On Wed, Jan 02, 2019 at 04:21:26PM -0800, Matthew Wilcox wrote: > > One of the paths in follow_pte_pmd() initialised the mmu_notifier_range > incorrectly. > > Signed-off-by: Matthew Wilcox <willy@xxxxxxxxxxxxx> > Fixes: ac46d4f3c432 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2") > Tested-by: Dave Chinner <dchinner@xxxxxxxxxx> Actually now that i have read the code again this is not ok to do so. The caller of follow_pte_pmd() will call range_init and follow pmd will only update the range address. So existing code is ok. I know this is kind of ugly but i do not see a way around that uglyness. > > diff --git a/mm/memory.c b/mm/memory.c > index 2dd2f9ab57f4..21a650368be0 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -4078,8 +4078,8 @@ static int __follow_pte_pmd(struct mm_struct *mm, unsigned long address, > goto out; > > if (range) { > - range->start = address & PAGE_MASK; > - range->end = range->start + PAGE_SIZE; > + mmu_notifier_range_init(range, mm, address & PAGE_MASK, > + (address & PAGE_MASK) + PAGE_SIZE); > mmu_notifier_invalidate_range_start(range); > } > ptep = pte_offset_map_lock(mm, pmd, address, ptlp);