This is a note to let you know that I've just added the patch titled
mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 51f625377561e5b167da2db5aafb7ee268f691c5 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@xxxxxxxxxx>
Date: Thu, 28 Sep 2023 13:24:32 -0400
Subject: mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer
From: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
commit 51f625377561e5b167da2db5aafb7ee268f691c5 upstream.
The two users of mbind_range() are expecting that mbind_range() will
update the pointer to the previous VMA, or return an error. However,
set_mempolicy_home_node() does not call mbind_range() if there is no VMA
policy. The fix is to update the pointer to the previous VMA prior to
continuing iterating the VMAs when there is no policy.
Users may experience a WARN_ON() during VMA policy updates when updating
a range of VMAs on the home node.
Link: https://lkml.kernel.org/r/20230928172432.2246534-1-Liam.Howlett@xxxxxxxxxx
Link: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HGJsmLcUuwQ@xxxxxxxxxxxxxx/
Fixes: f4e9e0e69468 ("mm/mempolicy: fix use-after-free of VMA iterator")
Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
Reported-by: Yikebaer Aizezi <yikebaer61@xxxxxxxxx>
Closes: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HGJsmLcUuwQ@xxxxxxxxxxxxxx/
Reviewed-by: Lorenzo Stoakes <lstoakes@xxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
mm/mempolicy.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1543,8 +1543,10 @@ SYSCALL_DEFINE4(set_mempolicy_home_node,
* the home node for vmas we already updated before.
*/
old = vma_policy(vma);
- if (!old)
+ if (!old) {
+ prev = vma;
continue;
+ }
if (old->mode != MPOL_BIND && old->mode != MPOL_PREFERRED_MANY) {
err = -EOPNOTSUPP;
break;
Patches currently in stable-queue which might be from Liam.Howlett@xxxxxxxxxx are
queue-6.5/maple_tree-add-gfp_kernel-to-allocations-in-mas_expected_entries.patch
queue-6.5/mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch
queue-6.5/mm-fix-vm_brk_flags-to-not-bail-out-while-holding-lock.patch
