• Vlastimil Babka's avatar
    mm/mlock.c: prevent walking off the end of a pagetable in no-pmd configuration · eadb41ae
    Vlastimil Babka authored
    The function __munlock_pagevec_fill() introduced in commit 7a8010cd
    ("mm: munlock: manual pte walk in fast path instead of
    follow_page_mask()") uses pmd_addr_end() for restricting its operation
    within current page table.
    
    This is insufficient on architectures/configurations where pmd is folded
    and pmd_addr_end() just returns the end of the full range to be walked.
    In this case, it allows pte++ to walk off the end of a page table
    resulting in unpredictable behaviour.
    
    This patch fixes the function by using pgd_addr_end() and pud_addr_end()
    before pmd_addr_end(), which will yield correct page table boundary on
    all configurations.  This is similar to what existing page walkers do
    when walking each level of the page table.
    
    Additionaly, the patch clarifies a comment for get_locked_pte() call in the
    function.
    Signed-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
    Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
    Reviewed-by: default avatarBob Liu <bob.liu@oracle.com>
    Cc: Jörn Engel <joern@logfs.org>
    Cc: Mel Gorman <mgorman@suse.de>
    Cc: Michel Lespinasse <walken@google.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Johannes Weiner <hannes@cmpxchg.org>
    Cc: Michal Hocko <mhocko@suse.cz>
    Cc: Vlastimil Babka <vbabka@suse.cz>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    eadb41ae
mlock.c 21.4 KB