Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3552283pxb; Mon, 1 Mar 2021 13:07:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJyUIJj/mLhR4IYtkDALFwnHvQKdWeOIVtBEKScyEDmeduGxWBAuGcnq96O3ex+ZyqWxYkKI X-Received: by 2002:aa7:c447:: with SMTP id n7mr9801447edr.171.1614632852547; Mon, 01 Mar 2021 13:07:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614632852; cv=none; d=google.com; s=arc-20160816; b=HqhATvPYPQrou115G3ir3dIB+1JYdEZqyGFy6S5M7U4EsUSVzuUUJmBwoRkmxaipKo mvMfKQpQrQboXiQ4y2yi4R+fC/dfr9aVGwv8gpyaxKQa+J5TBXPZDAmLAtBWBJZORUXb Lm8peZ+qBcFFlJamwxznI3vz6usn+/0CPb+IN2tYG3xxoIG94Y+8e/dz7Rv2dj8mBGIf yMpHXyDrQVYi8TjdeLD7W2lmI6I0zSWXB3LU7LRnqtltzbSXEG7FpECCHbKZx9cy2pQF YNtv4f+VtNtYDmp5xFjlURtG1jSwrkpDAR0ecjVaTR0Y3MgnUwIBey38qPdxION6dUbQ LleA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=rONnl3w0aaTMK/bZFy5iS/a1P8QyHWJY/Bm9bnRKK6s=; b=ckGlRC6GZ0fY2izuPXXOhI9UZwf1Ma6J4Su7QV+3tbuAVHEGQ7zIe3Ao7faPNCQfEz 28fBTaZSTIW3+9DR8MchXczX3wiu5Uxcs3WWKXjAXcTbzLRJs2fpe7Qrbf0IA3LmgJ6u 1hNfwDX0mNhjPzudTMi32uWWgWN/vhOyowP4IxYx+LbozACuWaCzIipEjpFjtgQxHfYA bUg19R8jp+/pd6L/RK/ckWqF7DsEpubz4MIC1aysOE/Dvk99fw+LA44VtQ/plBVOvobz E23goxJ6aKh4jWWWXRx9l19lyL0sxeWK3bzLX1iwAYbTkz6sfOeCYOBO99l5tuiN4SYJ tCoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FBlSGHpU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a42si13534519edf.287.2021.03.01.13.07.08; Mon, 01 Mar 2021 13:07:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=FBlSGHpU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244114AbhCAVD1 (ORCPT + 99 others); Mon, 1 Mar 2021 16:03:27 -0500 Received: from mail.kernel.org ([198.145.29.99]:50362 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237048AbhCARM0 (ORCPT ); Mon, 1 Mar 2021 12:12:26 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1AAB765024; Mon, 1 Mar 2021 16:43:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1614617009; bh=geWY4EmGmVM6Oxl40KIOniYuhR6bQjVCTp6XaDRTJ70=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FBlSGHpUjtj1uEzK3FlvGyeeAodD/vDdAMeEY3Ah77U/G8Ik2Jq3nwJshlxbE4Rgx wxxoHXhXXxDaN34cOG/Auwv1KRI3tTTabf9Yv6dKQXWKGMZi7sBPLw0FpnWrcUW+Zy Fe4+MacEEaWGkodwM3uExYtH94AusqQhH97fNzyo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hongxiang Lou , Miaohe Lin , Thomas Gleixner , Dave Hansen , Andi Kleen , Josh Poimboeuf , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 4.19 171/247] mm/memory.c: fix potential pte_unmap_unlock pte error Date: Mon, 1 Mar 2021 17:13:11 +0100 Message-Id: <20210301161040.032948334@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210301161031.684018251@linuxfoundation.org> References: <20210301161031.684018251@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Miaohe Lin [ Upstream commit 90a3e375d324b2255b83e3dd29e99e2b05d82aaf ] Since commit 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings"), when the first pfn modify is not allowed, we would break the loop with pte unchanged. Then the wrong pte - 1 would be passed to pte_unmap_unlock. Andi said: "While the fix is correct, I'm not sure if it actually is a real bug. Is there any architecture that would do something else than unlocking the underlying page? If it's just the underlying page then it should be always the same page, so no bug" Link: https://lkml.kernel.org/r/20210109080118.20885-1-linmiaohe@huawei.com Fixes: 42e4089c789 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings") Signed-off-by: Hongxiang Lou Signed-off-by: Miaohe Lin Cc: Thomas Gleixner Cc: Dave Hansen Cc: Andi Kleen Cc: Josh Poimboeuf Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- mm/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index eeae63bd95027..4bd37296df89b 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1995,11 +1995,11 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, unsigned long end, unsigned long pfn, pgprot_t prot) { - pte_t *pte; + pte_t *pte, *mapped_pte; spinlock_t *ptl; int err = 0; - pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); + mapped_pte = pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); if (!pte) return -ENOMEM; arch_enter_lazy_mmu_mode(); @@ -2013,7 +2013,7 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd, pfn++; } while (pte++, addr += PAGE_SIZE, addr != end); arch_leave_lazy_mmu_mode(); - pte_unmap_unlock(pte - 1, ptl); + pte_unmap_unlock(mapped_pte, ptl); return err; } -- 2.27.0