Skip to content

Commit 56ae10c

Browse files
Ryan Robertsakpm00
Ryan Roberts
authored and
akpm00
committed
mm/userfaultfd: UFFDIO_MOVE implementation should use ptep_get()
Commit c33c794 ("mm: ptep_get() conversion") converted all (non-arch) call sites to use ptep_get() instead of doing a direct dereference of the pte. Full rationale can be found in that commit's log. Since then, UFFDIO_MOVE has been implemented which does 7 direct pte dereferences. Let's fix those up to use ptep_get(). I've asserted in the past that there is no reliable automated mechanism to catch these; I'm relying on a combination of Coccinelle (which throws up a lot of false positives) and some compiler magic to force a compiler error on dereference. But given the frequency with which new issues are coming up, I'll add it to my todo list to try to find an automated solution. Link: https://lkml.kernel.org/r/20240123141755.3836179-1-ryan.roberts@arm.com Fixes: adef440 ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Ryan Roberts <ryan.roberts@arm.com> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: David Hildenbrand <david@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1 parent c1be35a commit 56ae10c

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

mm/userfaultfd.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -902,8 +902,8 @@ static int move_present_pte(struct mm_struct *mm,
902902

903903
double_pt_lock(dst_ptl, src_ptl);
904904

905-
if (!pte_same(*src_pte, orig_src_pte) ||
906-
!pte_same(*dst_pte, orig_dst_pte)) {
905+
if (!pte_same(ptep_get(src_pte), orig_src_pte) ||
906+
!pte_same(ptep_get(dst_pte), orig_dst_pte)) {
907907
err = -EAGAIN;
908908
goto out;
909909
}
@@ -946,8 +946,8 @@ static int move_swap_pte(struct mm_struct *mm,
946946

947947
double_pt_lock(dst_ptl, src_ptl);
948948

949-
if (!pte_same(*src_pte, orig_src_pte) ||
950-
!pte_same(*dst_pte, orig_dst_pte)) {
949+
if (!pte_same(ptep_get(src_pte), orig_src_pte) ||
950+
!pte_same(ptep_get(dst_pte), orig_dst_pte)) {
951951
double_pt_unlock(dst_ptl, src_ptl);
952952
return -EAGAIN;
953953
}
@@ -1016,15 +1016,15 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
10161016
}
10171017

10181018
spin_lock(dst_ptl);
1019-
orig_dst_pte = *dst_pte;
1019+
orig_dst_pte = ptep_get(dst_pte);
10201020
spin_unlock(dst_ptl);
10211021
if (!pte_none(orig_dst_pte)) {
10221022
err = -EEXIST;
10231023
goto out;
10241024
}
10251025

10261026
spin_lock(src_ptl);
1027-
orig_src_pte = *src_pte;
1027+
orig_src_pte = ptep_get(src_pte);
10281028
spin_unlock(src_ptl);
10291029
if (pte_none(orig_src_pte)) {
10301030
if (!(mode & UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES))
@@ -1054,7 +1054,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd,
10541054
* page isn't freed under us
10551055
*/
10561056
spin_lock(src_ptl);
1057-
if (!pte_same(orig_src_pte, *src_pte)) {
1057+
if (!pte_same(orig_src_pte, ptep_get(src_pte))) {
10581058
spin_unlock(src_ptl);
10591059
err = -EAGAIN;
10601060
goto out;

0 commit comments

Comments
 (0)