From f8d9ffe2427b38d683da2391b43a65fe96df5a88 Mon Sep 17 00:00:00 2001 From: Minchan Kim Date: Thu, 18 Mar 2021 13:34:52 -0700 Subject: [PATCH] ANDROID: mm: page_pinner: use put_user_page at get_futex_key get_futex_key uses get_user_pages_fast so close the false positive by using pin_user_page. Page pinned via pid 686, ts 20096178239 ns PFN 86760 Block 169 type Movable Flags 0xfffffc0080016(referenced|uptodate|lru|swapbacked) try_grab_compound_head+0x1e8/0x240 internal_get_user_pages_fast+0x66d/0xca0 get_futex_key+0x8e/0x440 futex_wake+0x67/0x180 do_futex+0x7c5/0xb20 mm_release+0xb6/0xc0 do_exit+0x1dc/0xa40 __x64_sys_exit+0x17/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Bug: 183414571 Signed-off-by: Minchan Kim Signed-off-by: Minchan Kim Change-Id: I217b2712782eb571e68191d201e3781f57caf4d9 --- kernel/futex.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/futex.c b/kernel/futex.c index e71fa668d514..974553af8184 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -588,7 +588,7 @@ static int get_futex_key(u32 __user *uaddr, bool fshared, union futex_key *key, lock_page(page); shmem_swizzled = PageSwapCache(page) || page->mapping; unlock_page(page); - put_page(page); + put_user_page(page); if (shmem_swizzled) goto again; @@ -638,7 +638,7 @@ static int get_futex_key(u32 __user *uaddr, bool fshared, union futex_key *key, if (READ_ONCE(page->mapping) != mapping) { rcu_read_unlock(); - put_page(page); + put_user_page(page); goto again; } @@ -646,7 +646,7 @@ static int get_futex_key(u32 __user *uaddr, bool fshared, union futex_key *key, inode = READ_ONCE(mapping->host); if (!inode) { rcu_read_unlock(); - put_page(page); + put_user_page(page); goto again; } @@ -658,7 +658,7 @@ static int get_futex_key(u32 __user *uaddr, bool fshared, union futex_key *key, } out: - put_page(page); + put_user_page(page); return err; }