Skip to main content

Browse the archive

https://github.com/torvalds/linux
27 March 2024, 02:37:15 UTC
Revision ba422731316dde1e22dcc84b83c7349dc0ce1c3c authored by Sean Christopherson on 10 January 2019, 00:51:17 UTC, committed by Linus Torvalds on 10 January 2019, 10:58:21 UTC 
mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifier range bug in try_to_unmap_one
 
The conversion to use a structure for mmu_notifier_invalidate_range_*()
unintentionally changed the usage in try_to_unmap_one() to init the
'struct mmu_notifier_range' with vma->vm_start instead of @address,
i.e. it invalidates the wrong address range.  Revert to the correct
address range.

Manifests as KVM use-after-free WARNINGs and subsequent "BUG: Bad page
state in process X" errors when reclaiming from a KVM guest due to KVM
removing the wrong pages from its own mappings.

Reported-by: leozinho29_eu@hotmail.com
Reported-by: Mike Galbraith <efault@gmx.de>
Reported-and-tested-by: Adam Borowski <kilobyte@angband.pl>
Reviewed-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: Pankaj gupta <pagupta@redhat.com>
Cc: Christian König <christian.koenig@amd.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Ross Zwisler <zwisler@kernel.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Felix Kuehling <felix.kuehling@amd.com>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: ac46d4f3c432 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2")
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 4064e47
History
Tip revision: ba422731316dde1e22dcc84b83c7349dc0ce1c3c authored by Sean Christopherson on 10 January 2019, 00:51:17 UTC
mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifier range bug in try_to_unmap_one
Tip revision: ba42273
File Mode Size
partitions
Kconfig -rw-r--r-- 6.5 KB
Kconfig.iosched -rw-r--r-- 1.1 KB
Makefile -rw-r--r-- 1.5 KB
badblocks.c -rw-r--r-- 14.5 KB
bfq-cgroup.c -rw-r--r-- 33.5 KB
bfq-iosched.c -rw-r--r-- 193.2 KB
bfq-iosched.h -rw-r--r-- 34.8 KB
bfq-wf2q.c -rw-r--r-- 52.3 KB
bio-integrity.c -rw-r--r-- 12.9 KB
bio.c -rw-r--r-- 52.3 KB
blk-cgroup.c -rw-r--r-- 46.6 KB
blk-core.c -rw-r--r-- 47.6 KB
blk-exec.c -rw-r--r-- 2.5 KB
blk-flush.c -rw-r--r-- 14.4 KB
blk-integrity.c -rw-r--r-- 12.0 KB
blk-ioc.c -rw-r--r-- 10.2 KB
blk-iolatency.c -rw-r--r-- 27.3 KB
blk-lib.c -rw-r--r-- 10.2 KB
blk-map.c -rw-r--r-- 5.9 KB
blk-merge.c -rw-r--r-- 21.8 KB
blk-mq-cpumap.c -rw-r--r-- 1.7 KB
blk-mq-debugfs-zoned.c -rw-r--r-- 478 bytes
blk-mq-debugfs.c -rw-r--r-- 26.3 KB
blk-mq-debugfs.h -rw-r--r-- 2.7 KB
blk-mq-pci.c -rw-r--r-- 1.7 KB
blk-mq-rdma.c -rw-r--r-- 1.7 KB
blk-mq-sched.c -rw-r--r-- 13.2 KB
blk-mq-sched.h -rw-r--r-- 2.6 KB
blk-mq-sysfs.c -rw-r--r-- 8.4 KB
blk-mq-tag.c -rw-r--r-- 14.5 KB
blk-mq-tag.h -rw-r--r-- 2.3 KB
blk-mq-virtio.c -rw-r--r-- 1.7 KB
blk-mq.c -rw-r--r-- 83.9 KB
blk-mq.h -rw-r--r-- 6.8 KB
blk-pm.c -rw-r--r-- 6.6 KB
blk-pm.h -rw-r--r-- 1.4 KB
blk-rq-qos.c -rw-r--r-- 6.3 KB
blk-rq-qos.h -rw-r--r-- 4.4 KB
blk-settings.c -rw-r--r-- 27.0 KB
blk-softirq.c -rw-r--r-- 3.7 KB
blk-stat.c -rw-r--r-- 4.6 KB
blk-stat.h -rw-r--r-- 4.6 KB
blk-sysfs.c -rw-r--r-- 25.2 KB
blk-throttle.c -rw-r--r-- 67.9 KB
blk-timeout.c -rw-r--r-- 3.7 KB
blk-wbt.c -rw-r--r-- 19.9 KB
blk-wbt.h -rw-r--r-- 3.0 KB
blk-zoned.c -rw-r--r-- 11.7 KB
blk.h -rw-r--r-- 10.1 KB
bounce.c -rw-r--r-- 9.1 KB
bsg-lib.c -rw-r--r-- 9.8 KB
bsg.c -rw-r--r-- 12.5 KB
cmdline-parser.c -rw-r--r-- 4.9 KB
compat_ioctl.c -rw-r--r-- 10.9 KB
elevator.c -rw-r--r-- 16.4 KB
genhd.c -rw-r--r-- 49.5 KB
ioctl.c -rw-r--r-- 15.3 KB
ioprio.c -rw-r--r-- 5.1 KB
kyber-iosched.c -rw-r--r-- 28.3 KB
mq-deadline.c -rw-r--r-- 20.6 KB
opal_proto.h -rw-r--r-- 9.3 KB
partition-generic.c -rw-r--r-- 17.1 KB
scsi_ioctl.c -rw-r--r-- 19.1 KB
sed-opal.c -rw-r--r-- 58.8 KB
t10-pi.c -rw-r--r-- 7.9 KB
back to top