linux.git/drivers/staging/android/ashmem.c, branch v5.10 Linux kernel source tree staging: android: ashmem: Fix lockdep warning for write operation 2020-07-31T12:41:43+00:00 Suren Baghdasaryan surenb@google.com 2020-07-30T19:26:32+00:00 3e338d3c95c735dc3265a86016bb4c022ec7cadc syzbot report [1] describes a deadlock when write operation against an ashmem fd executed at the time when ashmem is shrinking its cache results in the following lock sequence: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(&sb->s_type->i_mutex_key#13); lock(fs_reclaim); lock(&sb->s_type->i_mutex_key#13); kswapd takes fs_reclaim and then inode_lock while generic_perform_write takes inode_lock and then fs_reclaim. However ashmem does not support writing into backing shmem with a write syscall. The only way to change its content is to mmap it and operate on mapped memory. Therefore the race that lockdep is warning about is not valid. Resolve this by introducing a separate lockdep class for the backing shmem inodes. [1]: https://lkml.kernel.org/lkml/0000000000000b5f9d059aa2037f@google.com/ Reported-by: syzbot+7a0d9d0b26efefe61780@syzkaller.appspotmail.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Cc: stable <stable@vger.kernel.org> Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Link: https://lore.kernel.org/r/20200730192632.3088194-1-surenb@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
syzbot report [1] describes a deadlock when write operation against an
ashmem fd executed at the time when ashmem is shrinking its cache results
in the following lock sequence:

Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock(fs_reclaim);
                                lock(&sb->s_type->i_mutex_key#13);
                                lock(fs_reclaim);
   lock(&sb->s_type->i_mutex_key#13);

kswapd takes fs_reclaim and then inode_lock while generic_perform_write
takes inode_lock and then fs_reclaim. However ashmem does not support
writing into backing shmem with a write syscall. The only way to change
its content is to mmap it and operate on mapped memory. Therefore the race
that lockdep is warning about is not valid. Resolve this by introducing a
separate lockdep class for the backing shmem inodes.

[1]: https://lkml.kernel.org/lkml/0000000000000b5f9d059aa2037f@google.com/

Reported-by: syzbot+7a0d9d0b26efefe61780@syzkaller.appspotmail.com
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Link: https://lore.kernel.org/r/20200730192632.3088194-1-surenb@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mmap locking API: convert mmap_sem comments 2020-06-09T16:39:14+00:00 Michel Lespinasse walken@google.com 2020-06-09T04:33:54+00:00 c1e8d7c6a7a682e1405e3e242d32fc377fd196ff Convert comments that reference mmap_sem to reference mmap_lock instead. [akpm@linux-foundation.org: fix up linux-next leftovers] [akpm@linux-foundation.org: s/lockaphore/lock/, per Vlastimil] [akpm@linux-foundation.org: more linux-next fixups, per Michel] Signed-off-by: Michel Lespinasse <walken@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com> Cc: Davidlohr Bueso <dbueso@suse.de> Cc: David Rientjes <rientjes@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Jerome Glisse <jglisse@redhat.com> Cc: John Hubbard <jhubbard@nvidia.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam Howlett <Liam.Howlett@oracle.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ying Han <yinghan@google.com> Link: http://lkml.kernel.org/r/20200520052908.204642-13-walken@google.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Convert comments that reference mmap_sem to reference mmap_lock instead.

[akpm@linux-foundation.org: fix up linux-next leftovers]
[akpm@linux-foundation.org: s/lockaphore/lock/, per Vlastimil]
[akpm@linux-foundation.org: more linux-next fixups, per Michel]

Signed-off-by: Michel Lespinasse <walken@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: David Rientjes <rientjes@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Laurent Dufour <ldufour@linux.ibm.com>
Cc: Liam Howlett <Liam.Howlett@oracle.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ying Han <yinghan@google.com>
Link: http://lkml.kernel.org/r/20200520052908.204642-13-walken@google.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
staging: android: ashmem: Disallow ashmem memory from being remapped 2020-02-10T16:49:11+00:00 Suren Baghdasaryan surenb@google.com 2020-01-27T23:56:16+00:00 6d67b0290b4b84c477e6a2fc6e005e174d3c7786 When ashmem file is mmapped, the resulting vma->vm_file points to the backing shmem file with the generic fops that do not check ashmem permissions like fops of ashmem do. If an mremap is done on the ashmem region, then the permission checks will be skipped. Fix that by disallowing mapping operation on the backing shmem file. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Cc: stable <stable@vger.kernel.org> # 4.4,4.9,4.14,4.18,5.4 Signed-off-by: Todd Kjos <tkjos@google.com> Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Link: https://lore.kernel.org/r/20200127235616.48920-1-tkjos@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
When ashmem file is mmapped, the resulting vma->vm_file points to the
backing shmem file with the generic fops that do not check ashmem
permissions like fops of ashmem do. If an mremap is done on the ashmem
region, then the permission checks will be skipped. Fix that by disallowing
mapping operation on the backing shmem file.

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Cc: stable <stable@vger.kernel.org> # 4.4,4.9,4.14,4.18,5.4
Signed-off-by: Todd Kjos <tkjos@google.com>
Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Link: https://lore.kernel.org/r/20200127235616.48920-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: android: ashmem: Replace strcpy with strscpy 2020-01-14T15:17:11+00:00 Ole Wiedemann ole.wiedemann@fau.de 2019-12-13T13:10:32+00:00 8297ca5e8c70ddb58cf03cd0411929ab87a44860 Replaced strcpy call with safer strscpy call with given length. This elimates the need to manually null-terminate the given string, since strscpy will null terminate the destination anyway.: Signed-off-by: Ole Wiedemann <ole.wiedemann@fau.de> Co-developed-by: Sebastian Scherbel <sebastian.scherbel@fau.de> Signed-off-by: Sebastian Scherbel <sebastian.scherbel@fau.de> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org> Acked-by: Todd Kjos <tkjos@google.com> Link: https://lore.kernel.org/r/20191213131032.22579-1-ole.wiedemann@fau.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Replaced strcpy call with safer strscpy call with given length.
This elimates the need to manually null-terminate the given string,
since strscpy will null terminate the destination anyway.:

Signed-off-by: Ole Wiedemann <ole.wiedemann@fau.de>
Co-developed-by: Sebastian Scherbel <sebastian.scherbel@fau.de>
Signed-off-by: Sebastian Scherbel <sebastian.scherbel@fau.de>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20191213131032.22579-1-ole.wiedemann@fau.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held. 2019-02-26T10:50:17+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2019-02-22T11:03:55+00:00 ecd182cbf4e107928077866399100228d2359c60 ashmem_pin() is calling range_shrink() without checking whether range_alloc() succeeded. Also, doing memory allocation with ashmem_mutex held should be avoided because ashmem_shrink_scan() tries to hold it. Therefore, move memory allocation for range_alloc() to ashmem_pin_unpin() and make range_alloc() not to fail. This patch is mostly meant for backporting purpose for fuzz testing on stable/distributor kernels, for there is a plan to remove this code in near future. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: stable@vger.kernel.org Reviewed-by: Joel Fernandes <joel@joelfernandes.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
ashmem_pin() is calling range_shrink() without checking whether
range_alloc() succeeded. Also, doing memory allocation with ashmem_mutex
held should be avoided because ashmem_shrink_scan() tries to hold it.

Therefore, move memory allocation for range_alloc() to ashmem_pin_unpin()
and make range_alloc() not to fail.

This patch is mostly meant for backporting purpose for fuzz testing on
stable/distributor kernels, for there is a plan to remove this code in
near future.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: stable@vger.kernel.org
Reviewed-by: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: android: ashmem: Don't call fallocate() with ashmem_mutex held. 2019-02-19T10:28:43+00:00 Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp 2019-02-05T10:28:40+00:00 fb4415a12632f0b9078a0aa80c16745d48fcfc74 syzbot is hitting lockdep warnings [1][2][3]. This patch tries to fix the warning by eliminating ashmem_shrink_scan() => {shmem|vfs}_fallocate() sequence. [1] https://syzkaller.appspot.com/bug?id=87c399f6fa6955006080b24142e2ce7680295ad4 [2] https://syzkaller.appspot.com/bug?id=7ebea492de7521048355fc84210220e1038a7908 [3] https://syzkaller.appspot.com/bug?id=e02419c12131c24e2a957ea050c2ab6dcbbc3270 Reported-by: syzbot <syzbot+a76129f18c89f3e2ddd4@syzkaller.appspotmail.com> Reported-by: syzbot <syzbot+148c2885d71194f18d28@syzkaller.appspotmail.com> Reported-by: syzbot <syzbot+4b8b031b89e6b96c4b2e@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: stable@vger.kernel.org Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
syzbot is hitting lockdep warnings [1][2][3]. This patch tries to fix
the warning by eliminating ashmem_shrink_scan() => {shmem|vfs}_fallocate()
sequence.

[1] https://syzkaller.appspot.com/bug?id=87c399f6fa6955006080b24142e2ce7680295ad4
[2] https://syzkaller.appspot.com/bug?id=7ebea492de7521048355fc84210220e1038a7908
[3] https://syzkaller.appspot.com/bug?id=e02419c12131c24e2a957ea050c2ab6dcbbc3270

Reported-by: syzbot <syzbot+a76129f18c89f3e2ddd4@syzkaller.appspotmail.com>
Reported-by: syzbot <syzbot+148c2885d71194f18d28@syzkaller.appspotmail.com>
Reported-by: syzbot <syzbot+4b8b031b89e6b96c4b2e@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: stable@vger.kernel.org
Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: android: formatting change in ashmem.c 2019-02-08T09:31:14+00:00 K Hodges khodges42@gmail.com 2019-02-06T04:53:54+00:00 c4089864e85c4bada9532cab228b520abb6d3805 Resolved "Line over 80 characters" warning from checkpatch Signed-off-by: K Hodges <khodges42@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Resolved "Line over 80 characters" warning from checkpatch

Signed-off-by: K Hodges <khodges42@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: android: ashmem: doc: Fix spelling 2018-12-19T09:40:51+00:00 Daniel Bovensiepen daniel@bovensiepen.net 2018-12-06T15:52:43+00:00 1de24f362f32b1d290385558b4f94990e36f670e Fixed spelling in comment section. Signed-off-by: Daniel Bovensiepen <daniel@bovensiepen.net> Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Fixed spelling in comment section.

Signed-off-by: Daniel Bovensiepen <daniel@bovensiepen.net>
Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge tag 'staging-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging 2018-08-18T18:00:00+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-08-18T18:00:00+00:00 2475c515d4031c494ff452508a8bf8c281ec6e56 Pull staging and IIO updates from Greg KH: "Here are the big staging/iio patches for 4.19-rc1. Lots of churn here, with tons of cleanups happening in staging drivers, a removal of an old crypto driver that no one was using (skein), and the addition of some new IIO drivers. Also added was a "gasket" driver from Google that needs loads of work and the erofs filesystem. Even with adding all of the new drivers and a new filesystem, we are only adding about 1000 lines overall to the kernel linecount, which shows just how much cleanup happened, and how big the unused crypto driver was. All of these have been in the linux-next tree for a while now with no reported issues" * tag 'staging-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (903 commits) staging:rtl8192u: Remove unused macro definitions - Style staging:rtl8192u: Add spaces around '+' operator - Style staging:rtl8192u: Remove stale comment - Style staging: rtl8188eu: remove unused mp_custom_oid.h staging: fbtft: Add spaces around / - Style staging: fbtft: Erases some repetitive usage of function name - Style staging: fbtft: Adjust some empty-line problems - Style staging: fbtft: Removes one nesting level to help readability - Style staging: fbtft: Changes gamma table to define. staging: fbtft: A bit more information on dev_err. staging: fbtft: Fixes some alignment issues - Style staging: fbtft: Puts macro arguments in parenthesis to avoid precedence issues - Style staging: rtl8188eu: remove unused array dB_Invert_Table staging: rtl8188eu: remove whitespace, add missing blank line staging: rtl8188eu: use is_multicast_ether_addr in rtw_sta_mgt.c staging: rtl8188eu: remove whitespace - style staging: rtl8188eu: cleanup block comment - style staging: rtl8188eu: use is_multicast_ether_addr in rtl8188eu_xmit.c staging: rtl8188eu: use is_multicast_ether_addr in recv_linux.c staging: rtlwifi: refactor rtl_get_tcb_desc ... 
Pull staging and IIO updates from Greg KH:
 "Here are the big staging/iio patches for 4.19-rc1.

  Lots of churn here, with tons of cleanups happening in staging
  drivers, a removal of an old crypto driver that no one was using
  (skein), and the addition of some new IIO drivers. Also added was a
  "gasket" driver from Google that needs loads of work and the erofs
  filesystem.

  Even with adding all of the new drivers and a new filesystem, we are
  only adding about 1000 lines overall to the kernel linecount, which
  shows just how much cleanup happened, and how big the unused crypto
  driver was.

  All of these have been in the linux-next tree for a while now with no
  reported issues"

* tag 'staging-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (903 commits)
  staging:rtl8192u: Remove unused macro definitions - Style
  staging:rtl8192u: Add spaces around '+' operator - Style
  staging:rtl8192u: Remove stale comment - Style
  staging: rtl8188eu: remove unused mp_custom_oid.h
  staging: fbtft: Add spaces around / - Style
  staging: fbtft: Erases some repetitive usage of function name - Style
  staging: fbtft: Adjust some empty-line problems - Style
  staging: fbtft: Removes one nesting level to help readability - Style
  staging: fbtft: Changes gamma table to define.
  staging: fbtft: A bit more information on dev_err.
  staging: fbtft: Fixes some alignment issues - Style
  staging: fbtft: Puts macro arguments in parenthesis to avoid precedence issues - Style
  staging: rtl8188eu: remove unused array dB_Invert_Table
  staging: rtl8188eu: remove whitespace, add missing blank line
  staging: rtl8188eu: use is_multicast_ether_addr in rtw_sta_mgt.c
  staging: rtl8188eu: remove whitespace - style
  staging: rtl8188eu: cleanup block comment - style
  staging: rtl8188eu: use is_multicast_ether_addr in rtl8188eu_xmit.c
  staging: rtl8188eu: use is_multicast_ether_addr in recv_linux.c
  staging: rtlwifi: refactor rtl_get_tcb_desc
  ...
staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem pages 2018-08-01T17:08:57+00:00 John Stultz john.stultz@linaro.org 2018-07-31T17:17:04+00:00 44960f2a7b63e224b1091b3e1d6f60e0cdf4be0c Amit Pundir and Youling in parallel reported crashes with recent mainline kernels running Android: F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** F DEBUG : Build fingerprint: 'Android/db410c32_only/db410c32_only:Q/OC-MR1/102:userdebug/test-key F DEBUG : Revision: '0' F DEBUG : ABI: 'arm' F DEBUG : pid: 2261, tid: 2261, name: zygote >>> zygote <<< F DEBUG : signal 7 (SIGBUS), code 2 (BUS_ADRERR), fault addr 0xec00008 ... <snip> ... F DEBUG : backtrace: F DEBUG : #00 pc 00001c04 /system/lib/libc.so (memset+48) F DEBUG : #01 pc 0010c513 /system/lib/libart.so (create_mspace_with_base+82) F DEBUG : #02 pc 0015c601 /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateMspace(void*, unsigned int, unsigned int)+40) F DEBUG : #03 pc 0015c3ed /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateFromMemMap(art::MemMap*, std::__1::basic_string<char, std::__ 1::char_traits<char>, std::__1::allocator<char>> const&, unsigned int, unsigned int, unsigned int, unsigned int, bool)+36) ... This was bisected back to commit bfd40eaff5ab ("mm: fix vma_is_anonymous() false-positives"). create_mspace_with_base() in the trace above, utilizes ashmem, and with ashmem, for shared mappings we use shmem_zero_setup(), which sets the vma->vm_ops to &shmem_vm_ops. But for private ashmem mappings nothing sets the vma->vm_ops. Looking at the problematic patch, it seems to add a requirement that one call vma_set_anonymous() on a vma, otherwise the dummy_vm_ops will be used. Using the dummy_vm_ops seem to triggger SIGBUS when traversing unmapped pages. Thus, this patch adds a call to vma_set_anonymous() for ashmem private mappings and seems to avoid the reported problem. Fixes: bfd40eaff5ab ("mm: fix vma_is_anonymous() false-positives") Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Hugh Dickins <hughd@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Colin Cross <ccross@google.com> Cc: Matthew Wilcox <willy@infradead.org> Reported-by: Amit Pundir <amit.pundir@linaro.org> Reported-by: Youling 257 <youling257@gmail.com> Signed-off-by: John Stultz <john.stultz@linaro.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Amit Pundir and Youling in parallel reported crashes with recent
mainline kernels running Android:

  F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
  F DEBUG   : Build fingerprint: 'Android/db410c32_only/db410c32_only:Q/OC-MR1/102:userdebug/test-key
  F DEBUG   : Revision: '0'
  F DEBUG   : ABI: 'arm'
  F DEBUG   : pid: 2261, tid: 2261, name: zygote  >>> zygote <<<
  F DEBUG   : signal 7 (SIGBUS), code 2 (BUS_ADRERR), fault addr 0xec00008
  ... <snip> ...
  F DEBUG   : backtrace:
  F DEBUG   :     #00 pc 00001c04  /system/lib/libc.so (memset+48)
  F DEBUG   :     #01 pc 0010c513  /system/lib/libart.so (create_mspace_with_base+82)
  F DEBUG   :     #02 pc 0015c601  /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateMspace(void*, unsigned int, unsigned int)+40)
  F DEBUG   :     #03 pc 0015c3ed  /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateFromMemMap(art::MemMap*, std::__1::basic_string<char, std::__ 1::char_traits<char>, std::__1::allocator<char>> const&, unsigned int, unsigned int, unsigned int, unsigned int, bool)+36)
  ...

This was bisected back to commit bfd40eaff5ab ("mm: fix
vma_is_anonymous() false-positives").

create_mspace_with_base() in the trace above, utilizes ashmem, and with
ashmem, for shared mappings we use shmem_zero_setup(), which sets the
vma->vm_ops to &shmem_vm_ops.  But for private ashmem mappings nothing
sets the vma->vm_ops.

Looking at the problematic patch, it seems to add a requirement that one
call vma_set_anonymous() on a vma, otherwise the dummy_vm_ops will be
used.  Using the dummy_vm_ops seem to triggger SIGBUS when traversing
unmapped pages.

Thus, this patch adds a call to vma_set_anonymous() for ashmem private
mappings and seems to avoid the reported problem.

Fixes: bfd40eaff5ab ("mm: fix vma_is_anonymous() false-positives")
Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Joel Fernandes <joelaf@google.com>
Cc: Colin Cross <ccross@google.com>
Cc: Matthew Wilcox <willy@infradead.org>
Reported-by: Amit Pundir <amit.pundir@linaro.org>
Reported-by: Youling 257 <youling257@gmail.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>