From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7586AFC6194 for ; Fri, 8 Nov 2019 09:38:45 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 462E5214DA for ; Fri, 8 Nov 2019 09:38:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 462E5214DA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 07BB66B000E; Fri, 8 Nov 2019 04:38:29 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id EF9336B0010; Fri, 8 Nov 2019 04:38:28 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E34E36B0266; Fri, 8 Nov 2019 04:38:28 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0149.hostedemail.com [216.40.44.149]) by kanga.kvack.org (Postfix) with ESMTP id CB5256B0010 for ; Fri, 8 Nov 2019 04:38:28 -0500 (EST) Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with SMTP id 990B76D68 for ; Fri, 8 Nov 2019 09:38:28 +0000 (UTC) X-FDA: 76132609896.15.lake40_842c046f2b809 X-HE-Tag: lake40_842c046f2b809 X-Filterd-Recvd-Size: 4204 Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) by imf50.hostedemail.com (Postfix) with ESMTP for ; Fri, 8 Nov 2019 09:38:28 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 0B6A7AEAF; Fri, 8 Nov 2019 09:38:24 +0000 (UTC) From: Vlastimil Babka To: stable@vger.kernel.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Ajay Kaher , Vlastimil Babka , Al Viro , Andrew Morton , Andy Lutomirski , "Aneesh Kumar K.V" , Borislav Petkov , Catalin Marinas , Dave Hansen , Hillf Danton , Ingo Molnar , Jann Horn , Juergen Gross , "Kirill A. Shutemov" , Linus Torvalds , Mark Rutland , Matthew Wilcox , Michal Hocko , Mike Kravetz , Miklos Szeredi , Naoya Horiguchi , Oscar Salvador , Peter Zijlstra , Punit Agrawal , Steve Capper , Thomas Gleixner , Vitaly Kuznetsov , Will Deacon Subject: [PATCH STABLE 4.4 0/8] page refcount overflow backports Date: Fri, 8 Nov 2019 10:38:06 +0100 Message-Id: <20191108093814.16032-1-vbabka@suse.cz> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi, this series backports the CVE-2019-11487 fixes (page refcount overflow) t= o 4.4 stable. It differs from Ajay's series [1] in the following: - gup.c variants of fast gup for x86 and s390 are fixed too. I've not fix= ed sparc, mips, sh. It's unlikely the known overflow scenario based on FUS= E, which needs 140GB of RAM, is a problem for those architectures, and I d= on't feel confident enough to patch them. I've sent the same fixup for 4.9 [= 3] - there are some differences in backport adaptations, hopefully not impor= tant. My version is taken from our 4.4 based kernel, which was just simpler f= or me than adding the missing parts to Ajay's version - The last patch fixes another problem in the fast gup implementation on = x86, that I've previously posted and got merged to 4.9 stable [2]. [1] https://lore.kernel.org/linux-mm/1570581863-12090-1-git-send-email-ak= aher@vmware.com/ [2] https://lore.kernel.org/linux-mm/20190802160614.8089-1-vbabka@suse.cz= / [3] https://lore.kernel.org/linux-mm/9c130fa4-e52d-f8bd-c450-42341c7ab441= @suse.cz/ Linus Torvalds (3): mm: make page ref count overflow check tighter and more explicit mm: add 'try_get_page()' helper function mm: prevent get_user_pages() from overflowing page refcount Matthew Wilcox (1): fs: prevent page refcount overflow in pipe_buf_get Miklos Szeredi (1): pipe: add pipe_buf_get() helper Punit Agrawal (1): mm, gup: ensure real head page is ref-counted when using hugepages Vlastimil Babka (1): x86, mm, gup: prevent get_page() race with munmap in paravirt guest Will Deacon (1): mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages arch/s390/mm/gup.c | 6 +++-- arch/x86/mm/gup.c | 23 ++++++++++++++++++- fs/fuse/dev.c | 12 +++++----- fs/pipe.c | 4 ++-- fs/splice.c | 12 ++++++++-- include/linux/mm.h | 26 ++++++++++++++++++++- include/linux/pipe_fs_i.h | 17 ++++++++++++-- kernel/trace/trace.c | 6 ++++- mm/gup.c | 48 +++++++++++++++++++++++++++------------ mm/huge_memory.c | 2 +- mm/hugetlb.c | 18 +++++++++++++-- mm/internal.h | 17 ++++++++++---- 12 files changed, 152 insertions(+), 39 deletions(-) --=20 2.23.0