1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-22 16:06:04 -05:00
linux/mm
Linus Torvalds 79a61cc3fc mm: avoid leaving partial pfn mappings around in error case
As Jann points out, PFN mappings are special, because unlike normal
memory mappings, there is no lifetime information associated with the
mapping - it is just a raw mapping of PFNs with no reference counting of
a 'struct page'.

That's all very much intentional, but it does mean that it's easy to
mess up the cleanup in case of errors.  Yes, a failed mmap() will always
eventually clean up any partial mappings, but without any explicit
lifetime in the page table mapping itself, it's very easy to do the
error handling in the wrong order.

In particular, it's easy to mistakenly free the physical backing store
before the page tables are actually cleaned up and (temporarily) have
stale dangling PTE entries.

To make this situation less error-prone, just make sure that any partial
pfn mapping is torn down early, before any other error handling.

Reported-and-tested-by: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Simona Vetter <simona.vetter@ffwll.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-09-12 12:10:00 -07:00
..
damon
kasan
kfence
kmsan
backing-dev.c
balloon_compaction.c
bootmem_info.c
cma.c
cma.h
cma_debug.c
cma_sysfs.c
compaction.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
debug.c
debug_page_alloc.c
debug_page_ref.c
debug_vm_pgtable.c
dmapool.c
dmapool_test.c
early_ioremap.c
execmem.c
fadvise.c
fail_page_alloc.c
failslab.c
filemap.c mm: Fix filemap_invalidate_inode() to use invalidate_inode_pages2_range() 2024-08-30 15:11:48 +02:00
folio-compat.c
gup.c
gup_test.c
gup_test.h
highmem.c
hmm.c
huge_memory.c mm/numa: no task_numa_fault() call if PMD is changed 2024-08-15 22:16:15 -07:00
hugetlb.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
hugetlb_cgroup.c
hugetlb_vmemmap.c mm: don't account memmap per-node 2024-08-15 22:16:14 -07:00
hugetlb_vmemmap.h
hwpoison-inject.c
init-mm.c
internal.h
interval_tree.c
io-mapping.c
ioremap.c
Kconfig - 875fa64577da ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
Kconfig.debug
khugepaged.c - 875fa64577da ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
kmemleak.c
ksm.c Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
list_lru.c mm: list_lru: fix UAF for memory cgroup 2024-08-07 18:33:56 -07:00
maccess.c
madvise.c Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
Makefile
mapping_dirty_helpers.c
memblock.c
memcontrol-v1.c memcg_write_event_control(): fix a user-triggerable oops 2024-08-12 21:58:44 -04:00
memcontrol-v1.h
memcontrol.c mm/memcontrol: respect zswap.writeback setting from parent cg too 2024-09-01 17:59:02 -07:00
memfd.c
memory-failure.c mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu 2024-08-15 22:16:14 -07:00
memory-tiers.c
memory.c mm: avoid leaving partial pfn mappings around in error case 2024-09-12 12:10:00 -07:00
memory_hotplug.c x86/kaslr: Expose and use the end of the physical memory address space 2024-08-20 13:44:57 +02:00
mempolicy.c Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
mempool.c
memremap.c
memtest.c
migrate.c mm/migrate: fix deadlock in migrate_pages_batch() on large folios 2024-08-15 22:26:02 -07:00
migrate_device.c
mincore.c
mlock.c Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
mm_init.c alloc_tag: mark pages reserved during CMA activation as not tagged 2024-08-15 22:16:16 -07:00
mm_slot.h
mmap.c Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
mmap_lock.c
mmu_gather.c
mmu_notifier.c
mmzone.c
mprotect.c
mremap.c
mseal.c mseal: fix is_madv_discard() 2024-08-15 22:16:13 -07:00
msync.c
nommu.c
oom_kill.c
page-writeback.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
page_alloc.c codetag: debug: mark codetags for poisoned page as empty 2024-09-01 17:59:02 -07:00
page_counter.c
page_ext.c mm: don't account memmap per-node 2024-08-15 22:16:14 -07:00
page_idle.c
page_io.c
page_isolation.c
page_owner.c
page_poison.c
page_reporting.c
page_reporting.h
page_table_check.c
page_vma_mapped.c
pagewalk.c
percpu-internal.h
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
pgalloc-track.h
pgtable-generic.c
process_vm_access.c
ptdump.c
readahead.c
rmap.c Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
rodata_test.c
secretmem.c
shmem.c mm: shmem: fix incorrect aligned index when checking conflicts 2024-08-07 18:33:56 -07:00
shmem_quota.c
show_mem.c
shrinker.c
shrinker_debug.c
shuffle.c
shuffle.h
slab.h - 875fa64577da ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
slab_common.c - 875fa64577da ("mm/hugetlb_vmemmap: fix race with speculative PFN 2024-07-21 17:15:46 -07:00
slub.c mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook 2024-09-01 17:59:01 -07:00
sparse-vmemmap.c mm: don't account memmap per-node 2024-08-15 22:16:14 -07:00
sparse.c A set of X86 fixes: 2024-09-01 14:43:08 -07:00
swap.c
swap.h
swap_cgroup.c
swap_slots.c
swap_state.c
swapfile.c
truncate.c mm: Fix missing folio invalidation calls during truncation 2024-08-24 16:09:16 +02:00
usercopy.c
userfaultfd.c userfaultfd: don't BUG_ON() if khugepaged yanks our page table 2024-09-01 17:59:00 -07:00
util.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
vmalloc.c mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area 2024-09-01 17:59:02 -07:00
vmpressure.c
vmscan.c Revert "mm: skip CMA pages when they are not available" 2024-09-01 17:59:01 -07:00
vmstat.c mm: don't account memmap per-node 2024-08-15 22:16:14 -07:00
workingset.c
z3fold.c
zbud.c
zpool.c
zsmalloc.c minmax: make generic MIN() and MAX() macros available everywhere 2024-07-28 15:49:18 -07:00
zswap.c