git.itanic.dy.fi Git - linux-stable/commit

author	Qi Zheng <zhengqi.arch@bytedance.com>
	Thu, 22 Feb 2024 08:08:15 +0000 (16:08 +0800)
committer	Andrew Morton <akpm@linux-foundation.org>
	Tue, 5 Mar 2024 00:40:33 +0000 (16:40 -0800)
commit	d7a08838ab74652f2b53fee9763f0178278c3a4b
tree	737fe757950b68b4f38aa14d4ac33aa368bc3d30	tree \| snapshot
parent	803de9000f334b771afacb6ff3e78622916668b0	commit \| diff

mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails

After ptep_clear_flush(), if we find that src_folio is pinned we will fail
UFFDIO_MOVE and put src_folio back to src_pte entry, but the change to
src_folio->{mapping,index} is not restored in this process. This is not
what we expected, so fix it.

This can cause the rmap for that page to be invalid, possibly resulting
in memory corruption. At least swapout+migration would no longer work,
because we might fail to locate the mappings of that folio.

Link: https://lkml.kernel.org/r/20240222080815.46291-1-zhengqi.arch@bytedance.com
Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>