Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp1836843pxu;
        Sat, 17 Oct 2020 02:51:15 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxpUJbyJYrEus4cuhsf8G2q++fwsVQTZYWl1WvjCgo8uySbsna4uEI9QzZoLeCo1+7mV2EN
X-Received: by 2002:a17:906:55d2:: with SMTP id z18mr8184669ejp.125.1602928275206;
        Sat, 17 Oct 2020 02:51:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1602928275; cv=none;
        d=google.com; s=arc-20160816;
        b=Aj6JKt6PbsoZWLKYFJoaVhHn42DQ/9ljmoKJZCeuJ4jOw+5L/oauZJLm3PYvBKi4t/
         rC+pgi1vWF0oV7Q2K7CicPy7gqKrQy/acAJ+YTJDXxrBcMfs7PEGmOAGaBbLeJC+kjHx
         3DfHT3Rz8W8wZ4gkZ1G6RfSNxHg6HwyvaMEk7qkn3eI7C+wqPJ7WRT+mrd0oGBvrXaH0
         h650dD9GeH4tl296T32dJsMbTsqhHNNH7Hhu56dGicSJgcErbh5L2WLiNvU922Z9KPVO
         DJAqEJzcZ95tUnLfpx1Liigv1g5ulhTY2Gg+NGU5QqSh2SCSQ60CH9FynV6FOA1+5jnz
         WRTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=omzFX6NyDSdLvVxem3P3Ea1HpD9mnJmz2hD76hNwTAU=;
        b=rEHN38J691A2t5cwclnLDbswkXLb7KMTCMEiYP+vZcxUUY8K8CFgAw7zEgEmpbzI2P
         TrunSBUmCkradHNI5A9ydTiBrhW1/BdNHeTnsmtTxUV51S2B2AOT7LhOx2fC4OEG944E
         SqSR5btyte7oMuNIe71BE7nRV2aTCk9ffZUMoRIUxd1zqIF5wXU82t6PrN4gWOJ15Bsl
         ucYpbc5sRUggBXMTpRKC8N5PZjmszq7tDORZcj1opycJNqJSYbN+nzTRrr20uvOn+LjW
         TgVnvbt96cifBANaNC/9B5b+dRVd6Obhi8QsxEf5I6uOQUwzKW03dow6YcwxJ4Fshrtu
         HW9A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x8si3841581edq.532.2020.10.17.02.50.53;
        Sat, 17 Oct 2020 02:51:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2436815AbgJQF6n (ORCPT <rfc822;saikripd@gmail.com> + 99 others);
        Sat, 17 Oct 2020 01:58:43 -0400
Received: from szxga04-in.huawei.com ([45.249.212.190]:15753 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S2436811AbgJQF6n (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 17 Oct 2020 01:58:43 -0400
Received: from DGGEMS404-HUB.china.huawei.com (unknown [172.30.72.58])
        by Forcepoint Email with ESMTP id 28753F2EBE1BB435542E;
        Sat, 17 Oct 2020 10:12:16 +0800 (CST)
Received: from huawei.com (10.175.104.175) by DGGEMS404-HUB.china.huawei.com
 (10.3.19.204) with Microsoft SMTP Server id 14.3.487.0; Sat, 17 Oct 2020
 10:12:07 +0800
From:   Shijie Luo <luoshijie1@huawei.com>
To:     <akpm@linux-foundation.org>
CC:     <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
        <osalvador@suse.de>, <mhocko@suse.com>, <linmiaohe@huawei.com>,
        <linfeilong@huawei.com>, <luoshijie1@huawei.com>
Subject: [PATCH V2] mm: fix potential pte_unmap_unlock pte error
Date:   Fri, 16 Oct 2020 22:11:51 -0400
Message-ID: <20201017021151.28104-1-luoshijie1@huawei.com>
X-Mailer: git-send-email 2.19.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.175.104.175]
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When flags don't have MPOL_MF_MOVE or MPOL_MF_MOVE_ALL bits, code breaks
 and passing origin pte - 1 to pte_unmap_unlock seems like not a good idea.

Signed-off-by: Shijie Luo <luoshijie1@huawei.com>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
---
 mm/mempolicy.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 3fde772ef5ef..3ca4898f3f24 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -525,7 +525,7 @@ static int queue_pages_pte_range(pmd_t *pmd, unsigned long addr,
 	unsigned long flags = qp->flags;
 	int ret;
 	bool has_unmovable = false;
-	pte_t *pte;
+	pte_t *pte, *mapped_pte;
 	spinlock_t *ptl;
 
 	ptl = pmd_trans_huge_lock(pmd, vma);
@@ -539,7 +539,7 @@ static int queue_pages_pte_range(pmd_t *pmd, unsigned long addr,
 	if (pmd_trans_unstable(pmd))
 		return 0;
 
-	pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl);
+	mapped_pte = pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl);
 	for (; addr != end; pte++, addr += PAGE_SIZE) {
 		if (!pte_present(*pte))
 			continue;
@@ -571,7 +571,7 @@ static int queue_pages_pte_range(pmd_t *pmd, unsigned long addr,
 		} else
 			break;
 	}
-	pte_unmap_unlock(pte - 1, ptl);
+	pte_unmap_unlock(mapped_pte, ptl);
 	cond_resched();
 
 	if (has_unmovable)
-- 
2.19.1