diff options
| author | Steven Price <steven.price@arm.com> | 2022-09-02 12:26:12 +0100 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-09-03 10:13:13 -0700 |
| commit | 8782fb61cc848364e1e1599d76d3c9dd58a1cc06 (patch) | |
| tree | 6177e2fedcece02fbb40952e04946fbe6cabdd30 /mm/page_ext.c | |
| parent | d895ec7938c431fe61a731939da76a6461bc6133 (diff) | |
| download | linux-stable-8782fb61cc848364e1e1599d76d3c9dd58a1cc06.tar.gz linux-stable-8782fb61cc848364e1e1599d76d3c9dd58a1cc06.tar.bz2 linux-stable-8782fb61cc848364e1e1599d76d3c9dd58a1cc06.zip | |
mm: pagewalk: Fix race between unmap and page walker
The mmap lock protects the page walker from changes to the page tables
during the walk. However a read lock is insufficient to protect those
areas which don't have a VMA as munmap() detaches the VMAs before
downgrading to a read lock and actually tearing down PTEs/page tables.
For users of walk_page_range() the solution is to simply call pte_hole()
immediately without checking the actual page tables when a VMA is not
present. We now never call __walk_page_range() without a valid vma.
For walk_page_range_novma() the locking requirements are tightened to
require the mmap write lock to be taken, and then walking the pgd
directly with 'no_vma' set.
This in turn means that all page walkers either have a valid vma, or
it's that special 'novma' case for page table debugging. As a result,
all the odd '(!walk->vma && !walk->no_vma)' tests can be removed.
Fixes: dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Steven Price <steven.price@arm.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/page_ext.c')
0 files changed, 0 insertions, 0 deletions