git.baikalelectronics.ru Git - kernel.git/commit

author	Miaohe Lin <linmiaohe@huawei.com>
	Wed, 24 Feb 2021 20:04:33 +0000 (12:04 -0800)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Wed, 24 Feb 2021 21:38:30 +0000 (13:38 -0800)
commit	7ece09f6cd633d195992c92f371f2809caaaceb2
tree	a9ef9db605f779c644fa41845db741dbcd432cfe	tree \| snapshot
parent	dcca3073c1d98f141f1f6587f048c32fe4a76018	commit \| diff

mm/memory.c: fix potential pte_unmap_unlock pte error

Since commit f749ac706631 ("x86/speculation/l1tf: Disallow non privileged
high MMIO PROT_NONE mappings"), when the first pfn modify is not allowed,
we would break the loop with pte unchanged.  Then the wrong pte - 1 would
be passed to pte_unmap_unlock.

Andi said:

"While the fix is correct, I'm not sure if it actually is a real bug.
  Is there any architecture that would do something else than unlocking
  the underlying page? If it's just the underlying page then it should
  be always the same page, so no bug"

Link: https://lkml.kernel.org/r/20210109080118.20885-1-linmiaohe@huawei.com
Fixes: f749ac70663 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings")
Signed-off-by: Hongxiang Lou <louhongxiang@huawei.com>
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>