queue-5.0/mm-memory.c-fix-modifying-of-page-protection-by-insert_pfn.patch

   1 From cae85cb8add35f678cf487139d05e083ce2f570a Mon Sep 17 00:00:00 2001
   2 From: Jan Kara <jack@suse.cz>
   3 Date: Thu, 28 Mar 2019 20:43:19 -0700
   4 Subject: mm/memory.c: fix modifying of page protection by insert_pfn()
   5
   6 From: Jan Kara <jack@suse.cz>
   7
   8 commit cae85cb8add35f678cf487139d05e083ce2f570a upstream.
   9
  10 Aneesh has reported that PPC triggers the following warning when
  11 excercising DAX code:
  12
  13   IP set_pte_at+0x3c/0x190
  14   LR insert_pfn+0x208/0x280
  15   Call Trace:
  16      insert_pfn+0x68/0x280
  17      dax_iomap_pte_fault.isra.7+0x734/0xa40
  18      __xfs_filemap_fault+0x280/0x2d0
  19      do_wp_page+0x48c/0xa40
  20      __handle_mm_fault+0x8d0/0x1fd0
  21      handle_mm_fault+0x140/0x250
  22      __do_page_fault+0x300/0xd60
  23      handle_page_fault+0x18
  24
  25 Now that is WARN_ON in set_pte_at which is
  26
  27         VM_WARN_ON(pte_hw_valid(*ptep) && !pte_protnone(*ptep));
  28
  29 The problem is that on some architectures set_pte_at() cannot cope with
  30 a situation where there is already some (different) valid entry present.
  31
  32 Use ptep_set_access_flags() instead to modify the pfn which is built to
  33 deal with modifying existing PTE.
  34
  35 Link: http://lkml.kernel.org/r/20190311084537.16029-1-jack@suse.cz
  36 Fixes: b2770da64254 "mm: add vm_insert_mixed_mkwrite()"
  37 Signed-off-by: Jan Kara <jack@suse.cz>
  38 Reported-by: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
  39 Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
  40 Acked-by: Dan Williams <dan.j.williams@intel.com>
  41 Cc: Chandan Rajendra <chandan@linux.ibm.com>
  42 Cc: <stable@vger.kernel.org>
  43 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
  44 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  45 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  46
  47 ---
  48  mm/memory.c |   11 ++++++-----
  49  1 file changed, 6 insertions(+), 5 deletions(-)
  50
  51 --- a/mm/memory.c
  52 +++ b/mm/memory.c
  53 @@ -1546,10 +1546,12 @@ static vm_fault_t insert_pfn(struct vm_a
  54                                 WARN_ON_ONCE(!is_zero_pfn(pte_pfn(*pte)));
  55                                 goto out_unlock;
  56                         }
  57 -                       entry = *pte;
  58 -                       goto out_mkwrite;
  59 -               } else
  60 -                       goto out_unlock;
  61 +                       entry = pte_mkyoung(*pte);
  62 +                       entry = maybe_mkwrite(pte_mkdirty(entry), vma);
  63 +                       if (ptep_set_access_flags(vma, addr, pte, entry, 1))
  64 +                               update_mmu_cache(vma, addr, pte);
  65 +               }
  66 +               goto out_unlock;
  67         }
  68
  69         /* Ok, finally just insert the thing.. */
  70 @@ -1558,7 +1560,6 @@ static vm_fault_t insert_pfn(struct vm_a
  71         else
  72                 entry = pte_mkspecial(pfn_t_pte(pfn, prot));
  73
  74 -out_mkwrite:
  75         if (mkwrite) {
  76                 entry = pte_mkyoung(entry);
  77                 entry = maybe_mkwrite(pte_mkdirty(entry), vma);