| From e763243cc6cb1fcc720ec58cfd6e7c35ae90a479 Mon Sep 17 00:00:00 2001 |
| From: Muchun Song <songmuchun@bytedance.com> |
| Date: Tue, 22 Mar 2022 14:41:59 -0700 |
| Subject: mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() |
| |
| From: Muchun Song <songmuchun@bytedance.com> |
| |
| commit e763243cc6cb1fcc720ec58cfd6e7c35ae90a479 upstream. |
| |
| userfaultfd calls copy_huge_page_from_user() which does not do any cache |
| flushing for the target page. Then the target page will be mapped to |
| the user space with a different address (user address), which might have |
| an alias issue with the kernel address used to copy the data from the |
| user to. |
| |
| Fix this issue by flushing dcache in copy_huge_page_from_user(). |
| |
| Link: https://lkml.kernel.org/r/20220210123058.79206-4-songmuchun@bytedance.com |
| Fixes: fa4d75c1de13 ("userfaultfd: hugetlbfs: add copy_huge_page_from_user for hugetlb userfaultfd support") |
| Signed-off-by: Muchun Song <songmuchun@bytedance.com> |
| Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com> |
| Cc: Axel Rasmussen <axelrasmussen@google.com> |
| Cc: David Rientjes <rientjes@google.com> |
| Cc: Fam Zheng <fam.zheng@bytedance.com> |
| Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> |
| Cc: Lars Persson <lars.persson@axis.com> |
| Cc: Peter Xu <peterx@redhat.com> |
| Cc: Xiongchun Duan <duanxiongchun@bytedance.com> |
| Cc: Zi Yan <ziy@nvidia.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| mm/memory.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/mm/memory.c |
| +++ b/mm/memory.c |
| @@ -5467,6 +5467,8 @@ long copy_huge_page_from_user(struct pag |
| if (rc) |
| break; |
| |
| + flush_dcache_page(subpage); |
| + |
| cond_resched(); |
| } |
| return ret_val; |