mappings that are too large.
1710 int nommu_shrink_inode_mappings(struct inode *inode, size_t size,
1713 struct vm_area_struct *vma;
1714 struct vm_region *region;
1716 size_t r_size, r_top;
1718 low = newsize >> PAGE_SHIFT;
1719 high = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
1721 down_write(&nommu_region_sem);
1722 i_mmap_lock_read(inode->i_mapping);
1724 /* search for VMAs that fall within the dead zone */
1725 vma_interval_tree_foreach(vma, &inode->i_mapping->i_mmap, low, high) {
1726 /* found one - only interested if it's shared out of the page
1728 if (vma->vm_flags & VM_SHARED) {
1729 i_mmap_unlock_read(inode->i_mapping);
1730 up_write(&nommu_region_sem);
1731 return -ETXTBSY; /* not quite true, but near enough */
1735 /* reduce any regions that overlap the dead zone - if in existence,
1736 * these will be pointed to by VMAs that don't overlap the dead zone
1738 * we don't check for any regions that start beyond the EOF as there
1741 vma_interval_tree_foreach(vma, &inode->i_mapping->i_mmap, 0, ULONG_MAX) {
1742 if (!(vma->vm_flags & VM_SHARED))
1745 region = vma->vm_region;
1746 r_size = region->vm_top - region->vm_start;
1747 r_top = (region->vm_pgoff << PAGE_SHIFT) + r_size;
1749 if (r_top > newsize) {
1750 region->vm_top -= r_top - newsize;
1751 if (region->vm_end > region->vm_top)
1752 region->vm_end = region->vm_top;
1756 i_mmap_unlock_read(inode->i_mapping);
1757 up_write(&nommu_region_sem);
1762 * Initialise sysctl_user_reserve_kbytes.
1764 * This is intended to prevent a user from starting a single memory hogging
1765 * process, such that they cannot recover (kill the hog) in OVERCOMMIT_NEVER
1768 * The default value is min(3% of free memory, 128MB)
1769 * 128MB is enough to recover with sshd/login, bash, and top/kill.
1771 static int __meminit init_user_reserve(void)
1773 unsigned long free_kbytes;
1775 free_kbytes = K(global_zone_page_state(NR_FREE_PAGES));
1777 sysctl_user_reserve_kbytes = min(free_kbytes / 32, 1UL << 17);
1780 subsys_initcall(init_user_reserve);
1783 * Initialise sysctl_admin_reserve_kbytes.
1785 * The purpose of sysctl_admin_reserve_kbytes is to allow the sys admin
1786 * to log in and kill a memory hogging process.
1788 * Systems with more than 256MB will reserve 8MB, enough to recover
1789 * with sshd, bash, and top in OVERCOMMIT_GUESS. Smaller systems will
1790 * only reserve 3% of free pages by default.
1792 static int __meminit init_admin_reserve(void)
1794 unsigned long free_kbytes;
1796 free_kbytes = K(global_zone_page_state(NR_FREE_PAGES));
1798 sysctl_admin_reserve_kbytes = min(free_kbytes / 32, 1UL << 13);
1801 subsys_initcall(init_admin_reserve);
projects / linux.git / blob