If the PTE table is COW-ed, break it before changing the protection. Signed-off-by: Chih-En Lin <shiyn.lin@xxxxxxxxx> --- mm/mprotect.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/mprotect.c b/mm/mprotect.c index 668bfaa6ed2ae..119116ec8f5e5 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -95,6 +95,9 @@ static unsigned long change_pte_range(struct mmu_gather *tlb, if (pmd_trans_unstable(pmd)) return 0; + if (break_cow_pte(vma, pmd, addr) < 0) + return 0; + /* * The pmd points to a regular pte so the pmd can't change * from under us even if the mmap_lock is only hold for @@ -305,6 +308,12 @@ static inline int pmd_none_or_clear_bad_unless_trans_huge(pmd_t *pmd) return 1; if (pmd_trans_huge(pmdval)) return 0; + /* + * If the entry point to COW-ed PTE, it's write protection bit + * will cause pmd_bad(). + */ + if (!pmd_write(pmdval)) + return 0; if (unlikely(pmd_bad(pmdval))) { pmd_clear_bad(pmd); return 1; -- 2.37.3