[PATCH] ashmem: Shrink directly through shmem_fallocate

[PATCH] ashmem: Shrink directly through shmem_fallocate

[Joel Fernandes]

From: Tobias Lindskog <tobias.lindskog@sonymobile.com>

When ashmem_shrink is called from direct reclaim on a user thread, a
call to do_fallocate will check for permissions against the security
policy of that user thread.  It can thus fail by chance if called on a
thread that isn't permitted to modify the relevant ashmem areas.

Because we know that we have a shmem file underneath, call the shmem
implementation of fallocate directly instead of going through the
user-space interface for fallocate.

Bug: 21951515
Signed-off-by: Tobias Lindskog <tobias.lindskog@sonymobile.com>
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
---
 drivers/staging/android/ashmem.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index a1a0025b59e0..23ff9ee80386 100644
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -444,9 +444,9 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
 		loff_t start = range->pgstart * PAGE_SIZE;
 		loff_t end = (range->pgend + 1) * PAGE_SIZE;
 
-		vfs_fallocate(range->asma->file,
-			      FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
-			      start, end - start);
+		range->asma->file->f_op->fallocate(range->asma->file,
+				FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
+				start, end - start);
 		range->purged = ASHMEM_WAS_PURGED;
 		lru_del(range);
 
-- 
2.18.0.203.gfac676dfb9-goog

Re: [PATCH] staging: android: ashmem: Shrink directly through shmem_fallocate

[Greg Kroah-Hartman]

On Fri, Jul 06, 2018 at 02:44:16PM -0700, Joel Fernandes wrote:
> From: Tobias Lindskog <tobias.lindskog@sonymobile.com>
> 
> When ashmem_shrink is called from direct reclaim on a user thread, a
> call to do_fallocate will check for permissions against the security
> policy of that user thread.  It can thus fail by chance if called on a
> thread that isn't permitted to modify the relevant ashmem areas.
> 
> Because we know that we have a shmem file underneath, call the shmem
> implementation of fallocate directly instead of going through the
> user-space interface for fallocate.
> 
> Bug: 21951515

What does this "Bug:" line mean to any of us?  :)

I'll go delete it, and I fixed up the subject to have 'staging: android'
in it as well.  Please do that next time.

thanks,

greg k-h

Re: [PATCH] staging: android: ashmem: Shrink directly through shmem_fallocate

[Joel Fernandes]

On Mon, Jul 16, 2018 at 11:48:51AM +0200, Greg Kroah-Hartman wrote:
> On Fri, Jul 06, 2018 at 02:44:16PM -0700, Joel Fernandes wrote:
> > From: Tobias Lindskog <tobias.lindskog@sonymobile.com>
> > 
> > When ashmem_shrink is called from direct reclaim on a user thread, a
> > call to do_fallocate will check for permissions against the security
> > policy of that user thread.  It can thus fail by chance if called on a
> > thread that isn't permitted to modify the relevant ashmem areas.
> > 
> > Because we know that we have a shmem file underneath, call the shmem
> > implementation of fallocate directly instead of going through the
> > user-space interface for fallocate.
> > 
> > Bug: 21951515
> 
> What does this "Bug:" line mean to any of us?  :)

Yeah I should have been more careful when sending Tobias's patch ;-)

> I'll go delete it, and I fixed up the subject to have 'staging: android'
> in it as well.  Please do that next time.

Sure will do, thanks for fixing it up this time. Sorry about that.

Regards,

-Joel