On Thu, 18 Apr 2019, Dave Hansen wrote:
On 4/18/19 11:29 AM, Sasha Levin wrote:
This commit has been processed because it contains a "Fixes:" tag, fixing commit: 1de4fa14ee25 x86, mpx: Cleanup unused bound tables.
The bot has tested the following trees: v5.0.8, v4.19.35, v4.14.112, v4.9.169, v4.4.178.
v5.0.8: Build OK! v4.19.35: Failed to apply! Possible dependencies: dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap")
I probably should have looked more closely at the state of the code before dd2283f2605e. A more correct Fixes: would probably have referred to dd2283f2605e. *It* appears to be the root cause rather than the original MPX code that I called out.
The pre-dd2283f2605e code does this:
/* * Remove the vma's, and unmap the actual pages */ detach_vmas_to_be_unmapped(mm, vma, prev, end); unmap_region(mm, vma, prev, start, end); arch_unmap(mm, vma, start, end); /* Fix up all other VM information */ remove_vma_list(mm, vma);
But, this is actually safe. arch_unmap() can't see 'vma' in the rbtree because it's been detached, so it can't do anything to 'vma' that might be unsafe for remove_vma_list()'s use of 'vma'.
The bug in dd2283f2605e was moving unmap_region() to the after arch_unmap().
I confirmed this by running the reproducer on v4.19.35. It did not trigger anything there, even with a bunch of debugging enabled which detected the issue in 5.0.
I'l amend the commit to avoid further confusion.
Thanks,
tglx