mm: add mmap_prepare() compatibility layer for nested file systems

Nested file systems, that is those which invoke call_mmap() within their
own f_op->mmap() handlers, may encounter underlying file systems which
provide the f_op->mmap_prepare() hook introduced by commit c84bf6dd2b83
("mm: introduce new .mmap_prepare() file callback").

We have a chicken-and-egg scenario here - until all file systems are
converted to using .mmap_prepare(), we cannot convert these nested
handlers, as we can't call f_op->mmap from an .mmap_prepare() hook.

So we have to do it the other way round - invoke the .mmap_prepare() hook
from an .mmap() one.

in order to do so, we need to convert VMA state into a struct vm_area_desc
descriptor, invoking the underlying file system's f_op->mmap_prepare()
callback passing a pointer to this, and then setting VMA state accordingly
and safely.

This patch achieves this via the compat_vma_mmap_prepare() function, which
we invoke from call_mmap() if f_op->mmap_prepare() is specified in the
passed in file pointer.

We place the fundamental logic into mm/vma.h where VMA manipulation
belongs.  We also update the VMA userland tests to accommodate the
changes.

The compat_vma_mmap_prepare() function and its associated machinery is
temporary, and will be removed once the conversion of file systems is
complete.

We carefully place this code so it can be used with CONFIG_MMU and also
with cutting edge nommu silicon.

[akpm@linux-foundation.org: export compat_vma_mmap_prepare tp fix build]
[lorenzo.stoakes@oracle.com: remove unused declarations]
Link: https://lkml.kernel.org/r/ac3ae324-4c65-432a-8c6d-2af988b18ac8@lucifer.local
Link: https://lkml.kernel.org/r/20250609165749.344976-1-lorenzo.stoakes@oracle.com
Fixes: c84bf6dd2b83 ("mm: introduce new .mmap_prepare() file callback").
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Reported-by: Jann Horn <jannh@google.com>
Closes: https://lore.kernel.org/linux-mm/CAG48ez04yOEVx1ekzOChARDDBZzAKwet8PEoPM4Ln3_rk91AzQ@mail.gmail.com/
Reviewed-by: Pedro Falcato <pfalcato@suse.de>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Jann Horn <jannh@google.com>
Cc: Liam Howlett <liam.howlett@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 96c7925a655199ebdfefafa587ea5ae3e3665867..4ec77da65f144f0a5c8fa775b2c7e982787380b9 100644 (file)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2274,10 +2274,12 @@ static inline bool file_has_valid_mmap_hooks(struct file *file)
        return true;
 }
 
+int compat_vma_mmap_prepare(struct file *file, struct vm_area_struct *vma);
+
 static inline int call_mmap(struct file *file, struct vm_area_struct *vma)
 {
-       if (WARN_ON_ONCE(file->f_op->mmap_prepare))
-               return -EINVAL;
+       if (file->f_op->mmap_prepare)
+               return compat_vma_mmap_prepare(file, vma);
 
        return file->f_op->mmap(file, vma);
 }

diff --git a/mm/util.c b/mm/util.c
index 448117da071f6921dff9f4c76bde2ee3fc651900..0b270c43d7d128feba5219500f6a3f59f1f6a69d 100644 (file)
--- a/mm/util.c
+++ b/mm/util.c
@@ -1131,3 +1131,43 @@ void flush_dcache_folio(struct folio *folio)
 }
 EXPORT_SYMBOL(flush_dcache_folio);
 #endif
+
+/**
+ * compat_vma_mmap_prepare() - Apply the file's .mmap_prepare() hook to an
+ * existing VMA
+ * @file: The file which possesss an f_op->mmap_prepare() hook
+ * @vma: The VMA to apply the .mmap_prepare() hook to.
+ *
+ * Ordinarily, .mmap_prepare() is invoked directly upon mmap(). However, certain
+ * 'wrapper' file systems invoke a nested mmap hook of an underlying file.
+ *
+ * Until all filesystems are converted to use .mmap_prepare(), we must be
+ * conservative and continue to invoke these 'wrapper' filesystems using the
+ * deprecated .mmap() hook.
+ *
+ * However we have a problem if the underlying file system possesses an
+ * .mmap_prepare() hook, as we are in a different context when we invoke the
+ * .mmap() hook, already having a VMA to deal with.
+ *
+ * compat_vma_mmap_prepare() is a compatibility function that takes VMA state,
+ * establishes a struct vm_area_desc descriptor, passes to the underlying
+ * .mmap_prepare() hook and applies any changes performed by it.
+ *
+ * Once the conversion of filesystems is complete this function will no longer
+ * be required and will be removed.
+ *
+ * Returns: 0 on success or error.
+ */
+int compat_vma_mmap_prepare(struct file *file, struct vm_area_struct *vma)
+{
+       struct vm_area_desc desc;
+       int err;
+
+       err = file->f_op->mmap_prepare(vma_to_desc(vma, &desc));
+       if (err)
+               return err;
+       set_vma_from_desc(vma, &desc);
+
+       return 0;
+}
+EXPORT_SYMBOL(compat_vma_mmap_prepare);

diff --git a/mm/vma.c b/mm/vma.c
index 0fb9b2c7b734c2f0f155ebb3f0a1eaa1b0c736ac..fef67a66a09591d81bc99af773eb06b13cdeefba 100644 (file)
--- a/mm/vma.c
+++ b/mm/vma.c
@@ -3113,7 +3113,6 @@ int __vm_munmap(unsigned long start, size_t len, bool unlock)
        return ret;
 }
 
-
 /* Insert vm structure into process list sorted by address
  * and into the inode's i_mmap tree.  If vm_file is non-NULL
  * then i_mmap_rwsem is taken here.

diff --git a/mm/vma.h b/mm/vma.h
index 0db066e7a45d408eb9a3993774eabc1e82354334..f47112a352db3049175be4119efc0e6472acde10 100644 (file)
--- a/mm/vma.h
+++ b/mm/vma.h
@@ -222,6 +222,53 @@ static inline int vma_iter_store_gfp(struct vma_iterator *vmi,
        return 0;
 }
 
+
+/*
+ * Temporary helper functions for file systems which wrap an invocation of
+ * f_op->mmap() but which might have an underlying file system which implements
+ * f_op->mmap_prepare().
+ */
+
+static inline struct vm_area_desc *vma_to_desc(struct vm_area_struct *vma,
+               struct vm_area_desc *desc)
+{
+       desc->mm = vma->vm_mm;
+       desc->start = vma->vm_start;
+       desc->end = vma->vm_end;
+
+       desc->pgoff = vma->vm_pgoff;
+       desc->file = vma->vm_file;
+       desc->vm_flags = vma->vm_flags;
+       desc->page_prot = vma->vm_page_prot;
+
+       desc->vm_ops = NULL;
+       desc->private_data = NULL;
+
+       return desc;
+}
+
+static inline void set_vma_from_desc(struct vm_area_struct *vma,
+               struct vm_area_desc *desc)
+{
+       /*
+        * Since we're invoking .mmap_prepare() despite having a partially
+        * established VMA, we must take care to handle setting fields
+        * correctly.
+        */
+
+       /* Mutable fields. Populated with initial state. */
+       vma->vm_pgoff = desc->pgoff;
+       if (vma->vm_file != desc->file)
+               vma_set_file(vma, desc->file);
+       if (vma->vm_flags != desc->vm_flags)
+               vm_flags_set(vma, desc->vm_flags);
+       vma->vm_page_prot = desc->page_prot;
+
+       /* User-defined fields. */
+       vma->vm_ops = desc->vm_ops;
+       vma->vm_private_data = desc->private_data;
+}
+
 int
 do_vmi_align_munmap(struct vma_iterator *vmi, struct vm_area_struct *vma,
                    struct mm_struct *mm, unsigned long start,

diff --git a/tools/testing/vma/vma_internal.h b/tools/testing/vma/vma_internal.h
index 4505b1c31be10430bd03c5af0503ae187535a3ac..14718ca23a05bb96575f88bfb9944915672281c5 100644 (file)
--- a/tools/testing/vma/vma_internal.h
+++ b/tools/testing/vma/vma_internal.h
@@ -159,6 +159,14 @@ typedef __bitwise unsigned int vm_fault_t;
 
 #define ASSERT_EXCLUSIVE_WRITER(x)
 
+/**
+ * swap - swap values of @a and @b
+ * @a: first value
+ * @b: second value
+ */
+#define swap(a, b) \
+       do { typeof(a) __tmp = (a); (a) = (b); (b) = __tmp; } while (0)
+
 struct kref {
        refcount_t refcount;
 };
@@ -1468,4 +1476,12 @@ static inline void fixup_hugetlb_reservations(struct vm_area_struct *vma)
        (void)vma;
 }
 
+static inline void vma_set_file(struct vm_area_struct *vma, struct file *file)
+{
+       /* Changing an anonymous vma with this is illegal */
+       get_file(file);
+       swap(vma->vm_file, file);
+       fput(file);
+}
+
 #endif /* __MM_VMA_INTERNAL_H */