ANDROID: 16K: Fixup padding vm_flags bits on VMA splits

In some cases VMAs are split without the mmap write lock held;
later the lock is taken to fixup vm_flags of the original VMA.
Since some uppper bits of vm_flags are used to encode the ELF
padding ranges, they need to be modified on splits. This is
usually handled correctly by __split_vma(). However in the above
case, the flags get over witten later under the write lock.

Preserve vm_flag bits on reset to correctly represent padding.

Bug: 357901498
Change-Id: I1cb75419e614791a47cbdb0341373f619daf0bf2
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>

fs/userfaultfd.c

@@ -28,6 +28,7 @@
 #include <linux/ioctl.h>
 #include <linux/security.h>
 #include <linux/hugetlb.h>
+#include <linux/pgsize_migration.h>
 
 int sysctl_unprivileged_userfaultfd __read_mostly;
 
@@ -1511,7 +1512,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx,
 		 * the current one has not been updated yet.
 		 */
 		vm_write_begin(vma);
-		WRITE_ONCE(vma->vm_flags, new_flags);
+		WRITE_ONCE(vma->vm_flags, vma_pad_fixup_flags(vma, new_flags));
 		rcu_assign_pointer(vma->vm_userfaultfd_ctx.ctx, ctx);
 		vm_write_end(vma);
 
@@ -1694,7 +1695,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx,
 		 * the current one has not been updated yet.
 		 */
 		vm_write_begin(vma);
-		WRITE_ONCE(vma->vm_flags, new_flags);
+		WRITE_ONCE(vma->vm_flags, vma_pad_fixup_flags(vma, new_flags));
 		rcu_assign_pointer(vma->vm_userfaultfd_ctx.ctx, NULL);
 		vm_write_end(vma);
 

mm/madvise.c

@@ -172,7 +172,7 @@ static long madvise_behavior(struct vm_area_struct *vma,
 	 * vm_flags is protected by the mmap_lock held in write mode.
 	 */
 	vm_write_begin(vma);
-	WRITE_ONCE(vma->vm_flags, new_flags);
+	WRITE_ONCE(vma->vm_flags, vma_pad_fixup_flags(vma, new_flags));
 	vm_write_end(vma);
 
 out_convert_errno: