4 * (C) Copyright 1994 Linus Torvalds
5 * (C) Copyright 2002 Christoph Hellwig
7 * Address space accounting code <alan@lxorguk.ukuu.org.uk>
8 * (C) Copyright 2002 Red Hat Inc, All Rights Reserved
12 #include <linux/hugetlb.h>
13 #include <linux/shm.h>
14 #include <linux/mman.h>
16 #include <linux/highmem.h>
17 #include <linux/security.h>
18 #include <linux/mempolicy.h>
19 #include <linux/personality.h>
20 #include <linux/syscalls.h>
21 #include <linux/swap.h>
22 #include <linux/swapops.h>
23 #include <linux/mmu_notifier.h>
24 #include <linux/migrate.h>
25 #include <linux/perf_event.h>
26 #include <asm/uaccess.h>
27 #include <asm/pgtable.h>
28 #include <asm/cacheflush.h>
29 #include <asm/tlbflush.h>
32 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
38 static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
39 unsigned long addr, unsigned long end, pgprot_t newprot,
40 int dirty_accountable, int prot_numa)
42 struct mm_struct *mm = vma->vm_mm;
45 unsigned long pages = 0;
47 pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
48 arch_enter_lazy_mmu_mode();
51 if (pte_present(oldpte)) {
56 ptent = ptep_modify_prot_start(mm, addr, pte);
57 ptent = pte_modify(ptent, newprot);
63 page = vm_normal_page(vma, addr, oldpte);
65 if (!pte_numa(oldpte)) {
66 ptent = pte_mknuma(ptent);
67 set_pte_at(mm, addr, pte, ptent);
74 * Avoid taking write faults for pages we know to be
77 if (dirty_accountable && pte_dirty(ptent)) {
78 ptent = pte_mkwrite(ptent);
85 /* Only !prot_numa always clears the pte */
87 ptep_modify_prot_commit(mm, addr, pte, ptent);
88 } else if (IS_ENABLED(CONFIG_MIGRATION) && !pte_file(oldpte)) {
89 swp_entry_t entry = pte_to_swp_entry(oldpte);
91 if (is_write_migration_entry(entry)) {
94 * A protection check is difficult so
95 * just be safe and disable write
97 make_migration_entry_read(&entry);
98 newpte = swp_entry_to_pte(entry);
99 if (pte_swp_soft_dirty(oldpte))
100 newpte = pte_swp_mksoft_dirty(newpte);
101 set_pte_at(mm, addr, pte, newpte);
106 } while (pte++, addr += PAGE_SIZE, addr != end);
107 arch_leave_lazy_mmu_mode();
108 pte_unmap_unlock(pte - 1, ptl);
113 static inline unsigned long change_pmd_range(struct vm_area_struct *vma,
114 pud_t *pud, unsigned long addr, unsigned long end,
115 pgprot_t newprot, int dirty_accountable, int prot_numa)
119 unsigned long pages = 0;
120 unsigned long nr_huge_updates = 0;
122 pmd = pmd_offset(pud, addr);
124 unsigned long this_pages;
126 next = pmd_addr_end(addr, end);
127 if (pmd_trans_huge(*pmd)) {
128 if (next - addr != HPAGE_PMD_SIZE)
129 split_huge_page_pmd(vma, addr, pmd);
131 int nr_ptes = change_huge_pmd(vma, pmd, addr,
135 if (nr_ptes == HPAGE_PMD_NR) {
136 pages += HPAGE_PMD_NR;
144 if (pmd_none_or_clear_bad(pmd))
146 this_pages = change_pte_range(vma, pmd, addr, next, newprot,
147 dirty_accountable, prot_numa);
149 } while (pmd++, addr = next, addr != end);
152 count_vm_numa_events(NUMA_HUGE_PTE_UPDATES, nr_huge_updates);
156 static inline unsigned long change_pud_range(struct vm_area_struct *vma,
157 pgd_t *pgd, unsigned long addr, unsigned long end,
158 pgprot_t newprot, int dirty_accountable, int prot_numa)
162 unsigned long pages = 0;
164 pud = pud_offset(pgd, addr);
166 next = pud_addr_end(addr, end);
167 if (pud_none_or_clear_bad(pud))
169 pages += change_pmd_range(vma, pud, addr, next, newprot,
170 dirty_accountable, prot_numa);
171 } while (pud++, addr = next, addr != end);
176 static unsigned long change_protection_range(struct vm_area_struct *vma,
177 unsigned long addr, unsigned long end, pgprot_t newprot,
178 int dirty_accountable, int prot_numa)
180 struct mm_struct *mm = vma->vm_mm;
183 unsigned long start = addr;
184 unsigned long pages = 0;
187 pgd = pgd_offset(mm, addr);
188 flush_cache_range(vma, addr, end);
190 next = pgd_addr_end(addr, end);
191 if (pgd_none_or_clear_bad(pgd))
193 pages += change_pud_range(vma, pgd, addr, next, newprot,
194 dirty_accountable, prot_numa);
195 } while (pgd++, addr = next, addr != end);
197 /* Only flush the TLB if we actually modified any entries: */
199 flush_tlb_range(vma, start, end);
204 unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
205 unsigned long end, pgprot_t newprot,
206 int dirty_accountable, int prot_numa)
208 struct mm_struct *mm = vma->vm_mm;
211 mmu_notifier_invalidate_range_start(mm, start, end);
212 if (is_vm_hugetlb_page(vma))
213 pages = hugetlb_change_protection(vma, start, end, newprot);
215 pages = change_protection_range(vma, start, end, newprot, dirty_accountable, prot_numa);
216 mmu_notifier_invalidate_range_end(mm, start, end);
222 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
223 unsigned long start, unsigned long end, unsigned long newflags)
225 struct mm_struct *mm = vma->vm_mm;
226 unsigned long oldflags = vma->vm_flags;
227 long nrpages = (end - start) >> PAGE_SHIFT;
228 unsigned long charged = 0;
231 int dirty_accountable = 0;
233 if (newflags == oldflags) {
239 * If we make a private mapping writable we increase our commit;
240 * but (without finer accounting) cannot reduce our commit if we
241 * make it unwritable again. hugetlb mapping were accounted for
242 * even if read-only so there is no need to account for them here
244 if (newflags & VM_WRITE) {
245 if (!(oldflags & (VM_ACCOUNT|VM_WRITE|VM_HUGETLB|
246 VM_SHARED|VM_NORESERVE))) {
248 if (security_vm_enough_memory_mm(mm, charged))
250 newflags |= VM_ACCOUNT;
255 * First try to merge with previous and/or next vma.
257 pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT);
258 *pprev = vma_merge(mm, *pprev, start, end, newflags,
259 vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma));
267 if (start != vma->vm_start) {
268 error = split_vma(mm, vma, start, 1);
273 if (end != vma->vm_end) {
274 error = split_vma(mm, vma, end, 0);
281 * vm_flags and vm_page_prot are protected by the mmap_sem
282 * held in write mode.
284 vma->vm_flags = newflags;
285 vma->vm_page_prot = pgprot_modify(vma->vm_page_prot,
286 vm_get_page_prot(newflags));
288 if (vma_wants_writenotify(vma)) {
289 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
290 dirty_accountable = 1;
293 change_protection(vma, start, end, vma->vm_page_prot,
294 dirty_accountable, 0);
296 vm_stat_account(mm, oldflags, vma->vm_file, -nrpages);
297 vm_stat_account(mm, newflags, vma->vm_file, nrpages);
298 perf_event_mmap(vma);
302 vm_unacct_memory(charged);
306 SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
309 unsigned long vm_flags, nstart, end, tmp, reqprot;
310 struct vm_area_struct *vma, *prev;
312 const int grows = prot & (PROT_GROWSDOWN|PROT_GROWSUP);
313 prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP);
314 if (grows == (PROT_GROWSDOWN|PROT_GROWSUP)) /* can't be both */
317 if (start & ~PAGE_MASK)
321 len = PAGE_ALIGN(len);
325 if (!arch_validate_prot(prot))
330 * Does the application expect PROT_READ to imply PROT_EXEC:
332 if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
335 vm_flags = calc_vm_prot_bits(prot);
337 down_write(¤t->mm->mmap_sem);
339 vma = find_vma(current->mm, start);
344 if (unlikely(grows & PROT_GROWSDOWN)) {
345 if (vma->vm_start >= end)
347 start = vma->vm_start;
349 if (!(vma->vm_flags & VM_GROWSDOWN))
352 if (vma->vm_start > start)
354 if (unlikely(grows & PROT_GROWSUP)) {
357 if (!(vma->vm_flags & VM_GROWSUP))
361 if (start > vma->vm_start)
364 for (nstart = start ; ; ) {
365 unsigned long newflags;
367 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */
370 newflags |= (vma->vm_flags & ~(VM_READ | VM_WRITE | VM_EXEC));
372 /* newflags >> 4 shift VM_MAY% in place of VM_% */
373 if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
378 error = security_file_mprotect(vma, reqprot, prot);
385 error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
390 if (nstart < prev->vm_end)
391 nstart = prev->vm_end;
396 if (!vma || vma->vm_start != nstart) {
402 up_write(¤t->mm->mmap_sem);