Skip to content
Snippets Groups Projects
Commit 01f05a1e authored by Jann Horn's avatar Jann Horn Committed by Yongqiang Liu
Browse files

mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() 

stable inclusion
from stable-v4.19.257
commit c3b1e88f14e7f442e2ddcbec94527eec84ac0ca3
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5PE9S
CVE: CVE-2022-39188

--------------------------------

commit b67fbebd4cf980aecbcc750e1462128bffe8ae15 upstream.

Some drivers rely on having all VMAs through which a PFN might be
accessible listed in the rmap for correctness.
However, on X86, it was possible for a VMA with stale TLB entries
to not be listed in the rmap.

This was fixed in mainline with
commit b67fbebd4cf9 ("mmu_gather: Force tlb-flush VM_PFNMAP vmas"),
but that commit relies on preceding refactoring in
commit 18ba064e42df3 ("mmu_gather: Let there be one tlb_{start,end}_vma()
implementation") and commit 1e9fdf21a4339 ("mmu_gather: Remove per arch
tlb_{start,end}_vma()").

This patch provides equivalent protection without needing that
refactoring, by forcing a TLB flush between removing PTEs in
unmap_vmas() and ...
parent 0c93f29f
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 12 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment