From: Matthew Wilcox <willy@infradead.org>
Date: Tue, 5 Mar 2019 23:46:06 +0000 (-0800)
Subject: mm/memory.c: prevent mapping typed pages to userspace
X-Git-Tag: v5.1-rc1~152^2~79
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=0ee930e6cafa048c1925893d0ca89918b2814f2c;p=uclinux-h8%2Flinux.git

mm/memory.c: prevent mapping typed pages to userspace

Pages which use page_type must never be mapped to userspace as it would
destroy their page type.  Add an explicit check for this instead of
assuming that kernel drivers always get this right.

Link: http://lkml.kernel.org/r/20190129053830.3749-1-willy@infradead.org
Signed-off-by: Matthew Wilcox <willy@infradead.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/mm/memory.c b/mm/memory.c
index a9897dcd530f..79e0173a7d70 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1452,7 +1452,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
 	spinlock_t *ptl;
 
 	retval = -EINVAL;
-	if (PageAnon(page) || PageSlab(page))
+	if (PageAnon(page) || PageSlab(page) || page_has_type(page))
 		goto out;
 	retval = -ENOMEM;
 	flush_dcache_page(page);