From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Morton Date: Sat, 14 Jan 2017 00:13:34 +0000 Subject: Re: [patch v2 linux-next] userfaultfd: hugetlbfs: unmap the correct pointer Message-Id: <20170113161334.54b60e832af9fb0c51307806@linux-foundation.org> List-Id: References: <20170113082608.GA3548@mwanda> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Hugh Dickins Cc: Dan Carpenter , Mike Kravetz , "Kirill A. Shutemov" , Jan Kara , Ross Zwisler , Michal Hocko , Lorenzo Stoakes , Dan Williams , "Aneesh Kumar K.V" , linux-mm@kvack.org, kernel-janitors@vger.kernel.org On Fri, 13 Jan 2017 16:02:37 -0800 (PST) Hugh Dickins wrote: > On Fri, 13 Jan 2017, Dan Carpenter wrote: > > > kunmap_atomic() and kunmap() take different pointers. People often get > > these mixed up. > > > > Fixes: 16374db2e9a0 ("userfaultfd: hugetlbfs: fix __mcopy_atomic_hugetlb retry/error processing") > > Signed-off-by: Dan Carpenter > > --- > > v2: I was also unmapping the wrong pointer because I had a typo. > > > > diff --git a/mm/memory.c b/mm/memory.c > > index 6012a05..aca8ef6 100644 > > --- a/mm/memory.c > > +++ b/mm/memory.c > > @@ -4172,7 +4172,7 @@ long copy_huge_page_from_user(struct page *dst_page, > > (const void __user *)(src + i * PAGE_SIZE), > > PAGE_SIZE); > > if (allow_pagefault) > > - kunmap(page_kaddr); > > + kunmap(page_kaddr + i); > > else > > kunmap_atomic(page_kaddr); > > I think you need to look at that again. > um, yup. --- a/mm/memory.c~userfaultfd-hugetlbfs-fix-__mcopy_atomic_hugetlb-retry-error-processing-fix-fix +++ a/mm/memory.c @@ -4172,7 +4172,7 @@ long copy_huge_page_from_user(struct pag (const void __user *)(src + i * PAGE_SIZE), PAGE_SIZE); if (allow_pagefault) - kunmap(page_kaddr + i); + kunmap(dst_page + i); else kunmap_atomic(page_kaddr); _