Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751870AbcDXEGS (ORCPT <rfc822;w@1wt.eu>);
	Sun, 24 Apr 2016 00:06:18 -0400
Received: from e23smtp04.au.ibm.com ([202.81.31.146]:38760 "EHLO
	e23smtp04.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751425AbcDXEGR (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Sun, 24 Apr 2016 00:06:17 -0400
X-IBM-Helo: d23dlp02.au.ibm.com
X-IBM-MailFrom: xyjxie@linux.vnet.ibm.com
X-IBM-RcptTo: linux-kernel@vger.kernel.org
From: Yongji Xie <xyjxie@linux.vnet.ibm.com>
To: linux-mm@kvack.org, linux-kernel@vger.kernel.org
Cc: akpm@linux-foundation.org, kirill.shutemov@linux.intel.com,
        jmarchan@redhat.com, mingo@kernel.org, vbabka@suse.cz,
        dave.hansen@linux.intel.com, dan.j.williams@intel.com,
        matthew.r.wilcox@intel.com, aarcange@redhat.com, mhocko@suse.com,
        luto@kernel.org, dahi@linux.vnet.ibm.com,
        Yongji Xie <xyjxie@linux.vnet.ibm.com>
Subject: [PATCH v2] mm: fix incorrect pfn passed to untrack_pfn() in remap_pfn_range()
Date: Sun, 24 Apr 2016 12:01:41 +0800
Message-Id: <1461470501-5044-1-git-send-email-xyjxie@linux.vnet.ibm.com>
X-Mailer: git-send-email 1.7.1
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16042404-0013-0000-0000-000004E91D4A
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1447
Lines: 54

We use generic hooks in remap_pfn_range() to help archs to
track pfnmap regions. The code is something like:

int remap_pfn_range()
{
	...
	track_pfn_remap(vma, &prot, pfn, addr, PAGE_ALIGN(size));
	...
	pfn -= addr >> PAGE_SHIFT;
	...
	untrack_pfn(vma, pfn, PAGE_ALIGN(size));
	...
}

Here we can easily find the pfn is changed but not recovered
before untrack_pfn() is called. That's incorrect.

Signed-off-by: Yongji Xie <xyjxie@linux.vnet.ibm.com>
---
 mm/memory.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mm/memory.c b/mm/memory.c
index 098f00d..eee75ed 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1711,6 +1711,7 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
 	unsigned long next;
 	unsigned long end = addr + PAGE_ALIGN(size);
 	struct mm_struct *mm = vma->vm_mm;
+	unsigned long remap_pfn = pfn;
 	int err;
 
 	/*
@@ -1737,7 +1738,7 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
 		vma->vm_pgoff = pfn;
 	}
 
-	err = track_pfn_remap(vma, &prot, pfn, addr, PAGE_ALIGN(size));
+	err = track_pfn_remap(vma, &prot, remap_pfn, addr, PAGE_ALIGN(size));
 	if (err)
 		return -EINVAL;
 
@@ -1756,7 +1757,7 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
 	} while (pgd++, addr = next, addr != end);
 
 	if (err)
-		untrack_pfn(vma, pfn, PAGE_ALIGN(size));
+		untrack_pfn(vma, remap_pfn, PAGE_ALIGN(size));
 
 	return err;
 }
-- 
1.7.9.5