On Tue, Oct 08, 2019 at 11:15:01AM +0200, Thomas Hellström (VMware) wrote:
> From: Thomas Hellstrom <thellstrom@xxxxxxxxxx>
>
> Without the lock, anybody modifying a pte from within this function might
> have it concurrently modified by someone else.
>
> Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
> Cc: Will Deacon <will.deacon@xxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Rik van Riel <riel@xxxxxxxxxxx>
> Cc: Minchan Kim <minchan@xxxxxxxxxx>
> Cc: Michal Hocko <mhocko@xxxxxxxx>
> Cc: Huang Ying <ying.huang@xxxxxxxxx>
> Cc: Jérôme Glisse <jglisse@xxxxxxxxxx>
> Cc: Kirill A. Shutemov <kirill@xxxxxxxxxxxxx>
> Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Thomas Hellstrom <thellstrom@xxxxxxxxxx>
> ---
> mm/pagewalk.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mm/pagewalk.c b/mm/pagewalk.c
> index d48c2a986ea3..83c0b78363b4 100644
> --- a/mm/pagewalk.c
> +++ b/mm/pagewalk.c
> @@ -10,8 +10,9 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
> pte_t *pte;
> int err = 0;
> const struct mm_walk_ops *ops = walk->ops;
> + spinlock_t *ptl;
>
> - pte = pte_offset_map(pmd, addr);
> + pte = pte_offset_map_lock(walk->mm, pmd, addr, &ptl);
> for (;;) {
> err = ops->pte_entry(pte, addr, addr + PAGE_SIZE, walk);
> if (err)
> @@ -22,7 +23,7 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
> pte++;
> }
>
> - pte_unmap(pte);
> + pte_unmap_unlock(pte - 1, ptl);
NAK.
If ->pte_entry() fails on the first entry of the page table, pte - 1 will
point out side the page table.
And the '- 1' is totally unnecessary as we break the loop before pte++ on
the last iteration.
--
Kirill A. Shutemov
