Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse""
This reverts commit 4f35cec76058557d9eaec0d501d03c7657eb56b4 and does so
in an abi-safe way.
This is done by adding the new fields only to the end of the structure
and this structure is only passed around to other functions as a
pointer, the internal structure layout is only touched by the core
kernel, so adding it to the end is safe.
ABI differences manually updated:
Leaf changes summary: 1 artifact changed
Changed leaf types summary: 1 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
'struct anon_vma at rmap.h:29:1' changed:
type size changed from 704 to 832 (in bits)
2 data member insertions:
'unsigned long int num_children', at offset 704 (in bits) at rmap.h:70:1
'unsigned long int num_active_vmas', at offset 768 (in bits) at rmap.h:72:1
3493 impacted interfaces
Bug: 260678056
Bug: 253167854
Change-Id: Ib1d45625cbc2e0b21330ca3dc2aa7aff34666d31
Signed-off-by: Lee Jones <joneslee@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
(cherry picked from commit d3e1a50cba092fa9c56fc642ee74f360c4b40a17)
diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml
index d598784..ae329b8 100644
--- a/android/abi_gki_aarch64.xml
+++ b/android/abi_gki_aarch64.xml
@@ -17879,7 +17879,7 @@
<var-decl name='tv_nsec' type-id='1eb56b1e' visibility='default' filepath='include/uapi/linux/time_types.h' line='9' column='1'/>
</data-member>
</class-decl>
- <class-decl name='anon_vma' size-in-bits='704' is-struct='yes' visibility='default' filepath='include/linux/rmap.h' line='29' column='1' id='14f332cc'>
+ <class-decl name='anon_vma' size-in-bits='832' is-struct='yes' visibility='default' filepath='include/linux/rmap.h' line='29' column='1' id='14f332cc'>
<data-member access='public' layout-offset-in-bits='0'>
<var-decl name='root' type-id='a8f86cda' visibility='default' filepath='include/linux/rmap.h' line='30' column='1'/>
</data-member>
@@ -17890,13 +17890,19 @@
<var-decl name='refcount' type-id='49178f86' visibility='default' filepath='include/linux/rmap.h' line='39' column='1'/>
</data-member>
<data-member access='public' layout-offset-in-bits='480'>
- <var-decl name='degree' type-id='f0981eeb' visibility='default' filepath='include/linux/rmap.h' line='47' column='1'/>
+ <var-decl name='degree' type-id='f0981eeb' visibility='default' filepath='include/linux/rmap.h' line='41' column='1'/>
</data-member>
<data-member access='public' layout-offset-in-bits='512'>
- <var-decl name='parent' type-id='a8f86cda' visibility='default' filepath='include/linux/rmap.h' line='49' column='1'/>
+ <var-decl name='parent' type-id='a8f86cda' visibility='default' filepath='include/linux/rmap.h' line='43' column='1'/>
</data-member>
<data-member access='public' layout-offset-in-bits='576'>
- <var-decl name='rb_root' type-id='6fe1603d' visibility='default' filepath='include/linux/rmap.h' line='61' column='1'/>
+ <var-decl name='rb_root' type-id='6fe1603d' visibility='default' filepath='include/linux/rmap.h' line='55' column='1'/>
+ </data-member>
+ <data-member access='public' layout-offset-in-bits='704'>
+ <var-decl name='num_children' type-id='7359adad' visibility='default' filepath='include/linux/rmap.h' line='70' column='1'/>
+ </data-member>
+ <data-member access='public' layout-offset-in-bits='768'>
+ <var-decl name='num_active_vmas' type-id='7359adad' visibility='default' filepath='include/linux/rmap.h' line='72' column='1'/>
</data-member>
</class-decl>
<class-decl name='bio_crypt_ctx' size-in-bits='320' is-struct='yes' visibility='default' filepath='include/linux/blk-crypto.h' line='71' column='1' id='b545ce08'>
@@ -123590,7 +123596,7 @@
<array-type-def dimensions='1' type-id='a84c031d' size-in-bits='infinite' id='e84913bd'>
<subrange length='infinite' type-id='7ff19f0f' id='031f2035'/>
</array-type-def>
- <class-decl name='anon_vma' size-in-bits='704' is-struct='yes' visibility='default' filepath='include/linux/rmap.h' line='29' column='1' id='14f332cc'>
+ <class-decl name='anon_vma' size-in-bits='832' is-struct='yes' visibility='default' filepath='include/linux/rmap.h' line='29' column='1' id='14f332cc'>
<data-member access='public' layout-offset-in-bits='0'>
<var-decl name='root' type-id='a8f86cda' visibility='default' filepath='include/linux/rmap.h' line='30' column='1'/>
</data-member>
@@ -123601,13 +123607,19 @@
<var-decl name='refcount' type-id='49178f86' visibility='default' filepath='include/linux/rmap.h' line='39' column='1'/>
</data-member>
<data-member access='public' layout-offset-in-bits='480'>
- <var-decl name='degree' type-id='f0981eeb' visibility='default' filepath='include/linux/rmap.h' line='47' column='1'/>
+ <var-decl name='degree' type-id='f0981eeb' visibility='default' filepath='include/linux/rmap.h' line='41' column='1'/>
</data-member>
<data-member access='public' layout-offset-in-bits='512'>
- <var-decl name='parent' type-id='a8f86cda' visibility='default' filepath='include/linux/rmap.h' line='49' column='1'/>
+ <var-decl name='parent' type-id='a8f86cda' visibility='default' filepath='include/linux/rmap.h' line='43' column='1'/>
</data-member>
<data-member access='public' layout-offset-in-bits='576'>
- <var-decl name='rb_root' type-id='6fe1603d' visibility='default' filepath='include/linux/rmap.h' line='61' column='1'/>
+ <var-decl name='rb_root' type-id='6fe1603d' visibility='default' filepath='include/linux/rmap.h' line='55' column='1'/>
+ </data-member>
+ <data-member access='public' layout-offset-in-bits='704'>
+ <var-decl name='num_children' type-id='7359adad' visibility='default' filepath='include/linux/rmap.h' line='70' column='1'/>
+ </data-member>
+ <data-member access='public' layout-offset-in-bits='768'>
+ <var-decl name='num_active_vmas' type-id='7359adad' visibility='default' filepath='include/linux/rmap.h' line='72' column='1'/>
</data-member>
</class-decl>
<class-decl name='assoc_array_ptr' is-struct='yes' visibility='default' is-declaration-only='yes' id='3249e303'/>
diff --git a/include/linux/rmap.h b/include/linux/rmap.h
index 7121bdd..68389d0 100644
--- a/include/linux/rmap.h
+++ b/include/linux/rmap.h
@@ -38,13 +38,7 @@
*/
atomic_t refcount;
- /*
- * Count of child anon_vmas and VMAs which points to this anon_vma.
- *
- * This counter is used for making decision about reusing anon_vma
- * instead of forking new one. See comments in function anon_vma_clone.
- */
- unsigned degree;
+ unsigned degree; /* ANDROID: KABI preservation, DO NOT USE! */
struct anon_vma *parent; /* Parent of this anon_vma */
@@ -59,6 +53,25 @@
/* Interval tree of private "related" vmas */
struct rb_root_cached rb_root;
+
+ /*
+ * ANDROID: KABI preservation, it's safe to put these at the end of this structure as it's
+ * only passed by a pointer everywhere, the size and internal structures are local to the
+ * core kernel.
+ */
+#ifndef __GENKSYMS__
+ /*
+ * Count of child anon_vmas. Equals to the count of all anon_vmas that
+ * have ->parent pointing to this one, including itself.
+ *
+ * This counter is used for making decision about reusing anon_vma
+ * instead of forking new one. See comments in function anon_vma_clone.
+ */
+ unsigned long num_children;
+ /* Count of VMAs whose ->anon_vma pointer points to this object. */
+ unsigned long num_active_vmas;
+#endif
+
};
/*
diff --git a/mm/rmap.c b/mm/rmap.c
index ffbbd92..f67418b 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -83,7 +83,8 @@
anon_vma = kmem_cache_alloc(anon_vma_cachep, GFP_KERNEL);
if (anon_vma) {
atomic_set(&anon_vma->refcount, 1);
- anon_vma->degree = 1; /* Reference for first vma */
+ anon_vma->num_children = 0;
+ anon_vma->num_active_vmas = 0;
anon_vma->parent = anon_vma;
/*
* Initialise the anon_vma root to point to itself. If called
@@ -191,6 +192,7 @@
anon_vma = anon_vma_alloc();
if (unlikely(!anon_vma))
goto out_enomem_free_avc;
+ anon_vma->num_children++; /* self-parent link for new root */
allocated = anon_vma;
}
@@ -200,8 +202,7 @@
if (likely(!vma->anon_vma)) {
vma->anon_vma = anon_vma;
anon_vma_chain_link(vma, avc, anon_vma);
- /* vma reference or self-parent link for new root */
- anon_vma->degree++;
+ anon_vma->num_active_vmas++;
allocated = NULL;
avc = NULL;
}
@@ -280,19 +281,19 @@
anon_vma_chain_link(dst, avc, anon_vma);
/*
- * Reuse existing anon_vma if its degree lower than two,
- * that means it has no vma and only one anon_vma child.
+ * Reuse existing anon_vma if it has no vma and only one
+ * anon_vma child.
*
- * Do not chose parent anon_vma, otherwise first child
- * will always reuse it. Root anon_vma is never reused:
+ * Root anon_vma is never reused:
* it has self-parent reference and at least one child.
*/
- if (!dst->anon_vma && anon_vma != src->anon_vma &&
- anon_vma->degree < 2)
+ if (!dst->anon_vma && src->anon_vma &&
+ anon_vma->num_children < 2 &&
+ anon_vma->num_active_vmas == 0)
dst->anon_vma = anon_vma;
}
if (dst->anon_vma)
- dst->anon_vma->degree++;
+ dst->anon_vma->num_active_vmas++;
unlock_anon_vma_root(root);
return 0;
@@ -342,6 +343,7 @@
anon_vma = anon_vma_alloc();
if (!anon_vma)
goto out_error;
+ anon_vma->num_active_vmas++;
avc = anon_vma_chain_alloc(GFP_KERNEL);
if (!avc)
goto out_error_free_anon_vma;
@@ -362,7 +364,7 @@
vma->anon_vma = anon_vma;
anon_vma_lock_write(anon_vma);
anon_vma_chain_link(vma, avc, anon_vma);
- anon_vma->parent->degree++;
+ anon_vma->parent->num_children++;
anon_vma_unlock_write(anon_vma);
return 0;
@@ -394,7 +396,7 @@
* to free them outside the lock.
*/
if (RB_EMPTY_ROOT(&anon_vma->rb_root.rb_root)) {
- anon_vma->parent->degree--;
+ anon_vma->parent->num_children--;
continue;
}
@@ -402,7 +404,8 @@
anon_vma_chain_free(avc);
}
if (vma->anon_vma)
- vma->anon_vma->degree--;
+ vma->anon_vma->num_active_vmas--;
+
unlock_anon_vma_root(root);
/*
@@ -413,7 +416,8 @@
list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) {
struct anon_vma *anon_vma = avc->anon_vma;
- VM_WARN_ON(anon_vma->degree);
+ VM_WARN_ON(anon_vma->num_children);
+ VM_WARN_ON(anon_vma->num_active_vmas);
put_anon_vma(anon_vma);
list_del(&avc->same_vma);
