LXR linux/mm/nommu.c

   1/*
   2 *  linux/mm/nommu.c
   3 *
   4 *  Replacement code for mm functions to support CPU's that don't
   5 *  have any form of memory management unit (thus no virtual memory).
   6 *
   7 *  See Documentation/nommu-mmap.txt
   8 *
   9 *  Copyright (c) 2004-2005 David Howells <dhowells@redhat.com>
  10 *  Copyright (c) 2000-2003 David McCullough <davidm@snapgear.com>
  11 *  Copyright (c) 2000-2001 D Jeff Dionne <jeff@uClinux.org>
  12 *  Copyright (c) 2002      Greg Ungerer <gerg@snapgear.com>
  13 *  Copyright (c) 2007      Paul Mundt <lethal@linux-sh.org>
  14 */
  15
  16#include <linux/module.h>
  17#include <linux/mm.h>
  18#include <linux/mman.h>
  19#include <linux/swap.h>
  20#include <linux/file.h>
  21#include <linux/highmem.h>
  22#include <linux/pagemap.h>
  23#include <linux/slab.h>
  24#include <linux/vmalloc.h>
  25#include <linux/ptrace.h>
  26#include <linux/blkdev.h>
  27#include <linux/backing-dev.h>
  28#include <linux/mount.h>
  29#include <linux/personality.h>
  30#include <linux/security.h>
  31#include <linux/syscalls.h>
  32
  33#include <asm/uaccess.h>
  34#include <asm/tlb.h>
  35#include <asm/tlbflush.h>
  36
  37void *high_memory;
  38struct page *mem_map;
  39unsigned long max_mapnr;
  40unsigned long num_physpages;
  41unsigned long askedalloc, realalloc;
  42atomic_t vm_committed_space = ATOMIC_INIT(0);
  43int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
  44int sysctl_overcommit_ratio = 50; /* default is 50% */
  45int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
  46int heap_stack_gap = 0;
  47
  48EXPORT_SYMBOL(mem_map);
  49EXPORT_SYMBOL(num_physpages);
  50
  51/* list of shareable VMAs */
  52struct rb_root nommu_vma_tree = RB_ROOT;
  53DECLARE_RWSEM(nommu_vma_sem);
  54
  55struct vm_operations_struct generic_file_vm_ops = {
  56};
  57
  58/*
  59 * Handle all mappings that got truncated by a "truncate()"
  60 * system call.
  61 *
  62 * NOTE! We have to be ready to update the memory sharing
  63 * between the file and the memory map for a potential last
  64 * incomplete page.  Ugly, but necessary.
  65 */
  66int vmtruncate(struct inode *inode, loff_t offset)
  67{
  68        struct address_space *mapping = inode->i_mapping;
  69        unsigned long limit;
  70
  71        if (inode->i_size < offset)
  72                goto do_expand;
  73        i_size_write(inode, offset);
  74
  75        truncate_inode_pages(mapping, offset);
  76        goto out_truncate;
  77
  78do_expand:
  79        limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
  80        if (limit != RLIM_INFINITY && offset > limit)
  81                goto out_sig;
  82        if (offset > inode->i_sb->s_maxbytes)
  83                goto out;
  84        i_size_write(inode, offset);
  85
  86out_truncate:
  87        if (inode->i_op && inode->i_op->truncate)
  88                inode->i_op->truncate(inode);
  89        return 0;
  90out_sig:
  91        send_sig(SIGXFSZ, current, 0);
  92out:
  93        return -EFBIG;
  94}
  95
  96EXPORT_SYMBOL(vmtruncate);
  97
  98/*
  99 * Return the total memory allocated for this pointer, not
 100 * just what the caller asked for.
 101 *
 102 * Doesn't have to be accurate, i.e. may have races.
 103 */
 104unsigned int kobjsize(const void *objp)
 105{
 106        struct page *page;
 107
 108        if (!objp || !((page = virt_to_page(objp))))
 109                return 0;
 110
 111        if (PageSlab(page))
 112                return ksize(objp);
 113
 114        BUG_ON(page->index < 0);
 115        BUG_ON(page->index >= MAX_ORDER);
 116
 117        return (PAGE_SIZE << page->index);
 118}
 119
 120/*
 121 * get a list of pages in an address range belonging to the specified process
 122 * and indicate the VMA that covers each page
 123 * - this is potentially dodgy as we may end incrementing the page count of a
 124 *   slab page or a secondary page from a compound page
 125 * - don't permit access to VMAs that don't support it, such as I/O mappings
 126 */
 127int get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
 128        unsigned long start, int len, int write, int force,
 129        struct page **pages, struct vm_area_struct **vmas)
 130{
 131        struct vm_area_struct *vma;
 132        unsigned long vm_flags;
 133        int i;
 134
 135        /* calculate required read or write permissions.
 136         * - if 'force' is set, we only require the "MAY" flags.
 137         */
 138        vm_flags  = write ? (VM_WRITE | VM_MAYWRITE) : (VM_READ | VM_MAYREAD);
 139        vm_flags &= force ? (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
 140
 141        for (i = 0; i < len; i++) {
 142                vma = find_vma(mm, start);
 143                if (!vma)
 144                        goto finish_or_fault;
 145
 146                /* protect what we can, including chardevs */
 147                if (vma->vm_flags & (VM_IO | VM_PFNMAP) ||
 148                    !(vm_flags & vma->vm_flags))
 149                        goto finish_or_fault;
 150
 151                if (pages) {
 152                        pages[i] = virt_to_page(start);
 153                        if (pages[i])
 154                                page_cache_get(pages[i]);
 155                }
 156                if (vmas)
 157                        vmas[i] = vma;
 158                start += PAGE_SIZE;
 159        }
 160
 161        return i;
 162
 163finish_or_fault:
 164        return i ? : -EFAULT;
 165}
 166EXPORT_SYMBOL(get_user_pages);
 167
 168DEFINE_RWLOCK(vmlist_lock);
 169struct vm_struct *vmlist;
 170
 171void vfree(const void *addr)
 172{
 173        kfree(addr);
 174}
 175EXPORT_SYMBOL(vfree);
 176
 177void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
 178{
 179        /*
 180         *  You can't specify __GFP_HIGHMEM with kmalloc() since kmalloc()
 181         * returns only a logical address.
 182         */
 183        return kmalloc(size, (gfp_mask | __GFP_COMP) & ~__GFP_HIGHMEM);
 184}
 185EXPORT_SYMBOL(__vmalloc);
 186
 187void *vmalloc_user(unsigned long size)
 188{
 189        void *ret;
 190
 191        ret = __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO,
 192                        PAGE_KERNEL);
 193        if (ret) {
 194                struct vm_area_struct *vma;
 195
 196                down_write(&current->mm->mmap_sem);
 197                vma = find_vma(current->mm, (unsigned long)ret);
 198                if (vma)
 199                        vma->vm_flags |= VM_USERMAP;
 200                up_write(&current->mm->mmap_sem);
 201        }
 202
 203        return ret;
 204}
 205EXPORT_SYMBOL(vmalloc_user);
 206
 207struct page *vmalloc_to_page(const void *addr)
 208{
 209        return virt_to_page(addr);
 210}
 211EXPORT_SYMBOL(vmalloc_to_page);
 212
 213unsigned long vmalloc_to_pfn(const void *addr)
 214{
 215        return page_to_pfn(virt_to_page(addr));
 216}
 217EXPORT_SYMBOL(vmalloc_to_pfn);
 218
 219long vread(char *buf, char *addr, unsigned long count)
 220{
 221        memcpy(buf, addr, count);
 222        return count;
 223}
 224
 225long vwrite(char *buf, char *addr, unsigned long count)
 226{
 227        /* Don't allow overflow */
 228        if ((unsigned long) addr + count < count)
 229                count = -(unsigned long) addr;
 230
 231        memcpy(addr, buf, count);
 232        return(count);
 233}
 234
 235/*
 236 *      vmalloc  -  allocate virtually continguos memory
 237 *
 238 *      @size:          allocation size
 239 *
 240 *      Allocate enough pages to cover @size from the page level
 241 *      allocator and map them into continguos kernel virtual space.
 242 *
 243 *      For tight control over page level allocator and protection flags
 244 *      use __vmalloc() instead.
 245 */
 246void *vmalloc(unsigned long size)
 247{
 248       return __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL);
 249}
 250EXPORT_SYMBOL(vmalloc);
 251
 252void *vmalloc_node(unsigned long size, int node)
 253{
 254        return vmalloc(size);
 255}
 256EXPORT_SYMBOL(vmalloc_node);
 257
 258/**
 259 * vmalloc_32  -  allocate virtually contiguous memory (32bit addressable)
 260 *      @size:          allocation size
 261 *
 262 *      Allocate enough 32bit PA addressable pages to cover @size from the
 263 *      page level allocator and map them into continguos kernel virtual space.
 264 */
 265void *vmalloc_32(unsigned long size)
 266{
 267        return __vmalloc(size, GFP_KERNEL, PAGE_KERNEL);
 268}
 269EXPORT_SYMBOL(vmalloc_32);
 270
 271/**
 272 * vmalloc_32_user - allocate zeroed virtually contiguous 32bit memory
 273 *      @size:          allocation size
 274 *
 275 * The resulting memory area is 32bit addressable and zeroed so it can be
 276 * mapped to userspace without leaking data.
 277 *
 278 * VM_USERMAP is set on the corresponding VMA so that subsequent calls to
 279 * remap_vmalloc_range() are permissible.
 280 */
 281void *vmalloc_32_user(unsigned long size)
 282{
 283        /*
 284         * We'll have to sort out the ZONE_DMA bits for 64-bit,
 285         * but for now this can simply use vmalloc_user() directly.
 286         */
 287        return vmalloc_user(size);
 288}
 289EXPORT_SYMBOL(vmalloc_32_user);
 290
 291void *vmap(struct page **pages, unsigned int count, unsigned long flags, pgprot_t prot)
 292{
 293        BUG();
 294        return NULL;
 295}
 296EXPORT_SYMBOL(vmap);
 297
 298void vunmap(const void *addr)
 299{
 300        BUG();
 301}
 302EXPORT_SYMBOL(vunmap);
 303
 304/*
 305 * Implement a stub for vmalloc_sync_all() if the architecture chose not to
 306 * have one.
 307 */
 308void  __attribute__((weak)) vmalloc_sync_all(void)
 309{
 310}
 311
 312int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
 313                   struct page *page)
 314{
 315        return -EINVAL;
 316}
 317EXPORT_SYMBOL(vm_insert_page);
 318
 319/*
 320 *  sys_brk() for the most part doesn't need the global kernel
 321 *  lock, except when an application is doing something nasty
 322 *  like trying to un-brk an area that has already been mapped
 323 *  to a regular file.  in this case, the unmapping will need
 324 *  to invoke file system routines that need the global lock.
 325 */
 326asmlinkage unsigned long sys_brk(unsigned long brk)
 327{
 328        struct mm_struct *mm = current->mm;
 329
 330        if (brk < mm->start_brk || brk > mm->context.end_brk)
 331                return mm->brk;
 332
 333        if (mm->brk == brk)
 334                return mm->brk;
 335
 336        /*
 337         * Always allow shrinking brk
 338         */
 339        if (brk <= mm->brk) {
 340                mm->brk = brk;
 341                return brk;
 342        }
 343
 344        /*
 345         * Ok, looks good - let it rip.
 346         */
 347        return mm->brk = brk;
 348}
 349
 350#ifdef DEBUG
 351static void show_process_blocks(void)
 352{
 353        struct vm_list_struct *vml;
 354
 355        printk("Process blocks %d:", current->pid);
 356
 357        for (vml = &current->mm->context.vmlist; vml; vml = vml->next) {
 358                printk(" %p: %p", vml, vml->vma);
 359                if (vml->vma)
 360                        printk(" (%d @%lx #%d)",
 361                               kobjsize((void *) vml->vma->vm_start),
 362                               vml->vma->vm_start,
 363                               atomic_read(&vml->vma->vm_usage));
 364                printk(vml->next ? " ->" : ".\n");
 365        }
 366}
 367#endif /* DEBUG */
 368
 369/*
 370 * add a VMA into a process's mm_struct in the appropriate place in the list
 371 * - should be called with mm->mmap_sem held writelocked
 372 */
 373static void add_vma_to_mm(struct mm_struct *mm, struct vm_list_struct *vml)
 374{
 375        struct vm_list_struct **ppv;
 376
 377        for (ppv = &current->mm->context.vmlist; *ppv; ppv = &(*ppv)->next)
 378                if ((*ppv)->vma->vm_start > vml->vma->vm_start)
 379                        break;
 380
 381        vml->next = *ppv;
 382        *ppv = vml;
 383}
 384
 385/*
 386 * look up the first VMA in which addr resides, NULL if none
 387 * - should be called with mm->mmap_sem at least held readlocked
 388 */
 389struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
 390{
 391        struct vm_list_struct *loop, *vml;
 392
 393        /* search the vm_start ordered list */
 394        vml = NULL;
 395        for (loop = mm->context.vmlist; loop; loop = loop->next) {
 396                if (loop->vma->vm_start > addr)
 397                        break;
 398                vml = loop;
 399        }
 400
 401        if (vml && vml->vma->vm_end > addr)
 402                return vml->vma;
 403
 404        return NULL;
 405}
 406EXPORT_SYMBOL(find_vma);
 407
 408/*
 409 * find a VMA
 410 * - we don't extend stack VMAs under NOMMU conditions
 411 */
 412struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr)
 413{
 414        return find_vma(mm, addr);
 415}
 416
 417int expand_stack(struct vm_area_struct *vma, unsigned long address)
 418{
 419        return -ENOMEM;
 420}
 421
 422/*
 423 * look up the first VMA exactly that exactly matches addr
 424 * - should be called with mm->mmap_sem at least held readlocked
 425 */
 426static inline struct vm_area_struct *find_vma_exact(struct mm_struct *mm,
 427                                                    unsigned long addr)
 428{
 429        struct vm_list_struct *vml;
 430
 431        /* search the vm_start ordered list */
 432        for (vml = mm->context.vmlist; vml; vml = vml->next) {
 433                if (vml->vma->vm_start == addr)
 434                        return vml->vma;
 435                if (vml->vma->vm_start > addr)
 436                        break;
 437        }
 438
 439        return NULL;
 440}
 441
 442/*
 443 * find a VMA in the global tree
 444 */
 445static inline struct vm_area_struct *find_nommu_vma(unsigned long start)
 446{
 447        struct vm_area_struct *vma;
 448        struct rb_node *n = nommu_vma_tree.rb_node;
 449
 450        while (n) {
 451                vma = rb_entry(n, struct vm_area_struct, vm_rb);
 452
 453                if (start < vma->vm_start)
 454                        n = n->rb_left;
 455                else if (start > vma->vm_start)
 456                        n = n->rb_right;
 457                else
 458                        return vma;
 459        }
 460
 461        return NULL;
 462}
 463
 464/*
 465 * add a VMA in the global tree
 466 */
 467static void add_nommu_vma(struct vm_area_struct *vma)
 468{
 469        struct vm_area_struct *pvma;
 470        struct address_space *mapping;
 471        struct rb_node **p = &nommu_vma_tree.rb_node;
 472        struct rb_node *parent = NULL;
 473
 474        /* add the VMA to the mapping */
 475        if (vma->vm_file) {
 476                mapping = vma->vm_file->f_mapping;
 477
 478                flush_dcache_mmap_lock(mapping);
 479                vma_prio_tree_insert(vma, &mapping->i_mmap);
 480                flush_dcache_mmap_unlock(mapping);
 481        }
 482
 483        /* add the VMA to the master list */
 484        while (*p) {
 485                parent = *p;
 486                pvma = rb_entry(parent, struct vm_area_struct, vm_rb);
 487
 488                if (vma->vm_start < pvma->vm_start) {
 489                        p = &(*p)->rb_left;
 490                }
 491                else if (vma->vm_start > pvma->vm_start) {
 492                        p = &(*p)->rb_right;
 493                }
 494                else {
 495                        /* mappings are at the same address - this can only
 496                         * happen for shared-mem chardevs and shared file
 497                         * mappings backed by ramfs/tmpfs */
 498                        BUG_ON(!(pvma->vm_flags & VM_SHARED));
 499
 500                        if (vma < pvma)
 501                                p = &(*p)->rb_left;
 502                        else if (vma > pvma)
 503                                p = &(*p)->rb_right;
 504                        else
 505                                BUG();
 506                }
 507        }
 508
 509        rb_link_node(&vma->vm_rb, parent, p);
 510        rb_insert_color(&vma->vm_rb, &nommu_vma_tree);
 511}
 512
 513/*
 514 * delete a VMA from the global list
 515 */
 516static void delete_nommu_vma(struct vm_area_struct *vma)
 517{
 518        struct address_space *mapping;
 519
 520        /* remove the VMA from the mapping */
 521        if (vma->vm_file) {
 522                mapping = vma->vm_file->f_mapping;
 523
 524                flush_dcache_mmap_lock(mapping);
 525                vma_prio_tree_remove(vma, &mapping->i_mmap);
 526                flush_dcache_mmap_unlock(mapping);
 527        }
 528
 529        /* remove from the master list */
 530        rb_erase(&vma->vm_rb, &nommu_vma_tree);
 531}
 532
 533/*
 534 * determine whether a mapping should be permitted and, if so, what sort of
 535 * mapping we're capable of supporting
 536 */
 537static int validate_mmap_request(struct file *file,
 538                                 unsigned long addr,
 539                                 unsigned long len,
 540                                 unsigned long prot,
 541                                 unsigned long flags,
 542                                 unsigned long pgoff,
 543                                 unsigned long *_capabilities)
 544{
 545        unsigned long capabilities;
 546        unsigned long reqprot = prot;
 547        int ret;
 548
 549        /* do the simple checks first */
 550        if (flags & MAP_FIXED || addr) {
 551                printk(KERN_DEBUG
 552                       "%d: Can't do fixed-address/overlay mmap of RAM\n",
 553                       current->pid);
 554                return -EINVAL;
 555        }
 556
 557        if ((flags & MAP_TYPE) != MAP_PRIVATE &&
 558            (flags & MAP_TYPE) != MAP_SHARED)
 559                return -EINVAL;
 560
 561        if (!len)
 562                return -EINVAL;
 563
 564        /* Careful about overflows.. */
 565        len = PAGE_ALIGN(len);
 566        if (!len || len > TASK_SIZE)
 567                return -ENOMEM;
 568
 569        /* offset overflow? */
 570        if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
 571                return -EOVERFLOW;
 572
 573        if (file) {
 574                /* validate file mapping requests */
 575                struct address_space *mapping;
 576
 577                /* files must support mmap */
 578                if (!file->f_op || !file->f_op->mmap)
 579                        return -ENODEV;
 580
 581                /* work out if what we've got could possibly be shared
 582                 * - we support chardevs that provide their own "memory"
 583                 * - we support files/blockdevs that are memory backed
 584                 */
 585                mapping = file->f_mapping;
 586                if (!mapping)
 587                        mapping = file->f_path.dentry->d_inode->i_mapping;
 588
 589                capabilities = 0;
 590                if (mapping && mapping->backing_dev_info)
 591                        capabilities = mapping->backing_dev_info->capabilities;
 592
 593                if (!capabilities) {
 594                        /* no explicit capabilities set, so assume some
 595                         * defaults */
 596                        switch (file->f_path.dentry->d_inode->i_mode & S_IFMT) {
 597                        case S_IFREG:
 598                        case S_IFBLK:
 599                                capabilities = BDI_CAP_MAP_COPY;
 600                                break;
 601
 602                        case S_IFCHR:
 603                                capabilities =
 604                                        BDI_CAP_MAP_DIRECT |
 605                                        BDI_CAP_READ_MAP |
 606                                        BDI_CAP_WRITE_MAP;
 607                                break;
 608
 609                        default:
 610                                return -EINVAL;
 611                        }
 612                }
 613
 614                /* eliminate any capabilities that we can't support on this
 615                 * device */
 616                if (!file->f_op->get_unmapped_area)
 617                        capabilities &= ~BDI_CAP_MAP_DIRECT;
 618                if (!file->f_op->read)
 619                        capabilities &= ~BDI_CAP_MAP_COPY;
 620
 621                if (flags & MAP_SHARED) {
 622                        /* do checks for writing, appending and locking */
 623                        if ((prot & PROT_WRITE) &&
 624                            !(file->f_mode & FMODE_WRITE))
 625                                return -EACCES;
 626
 627                        if (IS_APPEND(file->f_path.dentry->d_inode) &&
 628                            (file->f_mode & FMODE_WRITE))
 629                                return -EACCES;
 630
 631                        if (locks_verify_locked(file->f_path.dentry->d_inode))
 632                                return -EAGAIN;
 633
 634                        if (!(capabilities & BDI_CAP_MAP_DIRECT))
 635                                return -ENODEV;
 636
 637                        if (((prot & PROT_READ)  && !(capabilities & BDI_CAP_READ_MAP))  ||
 638                            ((prot & PROT_WRITE) && !(capabilities & BDI_CAP_WRITE_MAP)) ||
 639                            ((prot & PROT_EXEC)  && !(capabilities & BDI_CAP_EXEC_MAP))
 640                            ) {
 641                                printk("MAP_SHARED not completely supported on !MMU\n");
 642                                return -EINVAL;
 643                        }
 644
 645                        /* we mustn't privatise shared mappings */
 646                        capabilities &= ~BDI_CAP_MAP_COPY;
 647                }
 648                else {
 649                        /* we're going to read the file into private memory we
 650                         * allocate */
 651                        if (!(capabilities & BDI_CAP_MAP_COPY))
 652                                return -ENODEV;
 653
 654                        /* we don't permit a private writable mapping to be
 655                         * shared with the backing device */
 656                        if (prot & PROT_WRITE)
 657                                capabilities &= ~BDI_CAP_MAP_DIRECT;
 658                }
 659
 660                /* handle executable mappings and implied executable
 661                 * mappings */
 662                if (file->f_path.mnt->mnt_flags & MNT_NOEXEC) {
 663                        if (prot & PROT_EXEC)
 664                                return -EPERM;
 665                }
 666                else if ((prot & PROT_READ) && !(prot & PROT_EXEC)) {
 667                        /* handle implication of PROT_EXEC by PROT_READ */
 668                        if (current->personality & READ_IMPLIES_EXEC) {
 669                                if (capabilities & BDI_CAP_EXEC_MAP)
 670                                        prot |= PROT_EXEC;
 671                        }
 672                }
 673                else if ((prot & PROT_READ) &&
 674                         (prot & PROT_EXEC) &&
 675                         !(capabilities & BDI_CAP_EXEC_MAP)
 676                         ) {
 677                        /* backing file is not executable, try to copy */
 678                        capabilities &= ~BDI_CAP_MAP_DIRECT;
 679                }
 680        }
 681        else {
 682                /* anonymous mappings are always memory backed and can be
 683                 * privately mapped
 684                 */
 685                capabilities = BDI_CAP_MAP_COPY;
 686
 687                /* handle PROT_EXEC implication by PROT_READ */
 688                if ((prot & PROT_READ) &&
 689                    (current->personality & READ_IMPLIES_EXEC))
 690                        prot |= PROT_EXEC;
 691        }
 692
 693        /* allow the security API to have its say */
 694        ret = security_file_mmap(file, reqprot, prot, flags, addr, 0);
 695        if (ret < 0)
 696                return ret;
 697
 698        /* looks okay */
 699        *_capabilities = capabilities;
 700        return 0;
 701}
 702
 703/*
 704 * we've determined that we can make the mapping, now translate what we
 705 * now know into VMA flags
 706 */
 707static unsigned long determine_vm_flags(struct file *file,
 708                                        unsigned long prot,
 709                                        unsigned long flags,
 710                                        unsigned long capabilities)
 711{
 712        unsigned long vm_flags;
 713
 714        vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags);
 715        vm_flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
 716        /* vm_flags |= mm->def_flags; */
 717
 718        if (!(capabilities & BDI_CAP_MAP_DIRECT)) {
 719                /* attempt to share read-only copies of mapped file chunks */
 720                if (file && !(prot & PROT_WRITE))
 721                        vm_flags |= VM_MAYSHARE;
 722        }
 723        else {
 724                /* overlay a shareable mapping on the backing device or inode
 725                 * if possible - used for chardevs, ramfs/tmpfs/shmfs and
 726                 * romfs/cramfs */
 727                if (flags & MAP_SHARED)
 728                        vm_flags |= VM_MAYSHARE | VM_SHARED;
 729                else if ((((vm_flags & capabilities) ^ vm_flags) & BDI_CAP_VMFLAGS) == 0)
 730                        vm_flags |= VM_MAYSHARE;
 731        }
 732
 733        /* refuse to let anyone share private mappings with this process if
 734         * it's being traced - otherwise breakpoints set in it may interfere
 735         * with another untraced process
 736         */
 737        if ((flags & MAP_PRIVATE) && (current->ptrace & PT_PTRACED))
 738                vm_flags &= ~VM_MAYSHARE;
 739
 740        return vm_flags;
 741}
 742
 743/*
 744 * set up a shared mapping on a file
 745 */
 746static int do_mmap_shared_file(struct vm_area_struct *vma, unsigned long len)
 747{
 748        int ret;
 749
 750        ret = vma->vm_file->f_op->mmap(vma->vm_file, vma);
 751        if (ret != -ENOSYS)
 752                return ret;
 753
 754        /* getting an ENOSYS error indicates that direct mmap isn't
 755         * possible (as opposed to tried but failed) so we'll fall
 756         * through to making a private copy of the data and mapping
 757         * that if we can */
 758        return -ENODEV;
 759}
 760
 761/*
 762 * set up a private mapping or an anonymous shared mapping
 763 */
 764static int do_mmap_private(struct vm_area_struct *vma, unsigned long len)
 765{
 766        void *base;
 767        int ret;
 768
 769        /* invoke the file's mapping function so that it can keep track of
 770         * shared mappings on devices or memory
 771         * - VM_MAYSHARE will be set if it may attempt to share
 772         */
 773        if (vma->vm_file) {
 774                ret = vma->vm_file->f_op->mmap(vma->vm_file, vma);
 775                if (ret != -ENOSYS) {
 776                        /* shouldn't return success if we're not sharing */
 777                        BUG_ON(ret == 0 && !(vma->vm_flags & VM_MAYSHARE));
 778                        return ret; /* success or a real error */
 779                }
 780
 781                /* getting an ENOSYS error indicates that direct mmap isn't
 782                 * possible (as opposed to tried but failed) so we'll try to
 783                 * make a private copy of the data and map that instead */
 784        }
 785
 786        /* allocate some memory to hold the mapping
 787         * - note that this may not return a page-aligned address if the object
 788         *   we're allocating is smaller than a page
 789         */
 790        base = kmalloc(len, GFP_KERNEL|__GFP_COMP);
 791        if (!base)
 792                goto enomem;
 793
 794        vma->vm_start = (unsigned long) base;
 795        vma->vm_end = vma->vm_start + len;
 796        vma->vm_flags |= VM_MAPPED_COPY;
 797
 798#ifdef WARN_ON_SLACK
 799        if (len + WARN_ON_SLACK <= kobjsize(result))
 800                printk("Allocation of %lu bytes from process %d has %lu bytes of slack\n",
 801                       len, current->pid, kobjsize(result) - len);
 802#endif
 803
 804        if (vma->vm_file) {
 805                /* read the contents of a file into the copy */
 806                mm_segment_t old_fs;
 807                loff_t fpos;
 808
 809                fpos = vma->vm_pgoff;
 810                fpos <<= PAGE_SHIFT;
 811
 812                old_fs = get_fs();
 813                set_fs(KERNEL_DS);
 814                ret = vma->vm_file->f_op->read(vma->vm_file, base, len, &fpos);
 815                set_fs(old_fs);
 816
 817                if (ret < 0)
 818                        goto error_free;
 819
 820                /* clear the last little bit */
 821                if (ret < len)
 822                        memset(base + ret, 0, len - ret);
 823
 824        } else {
 825                /* if it's an anonymous mapping, then just clear it */
 826                memset(base, 0, len);
 827        }
 828
 829        return 0;
 830
 831error_free:
 832        kfree(base);
 833        vma->vm_start = 0;
 834        return ret;
 835
 836enomem:
 837        printk("Allocation of length %lu from process %d failed\n",
 838               len, current->pid);
 839        show_free_areas();
 840        return -ENOMEM;
 841}
 842
 843/*
 844 * handle mapping creation for uClinux
 845 */
 846unsigned long do_mmap_pgoff(struct file *file,
 847                            unsigned long addr,
 848                            unsigned long len,
 849                            unsigned long prot,
 850                            unsigned long flags,
 851                            unsigned long pgoff)
 852{
 853        struct vm_list_struct *vml = NULL;
 854        struct vm_area_struct *vma = NULL;
 855        struct rb_node *rb;
 856        unsigned long capabilities, vm_flags;
 857        void *result;
 858        int ret;
 859
 860        if (!(flags & MAP_FIXED))
 861                addr = round_hint_to_min(addr);
 862
 863        /* decide whether we should attempt the mapping, and if so what sort of
 864         * mapping */
 865        ret = validate_mmap_request(file, addr, len, prot, flags, pgoff,
 866                                    &capabilities);
 867        if (ret < 0)
 868                return ret;
 869
 870        /* we've determined that we can make the mapping, now translate what we
 871         * now know into VMA flags */
 872        vm_flags = determine_vm_flags(file, prot, flags, capabilities);
 873
 874        /* we're going to need to record the mapping if it works */
 875        vml = kzalloc(sizeof(struct vm_list_struct), GFP_KERNEL);
 876        if (!vml)
 877                goto error_getting_vml;
 878
 879        down_write(&nommu_vma_sem);
 880
 881        /* if we want to share, we need to check for VMAs created by other
 882         * mmap() calls that overlap with our proposed mapping
 883         * - we can only share with an exact match on most regular files
 884         * - shared mappings on character devices and memory backed files are
 885         *   permitted to overlap inexactly as far as we are concerned for in
 886         *   these cases, sharing is handled in the driver or filesystem rather
 887         *   than here
 888         */
 889        if (vm_flags & VM_MAYSHARE) {
 890                unsigned long pglen = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
 891                unsigned long vmpglen;
 892
 893                /* suppress VMA sharing for shared regions */
 894                if (vm_flags & VM_SHARED &&
 895                    capabilities & BDI_CAP_MAP_DIRECT)
 896                        goto dont_share_VMAs;
 897
 898                for (rb = rb_first(&nommu_vma_tree); rb; rb = rb_next(rb)) {
 899                        vma = rb_entry(rb, struct vm_area_struct, vm_rb);
 900
 901                        if (!(vma->vm_flags & VM_MAYSHARE))
 902                                continue;
 903
 904                        /* search for overlapping mappings on the same file */
 905                        if (vma->vm_file->f_path.dentry->d_inode != file->f_path.dentry->d_inode)
 906                                continue;
 907
 908                        if (vma->vm_pgoff >= pgoff + pglen)
 909                                continue;
 910
 911                        vmpglen = vma->vm_end - vma->vm_start + PAGE_SIZE - 1;
 912                        vmpglen >>= PAGE_SHIFT;
 913                        if (pgoff >= vma->vm_pgoff + vmpglen)
 914                                continue;
 915
 916                        /* handle inexactly overlapping matches between mappings */
 917                        if (vma->vm_pgoff != pgoff || vmpglen != pglen) {
 918                                if (!(capabilities & BDI_CAP_MAP_DIRECT))
 919                                        goto sharing_violation;
 920                                continue;
 921                        }
 922
 923                        /* we've found a VMA we can share */
 924                        atomic_inc(&vma->vm_usage);
 925
 926                        vml->vma = vma;
 927                        result = (void *) vma->vm_start;
 928                        goto shared;
 929                }
 930
 931        dont_share_VMAs:
 932                vma = NULL;
 933
 934                /* obtain the address at which to make a shared mapping
 935                 * - this is the hook for quasi-memory character devices to
 936                 *   tell us the location of a shared mapping
 937                 */
 938                if (file && file->f_op->get_unmapped_area) {
 939                        addr = file->f_op->get_unmapped_area(file, addr, len,
 940                                                             pgoff, flags);
 941                        if (IS_ERR((void *) addr)) {
 942                                ret = addr;
 943                                if (ret != (unsigned long) -ENOSYS)
 944                                        goto error;
 945
 946                                /* the driver refused to tell us where to site
 947                                 * the mapping so we'll have to attempt to copy
 948                                 * it */
 949                                ret = (unsigned long) -ENODEV;
 950                                if (!(capabilities & BDI_CAP_MAP_COPY))
 951                                        goto error;
 952
 953                                capabilities &= ~BDI_CAP_MAP_DIRECT;
 954                        }
 955                }
 956        }
 957
 958        /* we're going to need a VMA struct as well */
 959        vma = kzalloc(sizeof(struct vm_area_struct), GFP_KERNEL);
 960        if (!vma)
 961                goto error_getting_vma;
 962
 963        INIT_LIST_HEAD(&vma->anon_vma_node);
 964        atomic_set(&vma->vm_usage, 1);
 965        if (file)
 966                get_file(file);
 967        vma->vm_file    = file;
 968        vma->vm_flags   = vm_flags;
 969        vma->vm_start   = addr;
 970        vma->vm_end     = addr + len;
 971        vma->vm_pgoff   = pgoff;
 972
 973        vml->vma = vma;
 974
 975        /* set up the mapping */
 976        if (file && vma->vm_flags & VM_SHARED)
 977                ret = do_mmap_shared_file(vma, len);
 978        else
 979                ret = do_mmap_private(vma, len);
 980        if (ret < 0)
 981                goto error;
 982
 983        /* okay... we have a mapping; now we have to register it */
 984        result = (void *) vma->vm_start;
 985
 986        if (vma->vm_flags & VM_MAPPED_COPY) {
 987                realalloc += kobjsize(result);
 988                askedalloc += len;
 989        }
 990
 991        realalloc += kobjsize(vma);
 992        askedalloc += sizeof(*vma);
 993
 994        current->mm->total_vm += len >> PAGE_SHIFT;
 995
 996        add_nommu_vma(vma);
 997
 998 shared:
 999        realalloc += kobjsize(vml);
1000        askedalloc += sizeof(*vml);

1001
1002        add_vma_to_mm(current->mm, vml);
1003
1004        up_write(&nommu_vma_sem);
1005
1006        if (prot & PROT_EXEC)
1007                flush_icache_range((unsigned long) result,
1008                                   (unsigned long) result + len);
1009
1010#ifdef DEBUG
1011        printk("do_mmap:\n");
1012        show_process_blocks();
1013#endif
1014
1015        return (unsigned long) result;
1016
1017 error:
1018        up_write(&nommu_vma_sem);
1019        kfree(vml);
1020        if (vma) {
1021                if (vma->vm_file)
1022                        fput(vma->vm_file);
1023                kfree(vma);
1024        }
1025        return ret;
1026
1027 sharing_violation:
1028        up_write(&nommu_vma_sem);
1029        printk("Attempt to share mismatched mappings\n");
1030        kfree(vml);
1031        return -EINVAL;
1032
1033 error_getting_vma:
1034        up_write(&nommu_vma_sem);
1035        kfree(vml);
1036        printk("Allocation of vma for %lu byte allocation from process %d failed\n",
1037               len, current->pid);
1038        show_free_areas();
1039        return -ENOMEM;
1040
1041 error_getting_vml:
1042        printk("Allocation of vml for %lu byte allocation from process %d failed\n",
1043               len, current->pid);
1044        show_free_areas();
1045        return -ENOMEM;
1046}
1047EXPORT_SYMBOL(do_mmap_pgoff);
1048
1049/*
1050 * handle mapping disposal for uClinux
1051 */
1052static void put_vma(struct vm_area_struct *vma)
1053{
1054        if (vma) {
1055                down_write(&nommu_vma_sem);
1056
1057                if (atomic_dec_and_test(&vma->vm_usage)) {
1058                        delete_nommu_vma(vma);
1059
1060                        if (vma->vm_ops && vma->vm_ops->close)
1061                                vma->vm_ops->close(vma);
1062
1063                        /* IO memory and memory shared directly out of the pagecache from
1064                         * ramfs/tmpfs mustn't be released here */
1065                        if (vma->vm_flags & VM_MAPPED_COPY) {
1066                                realalloc -= kobjsize((void *) vma->vm_start);
1067                                askedalloc -= vma->vm_end - vma->vm_start;
1068                                kfree((void *) vma->vm_start);
1069                        }
1070
1071                        realalloc -= kobjsize(vma);
1072                        askedalloc -= sizeof(*vma);
1073
1074                        if (vma->vm_file)
1075                                fput(vma->vm_file);
1076                        kfree(vma);
1077                }
1078
1079                up_write(&nommu_vma_sem);
1080        }
1081}
1082
1083/*
1084 * release a mapping
1085 * - under NOMMU conditions the parameters must match exactly to the mapping to
1086 *   be removed
1087 */
1088int do_munmap(struct mm_struct *mm, unsigned long addr, size_t len)
1089{
1090        struct vm_list_struct *vml, **parent;
1091        unsigned long end = addr + len;
1092
1093#ifdef DEBUG
1094        printk("do_munmap:\n");
1095#endif
1096
1097        for (parent = &mm->context.vmlist; *parent; parent = &(*parent)->next) {
1098                if ((*parent)->vma->vm_start > addr)
1099                        break;
1100                if ((*parent)->vma->vm_start == addr &&
1101                    ((len == 0) || ((*parent)->vma->vm_end == end)))
1102                        goto found;
1103        }
1104
1105        printk("munmap of non-mmaped memory by process %d (%s): %p\n",
1106               current->pid, current->comm, (void *) addr);
1107        return -EINVAL;
1108
1109 found:
1110        vml = *parent;
1111
1112        put_vma(vml->vma);
1113
1114        *parent = vml->next;
1115        realalloc -= kobjsize(vml);
1116        askedalloc -= sizeof(*vml);
1117        kfree(vml);
1118
1119        update_hiwater_vm(mm);
1120        mm->total_vm -= len >> PAGE_SHIFT;
1121
1122#ifdef DEBUG
1123        show_process_blocks();
1124#endif
1125
1126        return 0;
1127}
1128EXPORT_SYMBOL(do_munmap);
1129
1130asmlinkage long sys_munmap(unsigned long addr, size_t len)
1131{
1132        int ret;
1133        struct mm_struct *mm = current->mm;
1134
1135        down_write(&mm->mmap_sem);
1136        ret = do_munmap(mm, addr, len);
1137        up_write(&mm->mmap_sem);
1138        return ret;
1139}
1140
1141/*
1142 * Release all mappings
1143 */
1144void exit_mmap(struct mm_struct * mm)
1145{
1146        struct vm_list_struct *tmp;
1147
1148        if (mm) {
1149#ifdef DEBUG
1150                printk("Exit_mmap:\n");
1151#endif
1152
1153                mm->total_vm = 0;
1154
1155                while ((tmp = mm->context.vmlist)) {
1156                        mm->context.vmlist = tmp->next;
1157                        put_vma(tmp->vma);
1158
1159                        realalloc -= kobjsize(tmp);
1160                        askedalloc -= sizeof(*tmp);
1161                        kfree(tmp);
1162                }
1163
1164#ifdef DEBUG
1165                show_process_blocks();
1166#endif
1167        }
1168}
1169
1170unsigned long do_brk(unsigned long addr, unsigned long len)
1171{
1172        return -ENOMEM;
1173}
1174
1175/*
1176 * expand (or shrink) an existing mapping, potentially moving it at the same
1177 * time (controlled by the MREMAP_MAYMOVE flag and available VM space)
1178 *
1179 * under NOMMU conditions, we only permit changing a mapping's size, and only
1180 * as long as it stays within the hole allocated by the kmalloc() call in
1181 * do_mmap_pgoff() and the block is not shareable
1182 *
1183 * MREMAP_FIXED is not supported under NOMMU conditions
1184 */
1185unsigned long do_mremap(unsigned long addr,
1186                        unsigned long old_len, unsigned long new_len,
1187                        unsigned long flags, unsigned long new_addr)
1188{
1189        struct vm_area_struct *vma;
1190
1191        /* insanity checks first */
1192        if (new_len == 0)
1193                return (unsigned long) -EINVAL;
1194
1195        if (flags & MREMAP_FIXED && new_addr != addr)
1196                return (unsigned long) -EINVAL;
1197
1198        vma = find_vma_exact(current->mm, addr);
1199        if (!vma)
1200                return (unsigned long) -EINVAL;
1201
1202        if (vma->vm_end != vma->vm_start + old_len)
1203                return (unsigned long) -EFAULT;
1204
1205        if (vma->vm_flags & VM_MAYSHARE)
1206                return (unsigned long) -EPERM;
1207
1208        if (new_len > kobjsize((void *) addr))
1209                return (unsigned long) -ENOMEM;
1210
1211        /* all checks complete - do it */
1212        vma->vm_end = vma->vm_start + new_len;
1213
1214        askedalloc -= old_len;
1215        askedalloc += new_len;
1216
1217        return vma->vm_start;
1218}
1219EXPORT_SYMBOL(do_mremap);
1220
1221asmlinkage unsigned long sys_mremap(unsigned long addr,
1222        unsigned long old_len, unsigned long new_len,
1223        unsigned long flags, unsigned long new_addr)
1224{
1225        unsigned long ret;
1226
1227        down_write(&current->mm->mmap_sem);
1228        ret = do_mremap(addr, old_len, new_len, flags, new_addr);
1229        up_write(&current->mm->mmap_sem);
1230        return ret;
1231}
1232
1233struct page *follow_page(struct vm_area_struct *vma, unsigned long address,
1234                        unsigned int foll_flags)
1235{
1236        return NULL;
1237}
1238
1239int remap_pfn_range(struct vm_area_struct *vma, unsigned long from,
1240                unsigned long to, unsigned long size, pgprot_t prot)
1241{
1242        vma->vm_start = vma->vm_pgoff << PAGE_SHIFT;
1243        return 0;
1244}
1245EXPORT_SYMBOL(remap_pfn_range);
1246
1247int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
1248                        unsigned long pgoff)
1249{
1250        unsigned int size = vma->vm_end - vma->vm_start;
1251
1252        if (!(vma->vm_flags & VM_USERMAP))
1253                return -EINVAL;
1254
1255        vma->vm_start = (unsigned long)(addr + (pgoff << PAGE_SHIFT));
1256        vma->vm_end = vma->vm_start + size;
1257
1258        return 0;
1259}
1260EXPORT_SYMBOL(remap_vmalloc_range);
1261
1262void swap_unplug_io_fn(struct backing_dev_info *bdi, struct page *page)
1263{
1264}
1265
1266unsigned long arch_get_unmapped_area(struct file *file, unsigned long addr,
1267        unsigned long len, unsigned long pgoff, unsigned long flags)
1268{
1269        return -ENOMEM;
1270}
1271
1272void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
1273{
1274}
1275
1276void unmap_mapping_range(struct address_space *mapping,
1277                         loff_t const holebegin, loff_t const holelen,
1278                         int even_cows)
1279{
1280}
1281EXPORT_SYMBOL(unmap_mapping_range);
1282
1283/*
1284 * ask for an unmapped area at which to create a mapping on a file
1285 */
1286unsigned long get_unmapped_area(struct file *file, unsigned long addr,
1287                                unsigned long len, unsigned long pgoff,
1288                                unsigned long flags)
1289{
1290        unsigned long (*get_area)(struct file *, unsigned long, unsigned long,
1291                                  unsigned long, unsigned long);
1292
1293        get_area = current->mm->get_unmapped_area;
1294        if (file && file->f_op && file->f_op->get_unmapped_area)
1295                get_area = file->f_op->get_unmapped_area;
1296
1297        if (!get_area)
1298                return -ENOSYS;
1299
1300        return get_area(file, addr, len, pgoff, flags);
1301}
1302EXPORT_SYMBOL(get_unmapped_area);
1303
1304/*
1305 * Check that a process has enough memory to allocate a new virtual
1306 * mapping. 0 means there is enough memory for the allocation to
1307 * succeed and -ENOMEM implies there is not.
1308 *
1309 * We currently support three overcommit policies, which are set via the
1310 * vm.overcommit_memory sysctl.  See Documentation/vm/overcommit-accounting
1311 *
1312 * Strict overcommit modes added 2002 Feb 26 by Alan Cox.
1313 * Additional code 2002 Jul 20 by Robert Love.
1314 *
1315 * cap_sys_admin is 1 if the process has admin privileges, 0 otherwise.
1316 *
1317 * Note this is a helper function intended to be used by LSMs which
1318 * wish to use this logic.
1319 */
1320int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
1321{
1322        unsigned long free, allowed;
1323
1324        vm_acct_memory(pages);
1325
1326        /*
1327         * Sometimes we want to use more memory than we have
1328         */
1329        if (sysctl_overcommit_memory == OVERCOMMIT_ALWAYS)
1330                return 0;
1331
1332        if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) {
1333                unsigned long n;
1334
1335                free = global_page_state(NR_FILE_PAGES);
1336                free += nr_swap_pages;
1337
1338                /*
1339                 * Any slabs which are created with the
1340                 * SLAB_RECLAIM_ACCOUNT flag claim to have contents
1341                 * which are reclaimable, under pressure.  The dentry
1342                 * cache and most inode caches should fall into this
1343                 */
1344                free += global_page_state(NR_SLAB_RECLAIMABLE);
1345
1346                /*
1347                 * Leave the last 3% for root
1348                 */
1349                if (!cap_sys_admin)
1350                        free -= free / 32;
1351
1352                if (free > pages)
1353                        return 0;
1354
1355                /*
1356                 * nr_free_pages() is very expensive on large systems,
1357                 * only call if we're about to fail.
1358                 */
1359                n = nr_free_pages();
1360
1361                /*
1362                 * Leave reserved pages. The pages are not for anonymous pages.
1363                 */
1364                if (n <= totalreserve_pages)
1365                        goto error;
1366                else
1367                        n -= totalreserve_pages;
1368
1369                /*
1370                 * Leave the last 3% for root
1371                 */
1372                if (!cap_sys_admin)
1373                        n -= n / 32;
1374                free += n;
1375
1376                if (free > pages)
1377                        return 0;
1378
1379                goto error;
1380        }
1381
1382        allowed = totalram_pages * sysctl_overcommit_ratio / 100;
1383        /*
1384         * Leave the last 3% for root
1385         */
1386        if (!cap_sys_admin)
1387                allowed -= allowed / 32;
1388        allowed += total_swap_pages;
1389
1390        /* Don't let a single process grow too big:
1391           leave 3% of the size of this process for other processes */
1392        allowed -= current->mm->total_vm / 32;
1393
1394        /*
1395         * cast `allowed' as a signed long because vm_committed_space
1396         * sometimes has a negative value
1397         */
1398        if (atomic_read(&vm_committed_space) < (long)allowed)
1399                return 0;
1400error:
1401        vm_unacct_memory(pages);
1402
1403        return -ENOMEM;
1404}
1405
1406int in_gate_area_no_task(unsigned long addr)
1407{
1408        return 0;
1409}
1410
1411int filemap_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1412{
1413        BUG();
1414        return 0;
1415}
1416EXPORT_SYMBOL(filemap_fault);
1417
1418/*
1419 * Access another process' address space.
1420 * - source/target buffer must be kernel space
1421 */
1422int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write)
1423{
1424        struct vm_area_struct *vma;
1425        struct mm_struct *mm;
1426
1427        if (addr + len < addr)
1428                return 0;
1429
1430        mm = get_task_mm(tsk);
1431        if (!mm)
1432                return 0;
1433
1434        down_read(&mm->mmap_sem);
1435
1436        /* the access must start within one of the target process's mappings */
1437        vma = find_vma(mm, addr);
1438        if (vma) {
1439                /* don't overrun this mapping */
1440                if (addr + len >= vma->vm_end)
1441                        len = vma->vm_end - addr;
1442
1443                /* only read or write mappings where it is permitted */
1444                if (write && vma->vm_flags & VM_MAYWRITE)
1445                        len -= copy_to_user((void *) addr, buf, len);
1446                else if (!write && vma->vm_flags & VM_MAYREAD)
1447                        len -= copy_from_user(buf, (void *) addr, len);
1448                else
1449                        len = 0;
1450        } else {
1451                len = 0;
1452        }
1453
1454        up_read(&mm->mmap_sem);
1455        mmput(mm);
1456        return len;
1457}
1458