Revert "Revert "android: binder: stop saving a pointer to the VMA""

This reverts commit 72a94f8c14. It breaks the Android KABI and will be brought back at a later time when it is safe to do so. Bug: 161946584 Change-Id: Iabf372c25f49e6deaf6c1d137b47c39608bb2187 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2026-06-05 10:31:46 +09:00 · 2023-06-13 19:37:42 +00:00
parent 896fd52618
commit f9689ed69b
3 changed files with 11 additions and 12 deletions
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -214,7 +214,7 @@ static int binder_update_page_range(struct binder_alloc *alloc, int allocate,
 	if (mm) {
 		mmap_read_lock(mm);
-		vma = alloc->vma;
+		vma = vma_lookup(mm, alloc->vma_addr);
 	}
 	if (!vma && need_mm) {
@@ -315,11 +315,9 @@ static inline struct vm_area_struct *binder_alloc_get_vma(
 {
 	struct vm_area_struct *vma = NULL;
-	if (alloc->vma) {
+	if (alloc->vma_addr)
-		/* Look at description in binder_alloc_set_vma */
+		vma = vma_lookup(alloc->mm, alloc->vma_addr);
-		smp_rmb();
+
 		vma = alloc->vma;
 	}
 	return vma;
 }
@@ -779,7 +777,7 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
 	buffer->free = 1;
 	binder_insert_free_buffer(alloc, buffer);
 	alloc->free_async_space = alloc->buffer_size / 2;
-	alloc->vma = vma;
+	alloc->vma_addr = vma->vm_start;
 	return 0;
@@ -809,7 +807,8 @@ void binder_alloc_deferred_release(struct binder_alloc *alloc)
 	buffers = 0;
 	mutex_lock(&alloc->mutex);
-	BUG_ON(alloc->vma);
+	BUG_ON(alloc->vma_addr &&
 	       vma_lookup(alloc->mm, alloc->vma_addr));
 	while ((n = rb_first(&alloc->allocated_buffers))) {
 		buffer = rb_entry(n, struct binder_buffer, rb_node);
@@ -961,7 +960,7 @@ int binder_alloc_get_allocated_count(struct binder_alloc *alloc)
 */
 void binder_alloc_vma_close(struct binder_alloc *alloc)
 {
-	alloc->vma = 0;
+	alloc->vma_addr = 0;
 }
 /**
--- a/drivers/android/binder_alloc.h
+++ b/drivers/android/binder_alloc.h
@@ -75,7 +75,7 @@ struct binder_lru_page {
 /**
 * struct binder_alloc - per-binder proc state for binder allocator
 * @mutex:              protects binder_alloc fields
- * @vma:                vm_area_struct passed to mmap_handler
+ * @vma_addr:           vm_area_struct->vm_start passed to mmap_handler
 *                      (invariant after mmap)
 * @mm:                 copy of task->mm (invariant after open)
 * @buffer:             base of per-proc address space mapped via mmap
@@ -99,7 +99,7 @@ struct binder_lru_page {
 */
 struct binder_alloc {
 	struct mutex mutex;
-	struct vm_area_struct *vma;
+	unsigned long vma_addr;
 	struct mm_struct *mm;
 	void __user *buffer;
 	struct list_head buffers;
--- a/drivers/android/binder_alloc_selftest.c
+++ b/drivers/android/binder_alloc_selftest.c
@@ -287,7 +287,7 @@ void binder_selftest_alloc(struct binder_alloc *alloc)
 	if (!binder_selftest_run)
 		return;
 	mutex_lock(&binder_selftest_lock);
-	if (!binder_selftest_run || !alloc->vma)
+	if (!binder_selftest_run || !alloc->vma_addr)
 		goto done;
 	pr_info("STARTED\n");
 	binder_selftest_alloc_offset(alloc, end_offset, 0);