mm: gup: fix potential pgmap refcnt leak in __gup_device_huge()

mainline inclusion from mainline-v5.15-rc1 commit 6401c4eb category: bugfix bugzilla: 180689, https://gitee.com/openeuler/kernel/issues/I53CMX CVE: NA backport: openEuler-22.03-LTS Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6401c4eb57f947a49eb144b5b0787cde3318e82e -------------------------------- When failed to try_grab_page, put_dev_pagemap() is missed. So pgmap refcnt will leak in this case. Also we remove the check for pgmap against NULL as it's also checked inside the put_dev_pagemap(). [akpm@linux-foundation.org: simplify, cleanup] [akpm@linux-foundation.org: fix return value] Link: https://lkml.kernel.org/r/20210807093620.21347-5-linmiaohe@huawei.comSigned-off-by: N Miaohe Lin <linmiaohe@huawei.com> Fixes: 3faa52c0 ("mm/gup: track FOLL_PIN pages") Reviewed-by: N John Hubbard <jhubbard@nvidia.com> Reviewed-by: N Claudio Imbrenda <imbrenda@linux.ibm.com> Cc: Jan Kara <jack@suse.cz> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: N Andrew Morton <akpm@linux-foundation.org> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 6401c4eb) Signed-off-by: N Yue Zou <zouyue3@huawei.com> Reviewed-by: N Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

mm: gup: fix potential pgmap refcnt leak in __gup_device_huge()
mainline inclusion from mainline-v5.15-rc1 commit 6401c4eb category: bugfix bugzilla: 180689, https://gitee.com/openeuler/kernel/issues/I53CMX CVE: NA backport: openEuler-22.03-LTS Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6401c4eb57f947a49eb144b5b0787cde3318e82e -------------------------------- When failed to try_grab_page, put_dev_pagemap() is missed. So pgmap refcnt will leak in this case. Also we remove the check for pgmap against NULL as it's also checked inside the put_dev_pagemap(). [akpm@linux-foundation.org: simplify, cleanup] [akpm@linux-foundation.org: fix return value] Link: https://lkml.kernel.org/r/20210807093620.21347-5-linmiaohe@huawei.comSigned-off-by: N Miaohe Lin <linmiaohe@huawei.com> Fixes: 3faa52c0 ("mm/gup: track FOLL_PIN pages") Reviewed-by: N John Hubbard <jhubbard@nvidia.com> Reviewed-by: N Claudio Imbrenda <imbrenda@linux.ibm.com> Cc: Jan Kara <jack@suse.cz> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: N Andrew Morton <akpm@linux-foundation.org> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 6401c4eb) Signed-off-by: N Yue Zou <zouyue3@huawei.com> Reviewed-by: N Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
90fba22b · Miaohe Lin · Zheng Zengkai · 810e7508 · 90fba22b
隐藏空白更改
内联并排

Showing with 7 addition and 5 deletion

mm/gup.c mm/gup.c +7 -5

未找到文件。
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -2319,6 +2319,7 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr,
 {
 	int nr_start = *nr;
 	struct dev_pagemap *pgmap = NULL;
+	int ret = 1;
 	do {
 		struct page *page = pfn_to_page(pfn);
@@ -2326,21 +2327,22 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr,
 		pgmap = get_dev_pagemap(pfn, pgmap);
 		if (unlikely(!pgmap)) {
 			undo_dev_pagemap(nr, nr_start, flags, pages);
-			return 0;
+			ret = 0;
+			break;
 		}
 		SetPageReferenced(page);
 		pages[*nr] = page;
 		if (unlikely(!try_grab_page(page, flags))) {
 			undo_dev_pagemap(nr, nr_start, flags, pages);
-			return 0;
+			ret = 0;
+			break;
 		}
 		(*nr)++;
 		pfn++;
 	} while (addr += PAGE_SIZE, addr != end);
-	if (pgmap)
+	put_dev_pagemap(pgmap);
-		put_dev_pagemap(pgmap);
+	return ret;
-	return 1;
 }
 static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr,