Git Browser for ODROID
Code Review Sign In
git.odroid.com / linux / 0560f5f7b3a8f3ecf598e477a3d9d8cac5a5c75d^! / . / mm / memory.c
commit0560f5f7b3a8f3ecf598e477a3d9d8cac5a5c75d[log] [tgz]
authorSuren Baghdasaryan <surenb@google.com>Fri Nov 18 15:20:34 2022 -0800
committerSuren Baghdasaryan <surenb@google.com>Sun Nov 27 09:25:43 2022 -0800
treee9f85ce07302c6ed3a9b6eb0f3b91840b3067eb0
parent1169f70f8f15ea4378ecadb9baba8791824c8b2a [diff] [blame]
ANDROID: mm: prevent speculative page fault handling for userfaults

handle_userfault() should be protected against a concurrent
userfaultfd_release(), therefore handling a userfaults speculatively
without mmap_lock protection should be disallowed.

Bug: 257443051
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ic6ae39329c73e8849048ea15b5351a49346404d3

diff --git a/mm/memory.c b/mm/memory.c
index 639b9b0..62fba9f 100644
--- a/mm/memory.c
+++ b/mm/memory.c

@@ -3387,6 +3387,8 @@ static vm_fault_t do_wp_page(struct vm_fault *vmf)
 
 	if (userfaultfd_pte_wp(vma, *vmf->pte)) {
 		pte_unmap_unlock(vmf->pte, vmf->ptl);
+		if (vmf->flags & FAULT_FLAG_SPECULATIVE)
+			return VM_FAULT_RETRY;
 		return handle_userfault(vmf, VM_UFFD_WP);
 	}
 
@@ -5010,7 +5012,7 @@ static vm_fault_t ___handle_speculative_fault(struct mm_struct *mm,
 	vmf.vma_page_prot = READ_ONCE(vmf.vma->vm_page_prot);
 
 	/* Can't call userland page fault handler in the speculative path */
-	if (unlikely(vmf.vma_flags & VM_UFFD_MISSING)) {
+	if (unlikely(vmf.vma_flags & __VM_UFFD_FLAGS)) {
 		trace_spf_vma_notsup(_RET_IP_, vmf.vma, address);
 		return VM_FAULT_RETRY;
 	}