On Thu, Sep 18, 2025 at 12:11:05PM -0700, Chris Mason wrote:
> On Wed, 10 Sep 2025 21:22:06 +0100 Lorenzo Stoakes
> <lorenzo.stoa...@oracle.com> wrote:
>
> > Update the mem char driver (backing /dev/mem and /dev/zero) to use
> > f_op->mmap_prepare hook rather than the deprecated f_op->mmap.
> >
> > The /dev/zero implementation has a very unique and rather concerning
> > characteristic in that it converts MAP_PRIVATE mmap() mappings anonymous
> > when they are, in fact, not.
> >
> > The new f_op->mmap_prepare() can support this, but rather than introducing
> > a helper function to perform this hack (and risk introducing other users),
> > simply set desc->vm_op to NULL here and add a comment describing what's
> > going on.
> >
> > We also introduce shmem_zero_setup_desc() to allow for the shared mapping
> > case via an f_op->mmap_prepare() hook, and generalise the code between this
> > and shmem_zero_setup().
> >
> > We also use the desc->action_error_hook to filter the remap error to
> > -EAGAIN to keep behaviour consistent.
> >
> > Signed-off-by: Lorenzo Stoakes <lorenzo.stoa...@oracle.com>
> > ---
> > drivers/char/mem.c | 75 ++++++++++++++++++++++------------------
> > include/linux/shmem_fs.h | 3 +-
> > mm/shmem.c | 40 ++++++++++++++++-----
> > 3 files changed, 76 insertions(+), 42 deletions(-)
> >
>
> [ ... ]
>
> > diff --git a/mm/shmem.c b/mm/shmem.c
> > index 990e33c6a776..cb6ff00eb4cb 100644
> > --- a/mm/shmem.c
> > +++ b/mm/shmem.c
>
> [ ... ]
>
> > @@ -5920,6 +5925,25 @@ int shmem_zero_setup(struct vm_area_struct *vma)
> > return 0;
> > }
> >
> > +/**
> > + * shmem_zero_setup_desc - same as shmem_zero_setup, but determined by VMA
> > + * descriptor for convenience.
> > + * @desc: Describes VMA
> > + * Returns: 0 on success, or error
> > + */
> > +int shmem_zero_setup_desc(struct vm_area_desc *desc)
> > +{
> > + struct file *file = __shmem_zero_setup(desc->start, desc->end,
> > desc->vm_flags);
> > +
> > + if (IS_ERR(file))
> > + return PTR_ERR(file);
> > +
> > + desc->vm_file = file;
> > + desc->vm_ops = &shmem_anon_vm_ops;
> > +
> > + return 0;
> > +}
> > +
>
> Hi Lorenzo,
>
> shmem_zero_setup() does a if (vma->vm_file) fput(vma->vm_file) dance.
>
> It looks like we need one here too?
No we don't, it's intentionally designed to avoid this because mmap_prepare is
done at a time prior to the file pointer having had been pinned like this.
This is necessary in mmap() but not in mmap_prepare(), equally you can just
assign VMA flags or any other field without any need for special helpers or
lock/refcount dances etc.
>
> -chris
Cheers, Lorenzo
