From 6f9aeac616e7321f8cc160749f0340452f53304a Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 4 Dec 2019 23:51:34 +0100 Subject: [PATCH] update queue-4.9/mm-gup-add-missing-refcount-overflow-checks-on-x86-a.patch --- ...ng-refcount-overflow-checks-on-x86-a.patch | 42 ++++++++----------- 1 file changed, 18 insertions(+), 24 deletions(-) diff --git a/queue-4.9/mm-gup-add-missing-refcount-overflow-checks-on-x86-a.patch b/queue-4.9/mm-gup-add-missing-refcount-overflow-checks-on-x86-a.patch index a51b1d766db..77d40047073 100644 --- a/queue-4.9/mm-gup-add-missing-refcount-overflow-checks-on-x86-a.patch +++ b/queue-4.9/mm-gup-add-missing-refcount-overflow-checks-on-x86-a.patch @@ -23,50 +23,48 @@ them. Signed-off-by: Vlastimil Babka Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman + --- - arch/s390/mm/gup.c | 9 ++++++--- - arch/x86/mm/gup.c | 10 ++++++++-- - 2 files changed, 14 insertions(+), 5 deletions(-) + arch/s390/mm/gup.c | 9 ++++++--- + arch/x86/mm/gup.c | 9 ++++++++- + 2 files changed, 14 insertions(+), 4 deletions(-) -diff --git a/arch/s390/mm/gup.c b/arch/s390/mm/gup.c -index 97fc449a74707..33a940389a6d1 100644 --- a/arch/s390/mm/gup.c +++ b/arch/s390/mm/gup.c -@@ -38,7 +38,8 @@ static inline int gup_pte_range(pmd_t *pmdp, pmd_t pmd, unsigned long addr, +@@ -38,7 +38,8 @@ static inline int gup_pte_range(pmd_t *p VM_BUG_ON(!pfn_valid(pte_pfn(pte))); page = pte_page(pte); head = compound_head(page); - if (!page_cache_get_speculative(head)) -+ if (unlikely(WARN_ON_ONCE(page_ref_count(head) < 0) -+ || !page_cache_get_speculative(head))) ++ if (WARN_ON_ONCE(page_ref_count(head) < 0) ++ || !page_cache_get_speculative(head)) return 0; if (unlikely(pte_val(pte) != pte_val(*ptep))) { put_page(head); -@@ -76,7 +77,8 @@ static inline int gup_huge_pmd(pmd_t *pmdp, pmd_t pmd, unsigned long addr, +@@ -76,7 +77,8 @@ static inline int gup_huge_pmd(pmd_t *pm refs++; } while (addr += PAGE_SIZE, addr != end); - if (!page_cache_add_speculative(head, refs)) { -+ if (unlikely(WARN_ON_ONCE(page_ref_count(head) < 0) -+ || !page_cache_add_speculative(head, refs))) { ++ if (WARN_ON_ONCE(page_ref_count(head) < 0) ++ || !page_cache_add_speculative(head, refs)) { *nr -= refs; return 0; } -@@ -150,7 +152,8 @@ static int gup_huge_pud(pud_t *pudp, pud_t pud, unsigned long addr, +@@ -150,7 +152,8 @@ static int gup_huge_pud(pud_t *pudp, pud refs++; } while (addr += PAGE_SIZE, addr != end); - if (!page_cache_add_speculative(head, refs)) { -+ if (unlikely(WARN_ON_ONCE(page_ref_count(head) < 0) -+ || !page_cache_add_speculative(head, refs))) { ++ if (WARN_ON_ONCE(page_ref_count(head) < 0) ++ || !page_cache_add_speculative(head, refs)) { *nr -= refs; return 0; } -diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index d7db45bdfb3bd..551fc7fea046d 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c -@@ -202,10 +202,12 @@ static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr, +@@ -202,9 +202,12 @@ static int __gup_device_huge_pmd(pmd_t p undo_dev_pagemap(nr, nr_start, pages); return 0; } @@ -77,11 +75,10 @@ index d7db45bdfb3bd..551fc7fea046d 100644 SetPageReferenced(page); pages[*nr] = page; - get_page(page); -- put_dev_pagemap(pgmap); + put_dev_pagemap(pgmap); (*nr)++; pfn++; - } while (addr += PAGE_SIZE, addr != end); -@@ -230,6 +232,8 @@ static noinline int gup_huge_pmd(pmd_t pmd, unsigned long addr, +@@ -230,6 +233,8 @@ static noinline int gup_huge_pmd(pmd_t p refs = 0; head = pmd_page(pmd); @@ -90,7 +87,7 @@ index d7db45bdfb3bd..551fc7fea046d 100644 page = head + ((addr & ~PMD_MASK) >> PAGE_SHIFT); do { VM_BUG_ON_PAGE(compound_head(page) != head, page); -@@ -289,6 +293,8 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr, +@@ -289,6 +294,8 @@ static noinline int gup_huge_pud(pud_t p refs = 0; head = pud_page(pud); @@ -99,6 +96,3 @@ index d7db45bdfb3bd..551fc7fea046d 100644 page = head + ((addr & ~PUD_MASK) >> PAGE_SHIFT); do { VM_BUG_ON_PAGE(compound_head(page) != head, page); --- -2.20.1 - -- 2.47.3