Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1808384rwd; Thu, 15 Jun 2023 16:22:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6xmmciGPa79fCMQgblZQNCEEiJViY4hykSJq4uQ2spcPQaaMFTfIs7AnCK2TLBU3etcbWM X-Received: by 2002:a17:90a:e2c8:b0:25e:b450:c5f1 with SMTP id fr8-20020a17090ae2c800b0025eb450c5f1mr158602pjb.4.1686871371885; Thu, 15 Jun 2023 16:22:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686871371; cv=none; d=google.com; s=arc-20160816; b=JA8ABZRYm0jHTyfoDdLRr1yWio/EEK4bx6OL/avlAh2zZ4by8KEPhLus8bhoU7l+Ld AxU3MVqulRqkv18qxL4cde4jL4CH+ZDciXG6WjVFjWBHQPbdku16kQwK2apaeY6TIw0t lMrbh9RtB8Gxv7ZIB6albkRRJFyrafQN10XEPZSQaEy/4sOPIqIooUGFlMi8y6+H8va4 zZkN/7LTclmDff+SMEPAILbVRL8/KJHCYSaEK5ydd2UQXPUw2UvDV6+NOWci93ICMRUV geL1LA8x77Ms0IzY9gYsiJLpUbFuL64s1f4vupOtnSnYwRABDnZl9AWKkFyUKlCxmkXc tACg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature; bh=RmZFNeoisH6VwOe/2FJwnr1e9y/lbk2gv9RdAR57kqc=; b=wbk2aiij3jtB6yrdEZHkxmroFUJ5rfFWC5efVNzsO0w6Q/oVVwEYPFcZNmmkkbABYD 3KDZyZL9iLwyYHdP1Le3M4s3faqd/rwj/SI4tBWGMyEhc77Os9wwbqzNuzcg0uMCbm7L eEJ2Px7oLLxOnegN3uOgBI+mO/515pYsuuNVlOEbr/Lyv2PKyW6W9JTsjTxoaAA4uu84 801O9ASQMcpNhaPq5Ps6MDCqccxQVoxiOsGSZs1EjeLmaujuXo5tcdMKCFLwrVzmTZQj HTtfBFH4e51N9RDIJuU9UEK9gncgMp4VC8A8OktOhScHwcD/h878b5H6LkiYnbReKbaB KLLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=IEuubg8v; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e9-20020a17090a804900b0024e16a5935bsi361314pjw.54.2023.06.15.16.22.07; Thu, 15 Jun 2023 16:22:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=IEuubg8v; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236328AbjFOXKI (ORCPT + 99 others); Thu, 15 Jun 2023 19:10:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231230AbjFOXKG (ORCPT ); Thu, 15 Jun 2023 19:10:06 -0400 Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1258272C for ; Thu, 15 Jun 2023 16:10:05 -0700 (PDT) Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-bad0c4f6f50so343010276.1 for ; Thu, 15 Jun 2023 16:10:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1686870605; x=1689462605; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=RmZFNeoisH6VwOe/2FJwnr1e9y/lbk2gv9RdAR57kqc=; b=IEuubg8vIRqVRwSn1395G+XEtc7B85JxK43FvVybY07OWsveSyZ5wJsa/qhDJi5K+f 2z4BB1oTpAZfWgHVO7bVGZxY63p2SO5CN3m2htDHyqWLCEY32bbtbvtLrdtb+FZx9aAg Hn4hagDUFw6lLpntWGZgt3Pm9gXqbOprY6Vv+qxOIl2OH5+lAY6GAulcnIHVr+LwoRzX 1F4cCgdXmMAp6621pzgpHLgPeICxIK6qNeguYPRpzPl9EfF9iflGyA51t6FRtYmkXa9U NFseJoNQRVWNARaoQ294DgGMeBDt15bo6QIrYusvgfytMyJ+SESA1p0/o5IZ7QbwvdW0 Iplg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686870605; x=1689462605; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=RmZFNeoisH6VwOe/2FJwnr1e9y/lbk2gv9RdAR57kqc=; b=bKApWOqj1gSCiBquiRH1SIpmggThh/SIJpqzDqnA/LzCVuea1OEg/ioGCBvguBe6iq UOhOy5nTV48+SatUXI4TmvParRsTeCc0xn9EIx3DsBu+g5oQwj4h7j6A8IrUsaxZAhAF fm0Jc7uWbhGtsPw5Y4wopY+0lMwdk04dvMSWiWwaQUJ1Qe0z6zBNu2+A7MvC1mTN8dfX D868vgDelFBfAhEOgBf5FXYR43U1rMnY21kmJECfp245aLK8/Qm4T8hSkm7H/rtgul1L JnXfcsA0IuEmTOdRqN8poRtHoirIVHKeAhca/UxUqp3WQyY0oNGoRSVOuMRjjX0K48mw K72g== X-Gm-Message-State: AC+VfDxnMbP1e/RMge8E6W0DG3odAClj+zqQUJOzWYfHz3/EurczFRdU 7EiSUjTVgkfgwZsdAGTf5WRVig== X-Received: by 2002:a25:4288:0:b0:bad:2353:2454 with SMTP id p130-20020a254288000000b00bad23532454mr8207229yba.11.1686870604660; Thu, 15 Jun 2023 16:10:04 -0700 (PDT) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id k7-20020a258c07000000b00bb0ae4221b8sm4175977ybl.43.2023.06.15.16.10.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jun 2023 16:10:04 -0700 (PDT) Date: Thu, 15 Jun 2023 16:10:00 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@ripple.attlocal.net To: Andrew Morton cc: Hugh Dickins , Mike Kravetz , Mike Rapoport , "Kirill A. Shutemov" , Matthew Wilcox , David Hildenbrand , Suren Baghdasaryan , Qi Zheng , Yang Shi , Mel Gorman , Peter Xu , Peter Zijlstra , Will Deacon , Yu Zhao , Alistair Popple , Ralph Campbell , Ira Weiny , Steven Price , SeongJae Park , Lorenzo Stoakes , Huang Ying , Naoya Horiguchi , Christophe Leroy , Zack Rusin , Jason Gunthorpe , Axel Rasmussen , Anshuman Khandual , Pasha Tatashin , Miaohe Lin , Minchan Kim , Christoph Hellwig , Song Liu , Thomas Hellstrom , Ryan Roberts , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH v2 28/32 fix] mm/memory: allow pte_offset_map[_lock]() to fail: fix In-Reply-To: Message-ID: <1a4db221-7872-3594-57ce-42369945ec8d@google.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org __wp_page_copy_user() was liable to call update_mmu_tlb() with NULL vmf->pte in two places: not a problem today, but could become a problem later when pte_offset_map_lock() fails. Signed-off-by: Hugh Dickins --- Andrew, please add this as a fix patch for later merge into my "mm/memory: allow" patch in mm-unstable: it's something noticed while researching the bug Nathan reported, but not so serious - thanks. mm/memory.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 4ec46eecefd3..cdadcff5ab26 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2843,7 +2843,8 @@ static inline int __wp_page_copy_user(struct page *dst, struct page *src, * Other thread has already handled the fault * and update local tlb only */ - update_mmu_tlb(vma, addr, vmf->pte); + if (vmf->pte) + update_mmu_tlb(vma, addr, vmf->pte); ret = -EAGAIN; goto pte_unlock; } @@ -2867,7 +2868,8 @@ static inline int __wp_page_copy_user(struct page *dst, struct page *src, vmf->pte = pte_offset_map_lock(mm, vmf->pmd, addr, &vmf->ptl); if (unlikely(!vmf->pte || !pte_same(*vmf->pte, vmf->orig_pte))) { /* The PTE changed under us, update local tlb */ - update_mmu_tlb(vma, addr, vmf->pte); + if (vmf->pte) + update_mmu_tlb(vma, addr, vmf->pte); ret = -EAGAIN; goto pte_unlock; } -- 2.35.3