The patch titled
Subject: mm/gup: protect unpin_user_pages() against npages==-ERRNO
has been added to the -mm tree. Its filename is
mm-gup-protect-unpin_user_pages-against-npages==-errno.patch
This patch should soon appear at
https://ozlabs.org/~akpm/mmots/broken-out/mm-gup-protect-unpin_user_pages-against-npages%3D%3D-errno.patch
and later at
https://ozlabs.org/~akpm/mmotm/broken-out/mm-gup-protect-unpin_user_pages-against-npages%3D%3D-errno.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: John Hubbard <jhubbard@xxxxxxxxxx>
Subject: mm/gup: protect unpin_user_pages() against npages==-ERRNO
As suggested by Dan Carpenter, fortify unpin_user_pages() just a bit,
against a typical caller mistake: check if the npages arg is really a
-ERRNO value, which would blow up the unpinning loop: WARN and return.
If this new WARN_ON() fires, then the system *might* be leaking pages (by
leaving them pinned), but probably not. More likely, gup/pup returned a
hard -ERRNO error to the caller, who erroneously passed it here.
Link: https://lkml.kernel.org/r/20200917065706.409079-1-jhubbard@xxxxxxxxxx
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: John Hubbard <jhubbard@xxxxxxxxxx>
Cc: Ira Weiny <ira.weiny@xxxxxxxxx>
Cc: Souptick Joarder <jrdr.linux@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/gup.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/mm/gup.c~mm-gup-protect-unpin_user_pages-against-npages==-errno
+++ a/mm/gup.c
@@ -329,6 +329,13 @@ void unpin_user_pages(struct page **page
unsigned long index;
/*
+ * If this WARN_ON() fires, then the system *might* be leaking pages (by
+ * leaving them pinned), but probably not. More likely, gup/pup returned
+ * a hard -ERRNO error to the caller, who erroneously passed it here.
+ */
+ if (WARN_ON(IS_ERR_VALUE(npages)))
+ return;
+ /*
* TODO: this can be optimized for huge pages: if a series of pages is
* physically contiguous and part of the same compound page, then a
* single operation to the head page should suffice.
_
Patches currently in -mm which might be from jhubbard@xxxxxxxxxx are
mm-dump_page-rename-head_mapcount-head_compound_mapcount.patch
mm-gup-protect-unpin_user_pages-against-npages==-errno.patch
selftests-vm-fix-false-build-success-on-the-second-and-later-attempts.patch
selftests-vm-fix-incorrect-gcc-invocation-in-some-cases.patch
