From patchwork Thu Sep  2 21:58:22 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrew Morton <akpm@linux-foundation.org>
X-Patchwork-Id: 12473145
Return-Path: <SRS0=eNaS=NY=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 924F1C433EF
	for <linux-mm@archiver.kernel.org>; Thu,  2 Sep 2021 21:58:26 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 4B58F60E8B
	for <linux-mm@archiver.kernel.org>; Thu,  2 Sep 2021 21:58:26 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4B58F60E8B
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=linux-foundation.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id E68AD6B0163; Thu,  2 Sep 2021 17:58:25 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id DCA4E8D0001; Thu,  2 Sep 2021 17:58:25 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C1D496B0165; Thu,  2 Sep 2021 17:58:25 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0047.hostedemail.com
 [216.40.44.47])
	by kanga.kvack.org (Postfix) with ESMTP id AD6A46B0163
	for <linux-mm@kvack.org>; Thu,  2 Sep 2021 17:58:25 -0400 (EDT)
Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 809C52BFA4
	for <linux-mm@kvack.org>; Thu,  2 Sep 2021 21:58:25 +0000 (UTC)
X-FDA: 78543997770.17.E557DDD
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by imf06.hostedemail.com (Postfix) with ESMTP id 3EE03801A89C
	for <linux-mm@kvack.org>; Thu,  2 Sep 2021 21:58:25 +0000 (UTC)
Received: by mail.kernel.org (Postfix) with ESMTPSA id C3D1A60F12;
	Thu,  2 Sep 2021 21:58:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1630619903;
	bh=S9YjKxtcJFESm+xz/VkwLPcKBtuPlNLYGpGGjWla9lI=;
	h=Date:From:To:Subject:In-Reply-To:From;
	b=jGlyty/uJFPiSMPsB3BRC91dq954gfb52FkhchjAYskY2G5QGjvI9IQDm++V9/YiK
	 RfxORc8zPKt2aP3HbFhZnOZVzFoCZ7UuGf7aFMxVpVFqxvh068jxTDop/e9cHZ90Qa
	 +e5dIgYLq3Sjscm7DF8mqBRQKreuyKO1zloIC4gU=
Date: Thu, 02 Sep 2021 14:58:22 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: akpm@linux-foundation.org, linmiaohe@huawei.com, linux-mm@kvack.org,
 mm-commits@vger.kernel.org, naoya.horiguchi@nec.com,
 torvalds@linux-foundation.org
Subject: [patch 159/212] mm/hwpoison: fix potential
 pte_unmap_unlock pte error
Message-ID: <20210902215822.jKdOK27-5%akpm@linux-foundation.org>
In-Reply-To: <20210902144820.78957dff93d7bea620d55a89@linux-foundation.org>
User-Agent: s-nail v14.8.16
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b="jGlyty/u";
	spf=pass (imf06.hostedemail.com: domain of akpm@linux-foundation.org
 designates 198.145.29.99 as permitted sender)
 smtp.mailfrom=akpm@linux-foundation.org;
	dmarc=none
X-Stat-Signature: dqzcx84g5esanprxn7qa87r1bmq6onnu
X-Rspamd-Queue-Id: 3EE03801A89C
X-Rspamd-Server: rspam04
X-HE-Tag: 1630619905-739540
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

From: Miaohe Lin <linmiaohe@huawei.com>
Subject: mm/hwpoison: fix potential pte_unmap_unlock pte error

If the first pte is equal to poisoned_pfn, i.e.  check_hwpoisoned_entry()
return 1, the wrong ptep - 1 would be passed to pte_unmap_unlock().

Link: https://lkml.kernel.org/r/20210814105131.48814-3-linmiaohe@huawei.com
Fixes: ad9c59c24095 ("mm,hwpoison: send SIGBUS with error virutal address")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/memory-failure.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/mm/memory-failure.c~mm-hwpoison-fix-potential-pte_unmap_unlock-pte-error
+++ a/mm/memory-failure.c
@@ -632,7 +632,7 @@ static int hwpoison_pte_range(pmd_t *pmd
 {
 	struct hwp_walk *hwp = (struct hwp_walk *)walk->private;
 	int ret = 0;
-	pte_t *ptep;
+	pte_t *ptep, *mapped_pte;
 	spinlock_t *ptl;
 
 	ptl = pmd_trans_huge_lock(pmdp, walk->vma);
@@ -645,14 +645,15 @@ static int hwpoison_pte_range(pmd_t *pmd
 	if (pmd_trans_unstable(pmdp))
 		goto out;
 
-	ptep = pte_offset_map_lock(walk->vma->vm_mm, pmdp, addr, &ptl);
+	mapped_pte = ptep = pte_offset_map_lock(walk->vma->vm_mm, pmdp,
+						addr, &ptl);
 	for (; addr != end; ptep++, addr += PAGE_SIZE) {
 		ret = check_hwpoisoned_entry(*ptep, addr, PAGE_SHIFT,
 					     hwp->pfn, &hwp->tk);
 		if (ret == 1)
 			break;
 	}
-	pte_unmap_unlock(ptep - 1, ptl);
+	pte_unmap_unlock(mapped_pte, ptl);
 out:
 	cond_resched();
 	return ret;