projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[RAMEN9610-21029]staGing: android: ashmem: Disallow ashmem memory from being remapped
[GitHub/MotorolaMobilityLLC/kernel-slsi.git] / drivers / staging / android / ashmem.c
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index 555b5a86ccc8379e9e139e0e0c7ad9a848db793a..7b1c3843176a3ff99e783c9f774eefad3d9b08ac 100644 (file)
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -361,8 +361,23 @@ static inline vm_flags_t calc_vm_may_flags(unsigned long prot)
               _calc_vm_trans(prot, PROT_EXEC,  VM_MAYEXEC);
 }
 
+static int ashmem_vmfile_mmap(struct file *file, struct vm_area_struct *vma)
+{
+       /* do not allow to mmap ashmem backing shmem file directly */
+       return -EPERM;
+}
+
+static unsigned long
+ashmem_vmfile_get_unmapped_area(struct file *file, unsigned long addr,
+                               unsigned long len, unsigned long pgoff,
+                               unsigned long flags)
+{
+       return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
+}
+
 static int ashmem_mmap(struct file *file, struct vm_area_struct *vma)
 {
+       static struct file_operations vmfile_fops;
        struct ashmem_area *asma = file->private_data;
        int ret = 0;
 
@@ -403,6 +418,19 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma)
                }
                vmfile->f_mode |= FMODE_LSEEK;
                asma->file = vmfile;
+               /*
+                * override mmap operation of the vmfile so that it can't be
+                * remapped which would lead to creation of a new vma with no
+                * asma permission checks. Have to override get_unmapped_area
+                * as well to prevent VM_BUG_ON check for f_ops modification.
+                */
+               if (!vmfile_fops.mmap) {
+                       vmfile_fops = *vmfile->f_op;
+                       vmfile_fops.mmap = ashmem_vmfile_mmap;
+                       vmfile_fops.get_unmapped_area =
+                                       ashmem_vmfile_get_unmapped_area;
+               }
+               vmfile->f_op = &vmfile_fops;
        }
        get_file(asma->file);
 
Motorola kernel-slsi