review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Miaohe Lin <linmiaohe@huawei.com>
	Wed, 24 Feb 2021 20:04:33 +0000 (12:04 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 4 Mar 2021 10:38:19 +0000 (11:38 +0100)
commit	6c074ae0a482d97828522ceae0618a63bc1ab3aa
tree	253bf92034f2254b42a8b9a49f66c765beebf3b8	tree \| snapshot
parent	cbb86d6a5db96b19c82078a62c54d128721d374f	commit \| diff

mm/memory.c: fix potential pte_unmap_unlock pte error

[ Upstream commit 90a3e375d324b2255b83e3dd29e99e2b05d82aaf ]

Since commit 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged
high MMIO PROT_NONE mappings"), when the first pfn modify is not allowed,
we would break the loop with pte unchanged.  Then the wrong pte - 1 would
be passed to pte_unmap_unlock.

Andi said:

"While the fix is correct, I'm not sure if it actually is a real bug.
  Is there any architecture that would do something else than unlocking
  the underlying page? If it's just the underlying page then it should
  be always the same page, so no bug"

Link: https://lkml.kernel.org/r/20210109080118.20885-1-linmiaohe@huawei.com
Fixes: 42e4089c789 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings")
Signed-off-by: Hongxiang Lou <louhongxiang@huawei.com>
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>