forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/include
History
Suren Baghdasaryan 6971350406 ANDROID: fix mmu_notifier race caused by not taking mmap_lock during SPF 
When pagefaults are handled speculatively,the pair of
mmu_notifier_invalidate_range_start/mmu_notifier_invalidate_range_end
calls happen without mmap_lock being taken. This enables the following
race:

mmu_notifier_invalidate_range_start
                                       mmap_write_lock
                                       mmu_notifier_register
                                       mmap_write_unlock
mmu_notifier_invalidate_range_end

In this case mmu_notifier_invalidate_range_end will see a new
subscriber not seen at the time of mmu_notifier_invalidate_range_start
and will call ops->invalidate_range_end for that subscriber without
the matching ops->invalidate_range_start, creating imbalance.
Fix this by introducing a new mm->mmu_notifier_lock percpu_rw_semaphore
to synchronize mmu_notifier_invalidate_range_start/
mmu_notifier_invalidate_range_end with mmu_notifier_register when
handling pagefaults speculatively without holding mmap_lock.
percpu_rw_semaphore is used instead of rw_semaphore to prevent cache
line bouncing in the pagefault path.

Fixes: 86ee4a531e ("FROMLIST: x86/mm: add speculative pagefault handling")

Bug: 161210518
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I9c363b2348efcad19818f93b010abf956870ab55
2021-12-15 21:44:56 +00:00
..
acpi ACPI: fix NULL pointer dereference 2021-08-08 09:05:23 +02:00
asm-generic This is the 5.10.60 stable release 2021-08-27 17:14:51 +02:00
clocksource clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG 2021-07-14 16:56:12 +02:00
crypto crypto: shash - avoid comparing pointers to exported functions under CFI 2021-07-14 16:55:54 +02:00
drm This is the 5.10.54 stable release 2021-07-28 15:23:47 +02:00
dt-bindings This is the 5.10.50 stable release 2021-07-14 17:35:23 +02:00
keys certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-06-30 08:47:30 -04:00
kunit
kvm
linux ANDROID: fix mmu_notifier race caused by not taking mmap_lock during SPF 2021-12-15 21:44:56 +00:00
math-emu
media Revert "media: subdev: disallow ioctl for saa6588/davinci" 2021-07-20 11:56:13 +02:00
memory
misc
net ANDROID: GKI: fix up abi breakage from "cfg80211: fix management registrations locking" 2021-11-06 12:02:55 +00:00
pcmcia
ras
rdma
scsi Merge tag 'android12-5.10.66_r00' into android12-5.10 2021-10-21 09:45:02 +02:00
soc This is the 5.10.65 stable release 2021-09-15 14:16:47 +02:00
sound Revert "BACKPORT: ASoC: soc-pcm: Get all BEs along DAPM path" 2021-10-26 11:13:09 +08:00
target
trace ANDROID: vendor_hooks: Add hooks for binder proc transaction 2021-12-03 12:42:11 +08:00
uapi UPSTREAM: aio: fix use-after-free due to missing POLLFREE handling 2021-12-14 13:54:22 +01:00
vdso
video
xen