From 4b388752aca20f2588212251ad59d80a2cc5d214 Mon Sep 17 00:00:00 2001
From: Suren Baghdasaryan <surenb@google.com>
Date: Fri, 18 Nov 2022 15:23:53 -0800
Subject: [PATCH] ANDROID: mm: prevent speculative page fault handling for in
 do_swap_page()

do_swap_page() uses migration_entry_wait() which operates on page tables
without protection. Disable speculative page fault handling.

Bug: 257443051
Change-Id: I677eb1ee85707dce533d5d811dcde5f5dabcfdf3
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
---
 mm/memory.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mm/memory.c b/mm/memory.c
index 62fba9f3fd67..739f0983bb8c 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3601,6 +3601,11 @@ vm_fault_t do_swap_page(struct vm_fault *vmf)
 	vm_fault_t ret;
 	void *shadow = NULL;
 
+	if (vmf->flags & FAULT_FLAG_SPECULATIVE) {
+		pte_unmap(vmf->pte);
+		return VM_FAULT_RETRY;
+	}
+
 	ret = pte_unmap_same(vmf);
 	if (ret) {
 		/*