From patchwork Fri Oct 21 13:56:05 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Hutchings X-Patchwork-Id: 78669 Delivered-To: patch@linaro.org Received: by 10.140.97.247 with SMTP id m110csp1313698qge; Fri, 21 Oct 2016 06:56:12 -0700 (PDT) X-Received: by 10.98.57.140 with SMTP id u12mr1902132pfj.127.1477058172126; Fri, 21 Oct 2016 06:56:12 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id lm5si2376515pab.26.2016.10.21.06.56.11; Fri, 21 Oct 2016 06:56:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754883AbcJUN4K (ORCPT + 3 others); Fri, 21 Oct 2016 09:56:10 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:48905 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754764AbcJUN4J (ORCPT ); Fri, 21 Oct 2016 09:56:09 -0400 Received: from ben by shadbolt.decadent.org.uk with local (Exim 4.84_2) (envelope-from ) id 1bxaIn-000355-Rg; Fri, 21 Oct 2016 14:56:06 +0100 Date: Fri, 21 Oct 2016 14:56:05 +0100 From: Ben Hutchings To: linux-kernel@vger.kernel.org, Andrew Morton , torvalds@linux-foundation.org, Jiri Slaby , stable@vger.kernel.org Cc: lwn@lwn.net Message-ID: <20161021135605.GA2697@decadent.org.uk> MIME-Version: 1.0 Content-Disposition: inline X-Mailer: LinuxStableQueue (scripts by bwh) User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: ben@decadent.org.uk X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on shadbolt.decadent.org.uk X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS autolearn=disabled version=3.4.0 Subject: Linux 3.2.83 X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000) X-SA-Exim-Scanned: Yes (on shadbolt.decadent.org.uk) Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org I'm announcing the release of the 3.2.83 kernel. All users of the 3.2 kernel series should upgrade. The updated 3.2.y git tree can be found at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git The diff from 3.2.82 is attached to this message. Ben. ------------ Makefile | 2 +- include/linux/mm.h | 1 + mm/memory.c | 39 ++++++++++++++++++++++++++++----------- 3 files changed, 30 insertions(+), 12 deletions(-) Ben Hutchings (1): Linux 3.2.83 Michal Hocko (1): mm, gup: close FOLL MAP_PRIVATE race diff --git a/Makefile b/Makefile index b6fa6316ef75..716cdade034d 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ VERSION = 3 PATCHLEVEL = 2 -SUBLEVEL = 82 +SUBLEVEL = 83 EXTRAVERSION = NAME = Saber-toothed Squirrel diff --git a/include/linux/mm.h b/include/linux/mm.h index e5ee683b0ad3..16394da01d2d 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1527,6 +1527,7 @@ struct page *follow_page(struct vm_area_struct *, unsigned long address, #define FOLL_MLOCK 0x40 /* mark page as mlocked */ #define FOLL_SPLIT 0x80 /* don't return transhuge pages, split them */ #define FOLL_HWPOISON 0x100 /* check page is hwpoisoned */ +#define FOLL_COW 0x4000 /* internal GUP flag */ typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr, void *data); diff --git a/mm/memory.c b/mm/memory.c index 675b211296fd..2917e9b2e4d4 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1427,6 +1427,24 @@ int zap_vma_ptes(struct vm_area_struct *vma, unsigned long address, } EXPORT_SYMBOL_GPL(zap_vma_ptes); +static inline bool can_follow_write_pte(pte_t pte, struct page *page, + unsigned int flags) +{ + if (pte_write(pte)) + return true; + + /* + * Make sure that we are really following CoWed page. We do not really + * have to care about exclusiveness of the page because we only want + * to ensure that once COWed page hasn't disappeared in the meantime + * or it hasn't been merged to a KSM page. + */ + if ((flags & FOLL_FORCE) && (flags & FOLL_COW)) + return page && PageAnon(page) && !PageKsm(page); + + return false; +} + /** * follow_page - look up a page descriptor from a user-virtual address * @vma: vm_area_struct mapping @address @@ -1509,10 +1527,13 @@ split_fallthrough: pte = *ptep; if (!pte_present(pte)) goto no_page; - if ((flags & FOLL_WRITE) && !pte_write(pte)) - goto unlock; page = vm_normal_page(vma, address, pte); + if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, page, flags)) { + pte_unmap_unlock(ptep, ptl); + return NULL; + } + if (unlikely(!page)) { if ((flags & FOLL_DUMP) || !is_zero_pfn(pte_pfn(pte))) @@ -1555,7 +1576,7 @@ split_fallthrough: unlock_page(page); } } -unlock: + pte_unmap_unlock(ptep, ptl); out: return page; @@ -1789,17 +1810,13 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, * The VM_FAULT_WRITE bit tells us that * do_wp_page has broken COW when necessary, * even if maybe_mkwrite decided not to set - * pte_write. We can thus safely do subsequent - * page lookups as if they were reads. But only - * do so when looping for pte_write is futile: - * in some cases userspace may also be wanting - * to write to the gotten user page, which a - * read fault here might prevent (a readonly - * page might get reCOWed by userspace write). + * pte_write. We cannot simply drop FOLL_WRITE + * here because the COWed page might be gone by + * the time we do the subsequent page lookups. */ if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE)) - foll_flags &= ~FOLL_WRITE; + foll_flags |= FOLL_COW; cond_resched(); }