Shrink ashmem directly through shmem_fallocate

When ashmem_shrink is called from direct reclaim on a user thread, a
call to do_fallocate will check for permissions against the security
policy of that user thread.  It can thus fail by chance if called on a
thread that isn't permitted to modify the relevant ashmem areas.

Because we know that we have a shmem file underneath, call the shmem
implementation of fallocate directly instead of going through the
user-space interface for fallocate.

FIX=DMS06243560
Area: Kernel/Linux Kernel

Bug: 21951515
Change-Id: Ie98fff18a2bdeb535cd24d4fbdd13677e12681a7
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>

diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index 1830548e29a2d6f05f989cf12d24232ff3c8cd26..3f1133230a1afeb2f01e2fee15f524e4bd2f28b2 100644 (file)
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -440,9 +440,9 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
                loff_t start = range->pgstart * PAGE_SIZE;
                loff_t end = (range->pgend + 1) * PAGE_SIZE;
 
-               vfs_fallocate(range->asma->file,
-                             FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
-                             start, end - start);
+               range->asma->file->f_op->fallocate(range->asma->file,
+                               FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
+                               start, end - start);
                range->purged = ASHMEM_WAS_PURGED;
                lru_del(range);