Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp492412pxb; Wed, 3 Mar 2021 08:10:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJzMR+bLKzomswwFj2OQRt0XYVpJcow8S2quAZIsCjPahyn5zpcosGijjICKppO7FD4BmGK0 X-Received: by 2002:aa7:de8a:: with SMTP id j10mr15652edv.84.1614787856660; Wed, 03 Mar 2021 08:10:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614787856; cv=none; d=google.com; s=arc-20160816; b=m5zWtuBeScKQeETtUu+/8kF9frn9gC/kiacqDUch+4FFgPCpaiV9f8ZhxhhMRuMCvv nroG0gePGwEicOiWgxr8JnYLR9w0PZuzxvUSKuxkbk4cfMrgtcmTCYqTpkwd9nuGWrLA Q3Ad34ce8jAttHII4h8ed733n9KmWa+utQEdzZmWS9HLmCFkNyNM+oM+J+GIYgTs6mgk 2IY19N/N99E39HAcNW0Agjzkt7aU0x+sFD/G2AkEvyl1GTRrPJ8gvNTeZG7Pi5O7kvk+ NGF6SZOZFnyQQqwIiFbq0FhDvSf7z+glJj3/uXHoTR5NPRzjKzE+1y0l2L1r4dd80+mz JsGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=A2HZ1BUbGCoNmTY8g4be9twmyGxu6OyNszdO/eiAM5E=; b=fl3Ue406ika+hJjjXTX+9M756pB4kZYAgZADYLJ4sfvOFYEM8tWVPm9tApgAJlIamF wSBd0n7XTgYox3gOnKwro4kzosWOn8TgkKPce8uUmYJSLJ3/K2R0Mu0jL6uU+K4JXmPj ltRKufFfAVBZBDTF9DYLfbOi+uPLB4pPlaSSlOUCB/MMkFffF8JxTn0OGrk5WeG3gm0d zJThR3XkSaVwASy8L+hucs0sHG1WfAnk3QpjOmCIpGZNjdLMQavfgCvs+fHZnk7I32ZO /x6YaILsFre4HEulKE9Rf/zhs9wL4qiFR3MrR16lmAH8EqmbcP2uoHwKAtyBsvJxhdl1 FDfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tQAN5DDb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n16si8262576edo.395.2021.03.03.08.10.19; Wed, 03 Mar 2021 08:10:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tQAN5DDb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346355AbhCAXpN (ORCPT + 99 others); Mon, 1 Mar 2021 18:45:13 -0500 Received: from mail.kernel.org ([198.145.29.99]:58286 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239451AbhCASIu (ORCPT ); Mon, 1 Mar 2021 13:08:50 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id E7C8E64DFB; Mon, 1 Mar 2021 17:25:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1614619524; bh=3QYa7lWTWJhX+JOvcM89c6v77rNT3bvBBzcUROKRI/Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tQAN5DDb+WgxbkizB11w4Ej861a/B52Od5PL8vdkzKs3exKcDyCB0Q1UzPZLxZRWm 9D/O9P2TdneuNPAAV/6oYOPa0AZ/nxrKffSbWNxYEUfUwfN0TjtxITZx35rMkJ+ixN +6wbd3FG3gmxkoCW6csS0tBuS3dBwUI/kS1zU6fo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hongxiang Lou , Miaohe Lin , Thomas Gleixner , Dave Hansen , Andi Kleen , Josh Poimboeuf , Andrew Morton , Linus Torvalds , Sasha Levin Subject: [PATCH 5.10 458/663] mm/memory.c: fix potential pte_unmap_unlock pte error Date: Mon, 1 Mar 2021 17:11:46 +0100 Message-Id: <20210301161204.550675364@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210301161141.760350206@linuxfoundation.org> References: <20210301161141.760350206@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Miaohe Lin [ Upstream commit 90a3e375d324b2255b83e3dd29e99e2b05d82aaf ] Since commit 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings"), when the first pfn modify is not allowed, we would break the loop with pte unchanged. Then the wrong pte - 1 would be passed to pte_unmap_unlock. Andi said: "While the fix is correct, I'm not sure if it actually is a real bug. Is there any architecture that would do something else than unlocking the underlying page? If it's just the underlying page then it should be always the same page, so no bug" Link: https://lkml.kernel.org/r/20210109080118.20885-1-linmiaohe@huawei.com Fixes: 42e4089c789 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings") Signed-off-by: Hongxiang Lou Signed-off-by: Miaohe Lin Cc: Thomas Gleixner Cc: Dave Hansen Cc: Andi Kleen Cc: Josh Poimboeuf Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- mm/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index eb5722027160a..f9522481f95cd 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2165,11 +2165,11 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, unsigned long end, unsigned long pfn, pgprot_t prot) { - pte_t *pte; + pte_t *pte, *mapped_pte; spinlock_t *ptl; int err = 0; - pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); + mapped_pte = pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); if (!pte) return -ENOMEM; arch_enter_lazy_mmu_mode(); @@ -2183,7 +2183,7 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd, pfn++; } while (pte++, addr += PAGE_SIZE, addr != end); arch_leave_lazy_mmu_mode(); - pte_unmap_unlock(pte - 1, ptl); + pte_unmap_unlock(mapped_pte, ptl); return err; } -- 2.27.0