On Wed, Aug 31, 2022 at 09:13:48PM +0200, Jann Horn wrote:
> commit b67fbebd4cf980aecbcc750e1462128bffe8ae15 upstream.
>
> Some drivers rely on having all VMAs through which a PFN might be
> accessible listed in the rmap for correctness.
> However, on X86, it was possible for a VMA with stale TLB entries
> to not be listed in the rmap.
>
> This was fixed in mainline with
> commit b67fbebd4cf9 ("mmu_gather: Force tlb-flush VM_PFNMAP vmas"),
> but that commit relies on preceding refactoring in
> commit 18ba064e42df3 ("mmu_gather: Let there be one tlb_{start,end}_vma()
> implementation") and commit 1e9fdf21a4339 ("mmu_gather: Remove per arch
> tlb_{start,end}_vma()").
>
> This patch provides equivalent protection without needing that
> refactoring, by forcing a TLB flush between removing PTEs in
> unmap_vmas() and the call to unlink_file_vma() in free_pgtables().
>
> [This is a stable-specific rewrite of the upstream commit!]
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
Now queued up, thanks.
greg k-h
