Revision cb185d5f1ebf900f4ae3bf84cee212e6dd035aca authored by Nadav Amit on 18 October 2021, 22:15:25 UTC, committed by Linus Torvalds on 19 October 2021, 06:22:02 UTC
A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was detected by KASAN on a development kernel, but it appears to be possible on vanilla kernels as well. Use mmget_not_zero() to prevent the race as done in other userfaultfd operations. Link: https://lkml.kernel.org/r/20210921200247.25749-1-namit@vmware.com Fixes: 63b2d4174c4ad ("userfaultfd: wp: add the writeprotect API to userfaultfd ioctl") Signed-off-by: Nadav Amit <namit@vmware.com> Tested-by: Li Wang <liwang@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 8913970
File | Mode | Size |
---|---|---|
alchemy | ||
ar7 | ||
ath25 | ||
ath79 | ||
bcm47xx | ||
bcm63xx | ||
bmips | ||
boot | ||
cavium-octeon | ||
cobalt | ||
configs | ||
crypto | ||
dec | ||
fw | ||
generic | ||
include | ||
ingenic | ||
jazz | ||
kernel | ||
kvm | ||
lantiq | ||
lib | ||
loongson2ef | ||
loongson32 | ||
loongson64 | ||
math-emu | ||
mm | ||
mti-malta | ||
n64 | ||
net | ||
netlogic | ||
pci | ||
pic32 | ||
power | ||
ralink | ||
rb532 | ||
sgi-ip22 | ||
sgi-ip27 | ||
sgi-ip30 | ||
sgi-ip32 | ||
sibyte | ||
sni | ||
tools | ||
txx9 | ||
vdso | ||
vr41xx | ||
Kbuild | -rw-r--r-- | 612 bytes |
Kbuild.platforms | -rw-r--r-- | 1.6 KB |
Kconfig | -rw-r--r-- | 85.4 KB |
Kconfig.debug | -rw-r--r-- | 5.6 KB |
Makefile | -rw-r--r-- | 19.4 KB |
Makefile.postlink | -rw-r--r-- | 963 bytes |
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...