On Thu, May 29, 2025 at 03:56:48PM +0000, Pu Lehui wrote:
From: Pu Lehui pulehui@huawei.com
When executing move_ptes, the new_pte must be NULL, otherwise it will be overwritten by the old_pte, and cause the abnormal new_pte to be leaked. In order to make this problem to be more explicit, let's add WARN_ON_ONCE when new_pte is not NULL.
Suggested-by: Oleg Nesterov oleg@redhat.com Signed-off-by: Pu Lehui pulehui@huawei.com
Reviewed-by: Lorenzo Stoakes lorenzo.stoakes@oracle.com
(both this and the amended version :)
mm/mremap.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/mm/mremap.c b/mm/mremap.c index 83e359754961..4e2491f8c2ce 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -237,6 +237,8 @@ static int move_ptes(struct pagetable_move_control *pmc,
for (; old_addr < old_end; old_pte++, old_addr += PAGE_SIZE, new_pte++, new_addr += PAGE_SIZE) {
WARN_ON_ONCE(!pte_none(*new_pte));
I mean, we really really should not ever be seeing a mapped PTE here, so I think a WARN_ON_ONCE() is fine.
We unmap anything ahead of time, and only I think this uprobe breakpoint installation would ever cause this to be the case.
We can make this a VM_WARN_ON_ONCE() too I suppose, just in case there's something we're not thinking of, but I'd say at some point we'd want to change it to a WARN_ON_ONCE().
if (pte_none(ptep_get(old_pte))) continue;
-- 2.34.1