From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sun, 19 Nov 2017 16:21:10 +0000 (-0500)
Subject: get_user_pages_unlocked(): pass true to __get_user_pages_locked() notify_drop
X-Git-Tag: v4.16-rc1~144^2~2
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=14cb138d7c1c749d81dc3e66cd70f7a884e1da56;p=linux.git

get_user_pages_unlocked(): pass true to __get_user_pages_locked() notify_drop

Equivalent transformation - the only place in __get_user_pages_locked()
where we look at notify_drop argument is
	if (notify_drop && lock_dropped && *locked) {
		up_read(&mm->mmap_sem);
		*locked = 0;
	}
in the very end.  Changing notify_drop from false to true won't change
behaviour unless *locked is non-zero.  The caller is
        ret = __get_user_pages_locked(current, mm, start, nr_pages, pages, NULL,
			      &locked, false, gup_flags | FOLL_TOUCH);
	if (locked)
		up_read(&mm->mmap_sem);
so in that case the original kernel would have done up_read() right after
return from __get_user_pages_locked(), while the modified one would've done
it right before the return.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/mm/gup.c b/mm/gup.c
index e7b9f5e97479..9418cbb3b1ad 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -988,7 +988,7 @@ long get_user_pages_unlocked(unsigned long start, unsigned long nr_pages,
 
 	down_read(&mm->mmap_sem);
 	ret = __get_user_pages_locked(current, mm, start, nr_pages, pages, NULL,
-				      &locked, false, gup_flags | FOLL_TOUCH);
+				      &locked, true, gup_flags | FOLL_TOUCH);
 	if (locked)
 		up_read(&mm->mmap_sem);
 	return ret;