diff options
author | Peter Xu <peterx@redhat.com> | 2020-04-08 04:40:10 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-04-08 05:34:31 +0300 |
commit | c7b6a566b98524baea6a244186e665d22b633545 (patch) | |
tree | 00b778f01a2928b56a1221a1e291b06089ff8833 | |
parent | ba841078cd0557b43b59c63f5c048b12168f0db2 (diff) | |
download | linux-c7b6a566b98524baea6a244186e665d22b633545.tar.xz |
mm/gup: Mark lock taken only after a successful retake
It's definitely incorrect to mark the lock as taken even if
down_read_killable() failed.
This wass overlooked when we switched from down_read() to
down_read_killable() because down_read() won't fail while
down_read_killable() could.
Fixes: 71335f37c5e8 ("mm/gup: allow to react to fatal signals")
Reported-by: syzbot+a8c70b7f3579fc0587dc@syzkaller.appspotmail.com
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | mm/gup.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1329,7 +1329,6 @@ retry: if (fatal_signal_pending(current)) break; - *locked = 1; ret = down_read_killable(&mm->mmap_sem); if (ret) { BUG_ON(ret > 0); @@ -1338,6 +1337,7 @@ retry: break; } + *locked = 1; ret = __get_user_pages(tsk, mm, start, 1, flags | FOLL_TRIED, pages, NULL, locked); if (!*locked) { |