torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
0d60fd5032
linux/arch/arm/mm
History
Qi Zheng a564ccfe30 arm: pgtable: fix NULL pointer dereference issue 
When update_mmu_cache_range() is called by update_mmu_cache(), the vmf
parameter is NULL, which will cause a NULL pointer dereference issue in
adjust_pte():

Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read
Hardware name: Atmel AT91SAM9
PC is at update_mmu_cache_range+0x1e0/0x278
LR is at pte_offset_map_rw_nolock+0x18/0x2c
Call trace:
 update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec
 remove_migration_pte from rmap_walk_file+0xcc/0x130
 rmap_walk_file from remove_migration_ptes+0x90/0xa4
 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858
 migrate_pages_batch from migrate_pages+0x188/0x488
 migrate_pages from compact_zone+0x56c/0x954
 compact_zone from compact_node+0x90/0xf0
 compact_node from kcompactd+0x1d4/0x204
 kcompactd from kthread+0x120/0x12c
 kthread from ret_from_fork+0x14/0x38
Exception stack(0xc0d8bfb0 to 0xc0d8bff8)

To fix it, do not rely on whether 'ptl' is equal to decide whether to hold
the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is
enabled.  In addition, if two vmas map to the same PTE page, there is no
need to hold the pte lock again, otherwise a deadlock will occur.  Just
add the need_lock parameter to let adjust_pte() know this information.

Link: https://lkml.kernel.org/r/20250217024924.57996-1-zhengqi.arch@bytedance.com
Fixes: fc9c45b71f ("arm: adjust_pte() use pte_offset_map_rw_nolock()")
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Reported-by: Ezra Buehler <ezra.buehler@husqvarnagroup.com>
Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0cLkHEQ@mail.gmail.com/
Acked-by: David Hildenbrand <david@redhat.com>
Tested-by: Ezra Buehler <ezra.buehler@husqvarnagroup.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Muchun Song <muchun.song@linux.dev>
Cc: Qi Zheng <zhengqi.arch@bytedance.com>
Cc: Russel King <linux@armlinux.org.uk>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2025-03-05 21:36:12 -08:00
..
abort-ev4.S
abort-ev4t.S
abort-ev5t.S
abort-ev5tj.S
abort-ev6.S ARM: 9263/1: use .arch directives instead of assembler command line flags 2022-11-08 18:36:17 +00:00
abort-ev7.S ARM: 9263/1: use .arch directives instead of assembler command line flags 2022-11-08 18:36:17 +00:00
abort-lv4t.S
abort-macro.S
abort-nommu.S
alignment.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
cache-b15-rac.c ARM: 9387/2: mm: Rewrite cacheflush vtables in CFI safe C 2024-04-29 14:14:18 +01:00
cache-fa.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
cache-feroceon-l2.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_56.RULE (part 1) 2022-06-10 14:51:35 +02:00
cache-l2x0-pmu.c
cache-l2x0.c ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values 2020-09-15 14:35:53 +01:00
cache-nop.S ARM: 9387/2: mm: Rewrite cacheflush vtables in CFI safe C 2024-04-29 14:14:18 +01:00
cache-tauros2.c treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_56.RULE (part 1) 2022-06-10 14:51:35 +02:00
cache-tauros3.h
cache-uniphier.c ARM: uniphier: fix cache kernel-doc warnings 2023-09-27 11:02:14 +02:00
cache-v4.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
cache-v4wb.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
cache-v4wt.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
cache-v6.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
cache-v7.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
cache-v7m.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
cache-xsc3l2.c
cache.c ARM: 9387/2: mm: Rewrite cacheflush vtables in CFI safe C 2024-04-29 14:14:18 +01:00
context.c ARM: mm: make vmalloc_seq handling SMP safe 2022-01-25 09:53:52 +01:00
copypage-fa.c
copypage-feroceon.c ARM: 9263/1: use .arch directives instead of assembler command line flags 2022-11-08 18:36:17 +00:00
copypage-v4mc.c arm: implement the new page table range API 2023-08-24 16:20:20 -07:00
copypage-v4wb.c
copypage-v4wt.c
copypage-v6.c arm: implement the new page table range API 2023-08-24 16:20:20 -07:00
copypage-xsc3.c ARM: PXA: fix multi-cpu build of xsc3 2022-05-07 22:56:16 +02:00
copypage-xscale.c arm: implement the new page table range API 2023-08-24 16:20:20 -07:00
dma-mapping-nommu.c ARM: 9435/1: ARM/nommu: Fix typo "absence" 2024-11-12 23:51:05 +00:00
dma-mapping.c ARM: 9418/1: dma-mapping: Use iommu_paging_domain_alloc() 2024-09-04 15:02:07 +01:00
dma.h
dump.c mm/treewide: replace pmd_large() with pmd_leaf() 2024-03-06 13:04:19 -08:00
extable.c
fault-armv.c arm: pgtable: fix NULL pointer dereference issue 2025-03-05 21:36:12 -08:00
fault.c ARM: Remove address checking for MMUless devices 2024-07-09 08:53:59 -07:00
fault.h ARM: 9304/1: add prototype for function called only from asm 2023-06-19 09:35:52 +01:00
flush.c ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses 2024-03-11 16:04:19 +00:00
fsr-2level.c
fsr-3level.c
idmap.c ARM: 9420/1: smp: Fix SMP for xip kernels 2024-11-12 16:38:47 +00:00
init.c arch: make execmem setup available regardless of CONFIG_MODULES 2024-05-14 00:31:44 -07:00
iomap.c ARM: 8923/1: mm: include <asm/vga.h> for vga_base 2019-10-31 16:58:54 +00:00
ioremap.c ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire() 2024-11-13 08:15:23 +00:00
kasan_init.c ARM: 9329/1: kasan: Use memblock_alloc_try_nid_raw for shadow page 2023-12-05 11:42:15 +00:00
Kconfig ARM: Delete ARM11MPCore (ARM11 ARMv6K SMP) support 2023-12-22 11:43:16 +00:00
l2c-common.c
l2c-l2x0-resume.S
Makefile The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
mm.h arm: implement the new page table range API 2023-08-24 16:20:20 -07:00
mmap.c mm: make arch_get_unmapped_area() take vm_flags by default 2024-09-09 16:39:13 -07:00
mmu.c mm/memblock: add memblock_alloc_or_panic interface 2025-01-25 20:22:38 -08:00
nommu.c mm/memblock: add memblock_alloc_or_panic interface 2025-01-25 20:22:38 -08:00
pabort-legacy.S
pabort-v6.S
pabort-v7.S
pageattr.c minmax: add in_range() macro 2023-08-24 16:20:18 -07:00
pgd.c asm-generic: pgalloc: provide generic __pgd_{alloc,free} 2025-01-25 20:22:24 -08:00
physaddr.c ARM: mm: Make virt_to_pfn() a static inline 2023-05-29 11:27:08 +02:00
pmsa-v7.c ARM: 9069/1: NOMMU: Fix conversion for_each_membock() to for_each_mem_range() 2021-03-25 10:25:20 +00:00
pmsa-v8.c ARM: mm: Make virt_to_pfn() a static inline 2023-05-29 11:27:08 +02:00
proc-arm7tdmi.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-arm9tdmi.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-arm720.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-arm740.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-arm920.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm922.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm925.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm926.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm940.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm946.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm1020.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm1020e.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm1022.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-arm1026.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-fa526.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-feroceon.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-macros.S ARM: 9387/2: mm: Rewrite cacheflush vtables in CFI safe C 2024-04-29 14:14:18 +01:00
proc-mohawk.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-sa110.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-sa1100.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-syms.c
proc-v6.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-v7-2level.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-v7-3level.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-v7-bugs.c ARM: 9213/1: Print message about disabled Spectre workarounds only once 2022-07-06 22:44:49 +01:00
proc-v7.S ARM: 9434/1: cfi: Fix compilation corner case 2024-11-12 23:51:05 +00:00
proc-v7m.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc-xsc3.S ARM: 9393/1: mm: Use conditionals for CFI branches 2024-05-07 10:30:24 +01:00
proc-xscale.S ARM: 9388/2: mm: Type-annotate all per-processor assembly routines 2024-04-29 14:14:19 +01:00
proc.c ARM: 9408/1: mm: CFI: Fix some erroneous reset prototypes 2024-07-02 09:19:14 +01:00
ptdump_debugfs.c ARM: 9074/1: ptdump: convert to DEFINE_SHOW_ATTRIBUTE 2021-04-18 19:15:13 +01:00
pv-fixup-asm.S ARM: mm: Make virt_to_pfn() a static inline 2023-05-29 11:27:08 +02:00
tlb-fa.S ARM: 9384/2: mm: Make tlbflush routines CFI safe 2024-04-29 14:14:15 +01:00
tlb-v4.S ARM: 9384/2: mm: Make tlbflush routines CFI safe 2024-04-29 14:14:15 +01:00
tlb-v4wb.S ARM: 9384/2: mm: Make tlbflush routines CFI safe 2024-04-29 14:14:15 +01:00
tlb-v4wbi.S ARM: 9384/2: mm: Make tlbflush routines CFI safe 2024-04-29 14:14:15 +01:00
tlb-v6.S ARM: 9384/2: mm: Make tlbflush routines CFI safe 2024-04-29 14:14:15 +01:00
tlb-v7.S ARM: 9384/2: mm: Make tlbflush routines CFI safe 2024-04-29 14:14:15 +01:00
tlb.c ARM: 9384/2: mm: Make tlbflush routines CFI safe 2024-04-29 14:14:15 +01:00