From: Miaohe Lin <linmiaohe@huawei.com>
To: <akpm@linux-foundation.org>
Cc: <tglx@linutronix.de>, <dave.hansen@intel.com>,
<ak@linux.intel.com>, <jpoimboe@redhat.com>, <linux-mm@kvack.org>,
<linux-kernel@vger.kernel.org>, <linmiaohe@huawei.com>
Subject: [PATCH] mm: Fix potential pte_unmap_unlock pte error
Date: Sat, 9 Jan 2021 03:01:18 -0500 [thread overview]
Message-ID: <20210109080118.20885-1-linmiaohe@huawei.com> (raw)
Since commit 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged
high MMIO PROT_NONE mappings"), when the first pfn modify is not allowed,
we would break the loop with pte unchanged. Then the wrong pte - 1 would
be passed to pte_unmap_unlock.
Fixes: 42e4089c789 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings")
Signed-off-by: Hongxiang Lou <louhongxiang@huawei.com>
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: stable@kernel.org
---
mm/memory.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mm/memory.c b/mm/memory.c
index feff48e1465a..351b78ebd5a4 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2165,11 +2165,11 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd,
unsigned long addr, unsigned long end,
unsigned long pfn, pgprot_t prot)
{
- pte_t *pte;
+ pte_t *pte, *mapped_pte;
spinlock_t *ptl;
int err = 0;
- pte = pte_alloc_map_lock(mm, pmd, addr, &ptl);
+ mapped_pte = pte = pte_alloc_map_lock(mm, pmd, addr, &ptl);
if (!pte)
return -ENOMEM;
arch_enter_lazy_mmu_mode();
@@ -2183,7 +2183,7 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd,
pfn++;
} while (pte++, addr += PAGE_SIZE, addr != end);
arch_leave_lazy_mmu_mode();
- pte_unmap_unlock(pte - 1, ptl);
+ pte_unmap_unlock(mapped_pte, ptl);
return err;
}
--
2.19.1
next reply other threads:[~2021-01-09 8:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-09 8:01 Miaohe Lin [this message]
2021-01-10 17:14 ` [PATCH] mm: Fix potential pte_unmap_unlock pte error Andi Kleen
2021-01-14 2:51 ` Miaohe Lin
2021-01-22 8:27 ` Miaohe Lin
2021-01-24 2:01 ` Andrew Morton
2021-01-25 2:04 ` Miaohe Lin
-- strict thread matches above, loose matches on Subject: below --
2020-10-15 12:15 [PATCH] mm: fix " Shijie Luo
2020-10-15 12:58 ` osalvador
2020-10-15 13:19 ` Shijie Luo
2020-10-16 12:31 ` Michal Hocko
2020-10-16 12:37 ` osalvador
2020-10-16 13:11 ` Michal Hocko
2020-10-16 13:15 ` Michal Hocko
2020-10-16 13:42 ` Michal Hocko
2020-10-16 14:05 ` osalvador
2020-10-17 1:55 ` Shijie Luo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210109080118.20885-1-linmiaohe@huawei.com \
--to=linmiaohe@huawei.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=dave.hansen@intel.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).