From patchwork Fri May 13 14:24:05 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Greg KH <gregkh@linuxfoundation.org>
X-Patchwork-Id: 572503
Return-Path: <stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by smtp.lore.kernel.org (Postfix) with ESMTP id ED7AFC433EF
 for <stable@archiver.kernel.org>; Fri, 13 May 2022 14:33:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1357070AbiEMOdn (ORCPT <rfc822;stable@archiver.kernel.org>);
 Fri, 13 May 2022 10:33:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46722 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1381075AbiEMOcV (ORCPT
 <rfc822;stable@vger.kernel.org>); Fri, 13 May 2022 10:32:21 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5F0260BA0;
 Fri, 13 May 2022 07:29:29 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ams.source.kernel.org (Postfix) with ESMTPS id 15404B8306B;
 Fri, 13 May 2022 14:29:28 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 21746C34100;
 Fri, 13 May 2022 14:29:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
 s=korg; t=1652452166;
 bh=HQhKaRCDq+h5tAHDd71ttutJcE+5Ti3dz9qEBK/Yf0w=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=uiDWg/A7bCslGsFjrm71AHDbX7Eu/i5UfkZ9FTteprq2YwSUfMDwXgn1pfF21g9O3
 wPliLTvjkdYEFSTohpLU3vD0/Rqo9JOlPGeV+YaEh6TdVjvQ98MoF0rLf23I/WalbN
 8bLkvN7+wIKTR6FqADNVh1zDgooxHuXiU24TOPCo=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 stable@vger.kernel.org, Muchun Song <songmuchun@bytedance.com>,
 Mike Kravetz <mike.kravetz@oracle.com>,
 Axel Rasmussen <axelrasmussen@google.com>,
 David Rientjes <rientjes@google.com>, Fam Zheng <fam.zheng@bytedance.com>,
 "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
 Lars Persson <lars.persson@axis.com>, Peter Xu <peterx@redhat.com>,
 Xiongchun Duan <duanxiongchun@bytedance.com>, Zi Yan <ziy@nvidia.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 5.17 05/12] mm: hugetlb: fix missing cache flush in
 copy_huge_page_from_user()
Date: Fri, 13 May 2022 16:24:05 +0200
Message-Id: <20220513142228.810770493@linuxfoundation.org>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20220513142228.651822943@linuxfoundation.org>
References: <20220513142228.651822943@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Muchun Song <songmuchun@bytedance.com>

commit e763243cc6cb1fcc720ec58cfd6e7c35ae90a479 upstream.

userfaultfd calls copy_huge_page_from_user() which does not do any cache
flushing for the target page.  Then the target page will be mapped to
the user space with a different address (user address), which might have
an alias issue with the kernel address used to copy the data from the
user to.

Fix this issue by flushing dcache in copy_huge_page_from_user().

Link: https://lkml.kernel.org/r/20220210123058.79206-4-songmuchun@bytedance.com
Fixes: fa4d75c1de13 ("userfaultfd: hugetlbfs: add copy_huge_page_from_user for hugetlb userfaultfd support")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Fam Zheng <fam.zheng@bytedance.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Lars Persson <lars.persson@axis.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Xiongchun Duan <duanxiongchun@bytedance.com>
Cc: Zi Yan <ziy@nvidia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 mm/memory.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/mm/memory.c
+++ b/mm/memory.c
@@ -5475,6 +5475,8 @@ long copy_huge_page_from_user(struct pag
 		if (rc)
 			break;
 
+		flush_dcache_page(subpage);
+
 		cond_resched();
 	}
 	return ret_val;