Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _LINUX_MMAN_H
3#define _LINUX_MMAN_H
4
5#include <linux/fs.h>
6#include <linux/mm.h>
7#include <linux/percpu_counter.h>
8
9#include <linux/atomic.h>
10#include <uapi/linux/mman.h>
11
12/*
13 * Arrange for legacy / undefined architecture specific flags to be
14 * ignored by mmap handling code.
15 */
16#ifndef MAP_32BIT
17#define MAP_32BIT 0
18#endif
19#ifndef MAP_ABOVE4G
20#define MAP_ABOVE4G 0
21#endif
22#ifndef MAP_HUGE_2MB
23#define MAP_HUGE_2MB 0
24#endif
25#ifndef MAP_HUGE_1GB
26#define MAP_HUGE_1GB 0
27#endif
28#ifndef MAP_UNINITIALIZED
29#define MAP_UNINITIALIZED 0
30#endif
31#ifndef MAP_SYNC
32#define MAP_SYNC 0
33#endif
34
35/*
36 * The historical set of flags that all mmap implementations implicitly
37 * support when a ->mmap_validate() op is not provided in file_operations.
38 *
39 * MAP_EXECUTABLE and MAP_DENYWRITE are completely ignored throughout the
40 * kernel.
41 */
42#define LEGACY_MAP_MASK (MAP_SHARED \
43 | MAP_PRIVATE \
44 | MAP_FIXED \
45 | MAP_ANONYMOUS \
46 | MAP_DENYWRITE \
47 | MAP_EXECUTABLE \
48 | MAP_UNINITIALIZED \
49 | MAP_GROWSDOWN \
50 | MAP_LOCKED \
51 | MAP_NORESERVE \
52 | MAP_POPULATE \
53 | MAP_NONBLOCK \
54 | MAP_STACK \
55 | MAP_HUGETLB \
56 | MAP_32BIT \
57 | MAP_ABOVE4G \
58 | MAP_HUGE_2MB \
59 | MAP_HUGE_1GB)
60
61extern int sysctl_overcommit_memory;
62extern int sysctl_overcommit_ratio;
63extern unsigned long sysctl_overcommit_kbytes;
64extern struct percpu_counter vm_committed_as;
65
66#ifdef CONFIG_SMP
67extern s32 vm_committed_as_batch;
68extern void mm_compute_batch(int overcommit_policy);
69#else
70#define vm_committed_as_batch 0
71static inline void mm_compute_batch(int overcommit_policy)
72{
73}
74#endif
75
76unsigned long vm_memory_committed(void);
77
78static inline void vm_acct_memory(long pages)
79{
80 percpu_counter_add_batch(&vm_committed_as, pages, vm_committed_as_batch);
81}
82
83static inline void vm_unacct_memory(long pages)
84{
85 vm_acct_memory(-pages);
86}
87
88/*
89 * Allow architectures to handle additional protection and flag bits. The
90 * overriding macros must be defined in the arch-specific asm/mman.h file.
91 */
92
93#ifndef arch_calc_vm_prot_bits
94#define arch_calc_vm_prot_bits(prot, pkey) 0
95#endif
96
97#ifndef arch_calc_vm_flag_bits
98#define arch_calc_vm_flag_bits(file, flags) 0
99#endif
100
101#ifndef arch_validate_prot
102/*
103 * This is called from mprotect(). PROT_GROWSDOWN and PROT_GROWSUP have
104 * already been masked out.
105 *
106 * Returns true if the prot flags are valid
107 */
108static inline bool arch_validate_prot(unsigned long prot, unsigned long addr)
109{
110 return (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM)) == 0;
111}
112#define arch_validate_prot arch_validate_prot
113#endif
114
115#ifndef arch_validate_flags
116/*
117 * This is called from mmap() and mprotect() with the updated vma->vm_flags.
118 *
119 * Returns true if the VM_* flags are valid.
120 */
121static inline bool arch_validate_flags(unsigned long flags)
122{
123 return true;
124}
125#define arch_validate_flags arch_validate_flags
126#endif
127
128/*
129 * Optimisation macro. It is equivalent to:
130 * (x & bit1) ? bit2 : 0
131 * but this version is faster.
132 * ("bit1" and "bit2" must be single bits)
133 */
134#define _calc_vm_trans(x, bit1, bit2) \
135 ((!(bit1) || !(bit2)) ? 0 : \
136 ((bit1) <= (bit2) ? ((x) & (bit1)) * ((bit2) / (bit1)) \
137 : ((x) & (bit1)) / ((bit1) / (bit2))))
138
139/*
140 * Combine the mmap "prot" argument into "vm_flags" used internally.
141 */
142static inline unsigned long
143calc_vm_prot_bits(unsigned long prot, unsigned long pkey)
144{
145 return _calc_vm_trans(prot, PROT_READ, VM_READ ) |
146 _calc_vm_trans(prot, PROT_WRITE, VM_WRITE) |
147 _calc_vm_trans(prot, PROT_EXEC, VM_EXEC) |
148 arch_calc_vm_prot_bits(prot, pkey);
149}
150
151/*
152 * Combine the mmap "flags" argument into "vm_flags" used internally.
153 */
154static inline unsigned long
155calc_vm_flag_bits(struct file *file, unsigned long flags)
156{
157 return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) |
158 _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) |
159 _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) |
160 _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) |
161 arch_calc_vm_flag_bits(file, flags);
162}
163
164unsigned long vm_commit_limit(void);
165
166#ifndef arch_memory_deny_write_exec_supported
167static inline bool arch_memory_deny_write_exec_supported(void)
168{
169 return true;
170}
171#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
172#endif
173
174/*
175 * Denies creating a writable executable mapping or gaining executable permissions.
176 *
177 * This denies the following:
178 *
179 * a) mmap(PROT_WRITE | PROT_EXEC)
180 *
181 * b) mmap(PROT_WRITE)
182 * mprotect(PROT_EXEC)
183 *
184 * c) mmap(PROT_WRITE)
185 * mprotect(PROT_READ)
186 * mprotect(PROT_EXEC)
187 *
188 * But allows the following:
189 *
190 * d) mmap(PROT_READ | PROT_EXEC)
191 * mmap(PROT_READ | PROT_EXEC | PROT_BTI)
192 *
193 * This is only applicable if the user has set the Memory-Deny-Write-Execute
194 * (MDWE) protection mask for the current process.
195 *
196 * @old specifies the VMA flags the VMA originally possessed, and @new the ones
197 * we propose to set.
198 *
199 * Return: false if proposed change is OK, true if not ok and should be denied.
200 */
201static inline bool map_deny_write_exec(unsigned long old, unsigned long new)
202{
203 /* If MDWE is disabled, we have nothing to deny. */
204 if (!test_bit(MMF_HAS_MDWE, ¤t->mm->flags))
205 return false;
206
207 /* If the new VMA is not executable, we have nothing to deny. */
208 if (!(new & VM_EXEC))
209 return false;
210
211 /* Under MDWE we do not accept newly writably executable VMAs... */
212 if (new & VM_WRITE)
213 return true;
214
215 /* ...nor previously non-executable VMAs becoming executable. */
216 if (!(old & VM_EXEC))
217 return true;
218
219 return false;
220}
221
222#endif /* _LINUX_MMAN_H */