Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4637388iob;
        Sun, 8 May 2022 20:08:51 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyCLoCLipLJxEQeJyy1JUmSm9vp2YYCGpzweLG2mA1UxM9iUYisq31Vx0s9xORv0+lHqE5j
X-Received: by 2002:a65:6955:0:b0:3c6:d819:bc4c with SMTP id w21-20020a656955000000b003c6d819bc4cmr303946pgq.138.1652065731145;
        Sun, 08 May 2022 20:08:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652065731; cv=none;
        d=google.com; s=arc-20160816;
        b=V3RfDWtmb6vUWap0ZQkXbiTRw76iElRQqXgdMVwTwWLMytYOeP8h8yQ4tC9R6lrFVa
         4PNebitYICjZXK8YXUQYzyTPJNmXaegLapFdQG5esJsxpbhizU6LwAPE1abE+4Y+d3ZJ
         z06K4ZXK4S4JkelgstTGlQ06DUZhJGC0C6ixz8TMeEfl6aVbBmmqlY8fw2tRVJj493bU
         /IQzETyX9BmVX/ATYogscS+nic8dfuBu9x5WSzw6m8cUuwet6+KyTFVgNbMpM1lLUQ9s
         qL8V3l4AMiMUq15U+pDRc7+0vD+tN4CSBcCylt5AIdMfPNRDNiGrRUdpMosHIT52oj0M
         p/rQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:date:mime-version:content-transfer-encoding
         :message-id:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=Cx9b0wuPi2hpZUIAggEgm8DQsUvh+NwrmES9nHN4zDc=;
        b=IeDGXF3qWTwyC+Rc3EijvUbRfQoJY2tNAPClux3pai6GxfaUaGB5rg+LYE+bZh2Zla
         F6F6tXIhir4UFdbI5YtAdT8qJwnihA6VagnSrxXM0WTK/CAP5cGQLZHQR/E7j0rm8JAR
         qk6kiaQuPdQklJyDGFnMVysjAh9DZw3pJnTMVz07PblA22s6rY2GsnJBiUX8oums9xYF
         C/BVJxKcu/hiIrZ2PQmub19De0/Mp4/+TZFa70FnFdVv+l5+jlATCILgps8cAk/l4Q0Q
         FXUeCVfa38bH0Z4V+NmZFX1Z97aZlhVi7wWV+AwszGsqdQ8iNAuD4HhWVRrkcUNPBWON
         llIw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=T32z0sZu;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id t3-20020a056a00138300b0050e12e5d0c8si14922517pfg.54.2022.05.08.20.08.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 08 May 2022 20:08:51 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=T32z0sZu;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 04F5E8BF30;
	Sun,  8 May 2022 20:08:22 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232261AbiEHMJP (ORCPT <rfc822;antony.sucheston@gmail.com>
        + 99 others); Sun, 8 May 2022 08:09:15 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55040 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229453AbiEHMJM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 8 May 2022 08:09:12 -0400
Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D7EADE80
        for <linux-kernel@vger.kernel.org>; Sun,  8 May 2022 05:05:22 -0700 (PDT)
From:   Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1652011520;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=Cx9b0wuPi2hpZUIAggEgm8DQsUvh+NwrmES9nHN4zDc=;
        b=T32z0sZuzIfz+dgVDjd+BR4KkbUztkhniEV1p3f4PfO2JWX1GB8xrwjURUFz7cf4Pvklcu
        6i83BL9usTkZkIEWSpC6sV4JcuvN5LNz+vupDQWdI8yQY9P50fdhjw3+/KIRX79Rra4FJe
        /JjCNJ4n5AMNgynj0HAvdmHShzdeWiHfOMPJAprMawm+LWE8zjsP7or327LHP9h6Qzqts5
        3XzXrSUmbLhI8jlVf7vHxAvfBFEvu3NYnyR0Y6t8ahB+7mAuvn4r/ZaHSr9T210vdyHmAV
        akAfH3L6alH+bKdab7MJBWbAMvaOwaJ9/Jkr9lCP5N5TUnrs3gJ//6mXhPLAMg==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1652011520;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=Cx9b0wuPi2hpZUIAggEgm8DQsUvh+NwrmES9nHN4zDc=;
        b=p2vfuxvO8kK9moib1i7BAMiWHRM1d2lSOO5iQVPPyrObKkHvW4yhaivwqe3uKVdhI6Pyrq
        8BpMpdjA7j416tCA==
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     linux-kernel@vger.kernel.org, x86@kernel.org
Subject: [GIT pull] core/urgent for v5.18-rc6
Message-ID: <165201148069.536527.1960632033331546251.tglx@xen13>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Date:   Sun,  8 May 2022 14:05:19 +0200 (CEST)
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Linus,

please pull the latest core/urgent branch from:

   git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git core-urgent-2022=
-05-08

up to:  2667ed10d9f0: mm: Fix PASID use-after-free issue


A single bugfix for the PASID management code, which freed the PASID too
early. The PASID needs to be tied to the mm lifetime, not to the address
space lifetime.

Thanks,

	tglx

------------------>
Fenghua Yu (1):
      mm: Fix PASID use-after-free issue


 kernel/fork.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/fork.c b/kernel/fork.c
index 9796897560ab..35a3beff140b 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -792,6 +792,7 @@ void __mmdrop(struct mm_struct *mm)
 	mmu_notifier_subscriptions_destroy(mm);
 	check_mm(mm);
 	put_user_ns(mm->user_ns);
+	mm_pasid_drop(mm);
 	free_mm(mm);
 }
 EXPORT_SYMBOL_GPL(__mmdrop);
@@ -1190,7 +1191,6 @@ static inline void __mmput(struct mm_struct *mm)
 	}
 	if (mm->binfmt)
 		module_put(mm->binfmt->module);
-	mm_pasid_drop(mm);
 	mmdrop(mm);
 }
=20