stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-10-14 23:14:29 +10:00
Code Issues Releases Wiki Activity
b051f70701
linux-stable/mm
History
Sasha Levin b051f70701 mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE 
commit 9614d8bee6 upstream.

With CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using
kmap_local_page(), which requires unmapping in Last-In-First-Out order.

The current code maps dst_pte first, then src_pte, but unmaps them in the
same order (dst_pte, src_pte), violating the LIFO requirement.  This
causes the warning in kunmap_local_indexed():

  WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c
  addr \!= __fix_to_virt(FIX_KMAP_BEGIN + idx)

Fix this by reversing the unmap order to respect LIFO ordering.

This issue follows the same pattern as similar fixes:
- commit eca6828403 ("crypto: skcipher - fix mismatch between mapping and unmapping order")
- commit 8cf57c6df8 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename")

Both of which addressed the same fundamental requirement that kmap_local
operations must follow LIFO ordering.

Link: https://lkml.kernel.org/r/20250731144431.773923-1-sashal@kernel.org
Fixes: adef440691 ("userfaultfd: UFFDIO_MOVE uABI")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-09-09 18:58:15 +02:00
..
damon mm/damon/ops-common: ignore migration request to invalid nodes 2025-08-28 16:31:03 +02:00
kasan kasan: use vmalloc_dump_obj() for vmalloc error reports 2025-08-01 09:48:43 +01:00
kfence
kmsan
backing-dev.c
balloon_compaction.c
bootmem_info.c
cma_debug.c
cma_sysfs.c
cma.c
cma.h
compaction.c
debug_page_alloc.c
debug_page_ref.c
debug_vm_pgtable.c mm/debug_vm_pgtable: clear page table entries at destroy_args() 2025-08-28 16:31:05 +02:00
debug.c
dmapool_test.c
dmapool.c
early_ioremap.c
execmem.c
fadvise.c
fail_page_alloc.c
failslab.c
filemap.c readahead: fix return value of page_cache_next_miss() when no hole is found 2025-08-28 16:30:58 +02:00
folio-compat.c
gup_test.c
gup_test.h
gup.c
highmem.c
hmm.c mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery 2025-08-15 12:14:13 +02:00
huge_memory.c
hugetlb_cgroup.c
hugetlb_vmemmap.c
hugetlb_vmemmap.h
hugetlb.c
hwpoison-inject.c
init-mm.c
internal.h
interval_tree.c
io-mapping.c
ioremap.c
Kconfig
Kconfig.debug
khugepaged.c mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma 2025-08-01 09:48:47 +01:00
kmemleak.c mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock 2025-08-20 18:30:55 +02:00
ksm.c mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() 2025-08-01 09:48:42 +01:00
list_lru.c
maccess.c
madvise.c
Makefile
mapping_dirty_helpers.c
memblock.c
memcontrol-v1.c
memcontrol-v1.h
memcontrol.c
memfd.c
memory_hotplug.c
memory-failure.c mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn 2025-08-28 16:31:05 +02:00
memory-tiers.c
memory.c
mempolicy.c
mempool.c
memremap.c
memtest.c
migrate_device.c
migrate.c
mincore.c
mlock.c
mm_init.c
mm_slot.h
mmap_lock.c
mmap.c
mmu_gather.c
mmu_notifier.c
mmzone.c
mprotect.c
mremap.c
mseal.c
msync.c
nommu.c
numa_emulation.c
numa_memblks.c
numa.c
oom_kill.c
page_alloc.c
page_counter.c
page_ext.c
page_idle.c
page_io.c
page_isolation.c
page_owner.c
page_poison.c
page_reporting.c
page_reporting.h
page_table_check.c
page_vma_mapped.c
page-writeback.c
pagewalk.c
percpu-internal.h
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c
pgalloc-track.h
pgtable-generic.c
process_vm_access.c
ptdump.c mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() 2025-08-20 18:30:55 +02:00
readahead.c
rmap.c
rodata_test.c
secretmem.c fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass 2025-07-10 16:05:09 +02:00
shmem_quota.c
shmem.c
show_mem.c
shrinker_debug.c
shrinker.c
shuffle.c
shuffle.h
slab_common.c
slab.h
slub.c mm, slab: restore NUMA policy support for large kmalloc 2025-08-20 18:30:55 +02:00
sparse-vmemmap.c
sparse.c
swap_cgroup.c
swap_slots.c
swap_state.c
swap.c
swap.h
swapfile.c mm: swap: fix potential buffer overflow in setup_clusters() 2025-08-15 12:14:14 +02:00
truncate.c
usercopy.c
userfaultfd.c mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE 2025-09-09 18:58:15 +02:00
util.c
vma_internal.h
vma.c
vma.h
vmalloc.c mm/vmalloc: leave lazy MMU mode on PTE mapping error 2025-07-17 18:37:14 +02:00
vmpressure.c
vmscan.c mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list 2025-08-01 09:48:44 +01:00
vmstat.c
workingset.c
z3fold.c
zbud.c
zpool.c
zsmalloc.c mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n 2025-08-01 09:48:44 +01:00
zswap.c