From: John Hubbard <jhubbard@xxxxxxxxxx> For pages that were retained via get_user_pages*(), release those pages via the new put_user_page*() routines, instead of via put_page() or release_pages(). This is part a tree-wide conversion, as described in commit fc1d8e7cca2d ("mm: introduce put_user_page*(), placeholder versions"). Note that this effectively changes the code's behavior in qp_release_pages(): it now ultimately calls set_page_dirty_lock(), instead of set_page_dirty(). This is probably more accurate. As Christophe Hellwig put it, "set_page_dirty() is only safe if we are dealing with a file backed page where we have reference on the inode it hangs off." [1] [1] https://lore.kernel.org/r/20190723153640.GB720@xxxxxx Cc: Arnd Bergmann <arnd@xxxxxxxx> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: "Gustavo A. R. Silva" <gustavo@xxxxxxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: John Hubbard <jhubbard@xxxxxxxxxx> --- drivers/misc/vmw_vmci/vmci_context.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/drivers/misc/vmw_vmci/vmci_context.c b/drivers/misc/vmw_vmci/vmci_context.c index 16695366ec92..9daa52ee63b7 100644 --- a/drivers/misc/vmw_vmci/vmci_context.c +++ b/drivers/misc/vmw_vmci/vmci_context.c @@ -587,7 +587,7 @@ void vmci_ctx_unset_notify(struct vmci_ctx *context) if (notify_page) { kunmap(notify_page); - put_page(notify_page); + put_user_page(notify_page); } } diff --git a/drivers/misc/vmw_vmci/vmci_queue_pair.c b/drivers/misc/vmw_vmci/vmci_queue_pair.c index 8531ae781195..e5434551d0ef 100644 --- a/drivers/misc/vmw_vmci/vmci_queue_pair.c +++ b/drivers/misc/vmw_vmci/vmci_queue_pair.c @@ -626,15 +626,8 @@ static void qp_release_queue_mutex(struct vmci_queue *queue) static void qp_release_pages(struct page **pages, u64 num_pages, bool dirty) { - int i; - - for (i = 0; i < num_pages; i++) { - if (dirty) - set_page_dirty(pages[i]); - - put_page(pages[i]); - pages[i] = NULL; - } + put_user_pages_dirty_lock(pages, num_pages, dirty); + memset(pages, 0, num_pages * sizeof(struct page *)); } /* -- 2.22.0