git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jason Gunthorpe <jgg@nvidia.com>
	Sat, 14 Nov 2020 06:51:56 +0000 (22:51 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 18 Nov 2020 18:22:27 +0000 (19:22 +0100)
commit	b742ca1b74e4b3e195d3eb9b5779da5e8ee19ebb
tree	810d878ddda5d64ea23e7f463f33deeb1c3461f3	tree
parent	e20add452163e1d93bc30f1e2cb27c254359ca5a	commit \| diff

mm/gup: use unpin_user_pages() in __gup_longterm_locked()

commit 96e1fac162cc0086c50b2b14062112adb2ba640e upstream.

When FOLL_PIN is passed to __get_user_pages() the page list must be put
back using unpin_user_pages() otherwise the page pin reference persists
in a corrupted state.

There are two places in the unwind of __gup_longterm_locked() that put
the pages back without checking. Normally on error this function would
return the partial page list making this the caller's responsibility,
but in these two cases the caller is not allowed to see these pages at
all.

Fixes: 3faa52c03f44 ("mm/gup: track FOLL_PIN pages")
Reported-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/0-v2-3ae7d9d162e2+2a7-gup_cma_fix_jgg@nvidia.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>