On Mon 19-10-20 12:50:34, Oscar Salvador wrote:
> On Mon, Oct 19, 2020 at 03:48:53AM -0400, Shijie Luo wrote:
> > When flags in queue_pages_pte_range don't have MPOL_MF_MOVE or MPOL_MF_MOVE_ALL
> > bits, code breaks and passing origin pte - 1 to pte_unmap_unlock seems like
> > not a good idea.
>
> I think the above is already explained below?
Yes
> > queue_pages_pte_range can run in MPOL_MF_MOVE_ALL mode which doesn't migrate
> > misplaced pages but returns with EIO when encountering such a page. Since
> > commit a7f40cfe3b7a ("mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT
> > is specified") and early break on the first pte in the range results in
> > pte_unmap_unlock on an underflow pte. This can lead to lockups later on when
> > somebody tries to lock the pte resp. page_table_lock again..
> >
> > Fixes: a7f40cfe3b7a ("mm: mempolicy: make mbind() return -EIO when
> > MPOL_MF_STRICT is specified")
Cc: stable
is due as well. There are even security concerns and I wouldn't be
surprised if this gained a CVE.
> > Signed-off-by: Shijie Luo <luoshijie1@xxxxxxxxxx>
> > Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx>
>
> Anyway, LGTM:
>
> Reviewed-by: Oscar Salvador <osalvador@xxxxxxx>
Acked-by: Michal Hocko <mhocko@xxxxxxxx>
--
Michal Hocko
SUSE Labs
