diff options
| author | Mel Gorman <mgorman@suse.de> | 2014-10-02 18:47:41 (GMT) |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-10-02 18:57:18 (GMT) |
| commit | d3cb8bf6081b8b7a2dabb1264fe968fd870fa595 (patch) | |
| tree | 50783c31445c93012fe0ded14d4a49a03e0d504c /mm/huge_memory.c | |
| parent | 50dddff3cb9af328dd42bafe3437c7f47e8b38a9 (diff) | |
| download | linux-d3cb8bf6081b8b7a2dabb1264fe968fd870fa595.tar.xz | |
mm: migrate: Close race between migration completion and mprotect
A migration entry is marked as write if pte_write was true at the time the
entry was created. The VMA protections are not double checked when migration
entries are being removed as mprotect marks write-migration-entries as
read. It means that potentially we take a spurious fault to mark PTEs write
again but it's straight-forward. However, there is a race between write
migrations being marked read and migrations finishing. This potentially
allows a PTE to be write that should have been read. Close this race by
double checking the VMA permissions using maybe_mkwrite when migration
completes.
[torvalds@linux-foundation.org: use maybe_mkwrite]
Cc: stable@vger.kernel.org
Signed-off-by: Mel Gorman <mgorman@suse.de>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/huge_memory.c')
0 files changed, 0 insertions, 0 deletions