WSL2-Linux-Kernel/mm
Steven Price 8782fb61cc mm: pagewalk: Fix race between unmap and page walker
The mmap lock protects the page walker from changes to the page tables
during the walk.  However a read lock is insufficient to protect those
areas which don't have a VMA as munmap() detaches the VMAs before
downgrading to a read lock and actually tearing down PTEs/page tables.

For users of walk_page_range() the solution is to simply call pte_hole()
immediately without checking the actual page tables when a VMA is not
present. We now never call __walk_page_range() without a valid vma.

For walk_page_range_novma() the locking requirements are tightened to
require the mmap write lock to be taken, and then walking the pgd
directly with 'no_vma' set.

This in turn means that all page walkers either have a valid vma, or
it's that special 'novma' case for page table debugging.  As a result,
all the odd '(!walk->vma && !walk->no_vma)' tests can be removed.

Fixes: dd2283f260 ("mm: mmap: zap pages with read mmap_sem in munmap")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Steven Price <steven.price@arm.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-09-03 10:13:13 -07:00
..
damon mm/damon/dbgfs: avoid duplicate context directory creation 2022-08-28 14:02:45 -07:00
kasan
kfence
Kconfig
Kconfig.debug
Makefile
backing-dev.c writeback: avoid use-after-free after removing device 2022-08-28 14:02:43 -07:00
balloon_compaction.c
bootmem_info.c bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem 2022-08-28 14:02:45 -07:00
cma.c
cma.h
cma_debug.c
cma_sysfs.c
compaction.c
debug.c
debug_page_ref.c
debug_vm_pgtable.c
dmapool.c
early_ioremap.c
fadvise.c
failslab.c
filemap.c
folio-compat.c
frontswap.c
gup.c mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW 2022-08-20 15:17:44 -07:00
gup_test.c
gup_test.h
highmem.c
hmm.c
huge_memory.c mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW 2022-08-20 15:17:44 -07:00
hugetlb.c mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte 2022-08-28 14:02:43 -07:00
hugetlb_cgroup.c
hugetlb_vmemmap.c
hugetlb_vmemmap.h
hwpoison-inject.c
init-mm.c
internal.h
interval_tree.c
io-mapping.c
ioremap.c
khugepaged.c
kmemleak.c
ksm.c
list_lru.c
maccess.c
madvise.c
mapping_dirty_helpers.c
memblock.c
memcontrol.c
memfd.c
memory-failure.c
memory.c
memory_hotplug.c
mempolicy.c
mempool.c
memremap.c
memtest.c
migrate.c
migrate_device.c
mincore.c
mlock.c
mm_init.c
mmap.c mm/hugetlb: fix hugetlb not supporting softdirty tracking 2022-08-20 15:17:45 -07:00
mmap_lock.c
mmu_gather.c
mmu_notifier.c
mmzone.c
mprotect.c mm/mprotect: only reference swap pfn page if type match 2022-08-28 14:02:46 -07:00
mremap.c
msync.c
nommu.c
oom_kill.c
page-writeback.c writeback: avoid use-after-free after removing device 2022-08-28 14:02:43 -07:00
page_alloc.c
page_counter.c
page_ext.c
page_idle.c
page_io.c
page_isolation.c
page_owner.c
page_poison.c
page_reporting.c
page_reporting.h
page_table_check.c
page_vma_mapped.c
pagewalk.c mm: pagewalk: Fix race between unmap and page walker 2022-09-03 10:13:13 -07:00
percpu-internal.h
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
pgalloc-track.h
pgtable-generic.c
process_vm_access.c
ptdump.c mm: pagewalk: Fix race between unmap and page walker 2022-09-03 10:13:13 -07:00
readahead.c
rmap.c mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse 2022-08-31 15:45:10 -07:00
rodata_test.c
secretmem.c
shmem.c shmem: update folio if shmem_replace_page() updates the page 2022-08-28 14:02:43 -07:00
shrinker_debug.c
shuffle.c
shuffle.h
slab.c
slab.h
slab_common.c mm/slab_common: Deleting kobject in kmem_cache_destroy() without holding slab_mutex/cpu_hotplug_lock 2022-09-01 12:10:31 +02:00
slob.c
slub.c
sparse-vmemmap.c
sparse.c
swap.c
swap.h
swap_cgroup.c
swap_slots.c
swap_state.c
swapfile.c
truncate.c
usercopy.c
userfaultfd.c mm/uffd: reset write protection when unregister with wp-mode 2022-08-20 15:17:45 -07:00
util.c
vmacache.c
vmalloc.c
vmpressure.c
vmscan.c
vmstat.c mm: add DEVICE_ZONE to FOR_ALL_ZONES 2022-08-20 15:17:45 -07:00
workingset.c
z3fold.c
zbud.c
zpool.c
zsmalloc.c mm/zsmalloc: do not attempt to free IS_ERR handle 2022-08-28 14:02:44 -07:00
zswap.c