On Thu, May 18, 2023 at 12:07:25PM +0100, Ryan Roberts wrote:
> The loser of a race to service a pte for a device private entry in the
> swap path previously unlocked the ptl, but failed to unmap the pte. This
> only affects highmem systems since unmapping a pte is a noop on
> non-highmem systems.
>
> Fixes: 16ce101db85d ("mm/memory.c: fix race when faulting a device private page")
> Signed-off-by: Ryan Roberts <ryan.roberts@xxxxxxx>
> Reviewed-by: Zi Yan <ziy@xxxxxxxxxx>
Reviewed-by: Mike Rapoport (IBM) <rppt@xxxxxxxxxx>
> ---
> mm/memory.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/mm/memory.c b/mm/memory.c
> index f69fbc251198..ed429e20a1bb 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -3728,10 +3728,8 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
> vmf->page = pfn_swap_entry_to_page(entry);
> vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd,
> vmf->address, &vmf->ptl);
> - if (unlikely(!pte_same(*vmf->pte, vmf->orig_pte))) {
> - spin_unlock(vmf->ptl);
> - goto out;
> - }
> + if (unlikely(!pte_same(*vmf->pte, vmf->orig_pte)))
> + goto unlock;
>
> /*
> * Get a page reference while we know the page can't be
> --
> 2.25.1
>
>
--
Sincerely yours,
Mike.
