From: Miaohe Lin <linmiaohe@huawei.com>
Date: Mon, 23 Aug 2021 23:59:09 +0000 (+1000)
Subject: mm: gup: fix potential pgmap refcnt leak in __gup_device_huge()
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=7912ac5e0be88bbd9b4dc997588e04b42a890642;p=users%2Fjedix%2Flinux-maple.git

mm: gup: fix potential pgmap refcnt leak in __gup_device_huge()

When failed to try_grab_page, put_dev_pagemap() is missed.  So pgmap
refcnt will leak in this case.  Also we remove the check for pgmap against
NULL as it's also checked inside the put_dev_pagemap().

Link: https://lkml.kernel.org/r/20210807093620.21347-5-linmiaohe@huawei.com
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Fixes: 3faa52c03f44 ("mm/gup: track FOLL_PIN pages")
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---

diff --git a/mm/gup.c b/mm/gup.c
index 9f5b9a93ae21..94f886562688 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -2253,14 +2253,14 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr,
 		pages[*nr] = page;
 		if (unlikely(!try_grab_page(page, flags))) {
 			undo_dev_pagemap(nr, nr_start, flags, pages);
+			put_dev_pagemap(pgmap);
 			return 0;
 		}
 		(*nr)++;
 		pfn++;
 	} while (addr += PAGE_SIZE, addr != end);
 
-	if (pgmap)
-		put_dev_pagemap(pgmap);
+	put_dev_pagemap(pgmap);
 	return 1;
 }