diff options
| author | Sean Christopherson <[email protected]> | 2019-01-09 16:51:17 -0800 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2019-01-10 02:58:21 -0800 |
| commit | ba422731316dde1e22dcc84b83c7349dc0ce1c3c (patch) | |
| tree | bd68daf24e1a240bb69b73d3387f022bef6f6fd8 /arch/csky/kernel/module.c | |
| parent | 4064e47c82810586975b4304b105056389beaa06 (diff) | |
mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifier range bug in try_to_unmap_one
The conversion to use a structure for mmu_notifier_invalidate_range_*()
unintentionally changed the usage in try_to_unmap_one() to init the
'struct mmu_notifier_range' with vma->vm_start instead of @address,
i.e. it invalidates the wrong address range. Revert to the correct
address range.
Manifests as KVM use-after-free WARNINGs and subsequent "BUG: Bad page
state in process X" errors when reclaiming from a KVM guest due to KVM
removing the wrong pages from its own mappings.
Reported-by: [email protected]
Reported-by: Mike Galbraith <[email protected]>
Reported-and-tested-by: Adam Borowski <[email protected]>
Reviewed-by: Jérôme Glisse <[email protected]>
Reviewed-by: Pankaj gupta <[email protected]>
Cc: Christian König <[email protected]>
Cc: Jan Kara <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Cc: Ross Zwisler <[email protected]>
Cc: Dan Williams <[email protected]>
Cc: Paolo Bonzini <[email protected]>
Cc: Radim Krčmář <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Felix Kuehling <[email protected]>
Cc: Ralph Campbell <[email protected]>
Cc: John Hubbard <[email protected]>
Cc: Andrew Morton <[email protected]>
Fixes: ac46d4f3c432 ("mm/mmu_notifier: use structure for invalidate_range_start/end calls v2")
Signed-off-by: Sean Christopherson <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'arch/csky/kernel/module.c')
0 files changed, 0 insertions, 0 deletions