Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 4057923614e2868a865aa6c6e3bc53542c818d4d^! / .
commit4057923614e2868a865aa6c6e3bc53542c818d4d[log] [tgz]
authorAndi Kleen <ak@suse.de>Fri May 20 14:27:57 2005 -0700
committerLinus Torvalds <torvalds@ppc970.osdl.org>Fri May 20 15:48:20 2005 -0700
tree0a6a2b492eaa11897538a06655685474b961df44
parent7856dfeb23c16ef3d8dac8871b4d5b93c70b59b9 [diff]
[PATCH] i386: Fix race in iounmap

We need to hold the vmlist_lock while doing change_page_attr, otherwise we
could reset someone else's mapping.

Requires previous patch to add __remove_vm_area

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/arch/i386/mm/ioremap.c b/arch/i386/mm/ioremap.c
index db06f73..ab54279 100644
--- a/arch/i386/mm/ioremap.c
+++ b/arch/i386/mm/ioremap.c

@@ -238,19 +238,21 @@
 			addr < phys_to_virt(ISA_END_ADDRESS))
 		return;
 
-	p = remove_vm_area((void *) (PAGE_MASK & (unsigned long __force) addr));
+	write_lock(&vmlist_lock);
+	p = __remove_vm_area((void *) (PAGE_MASK & (unsigned long __force) addr));
 	if (!p) { 
-		printk("__iounmap: bad address %p\n", addr);
-		return;
+		printk("iounmap: bad address %p\n", addr);
+		goto out_unlock;
 	}
 
 	if ((p->flags >> 20) && p->phys_addr < virt_to_phys(high_memory) - 1) {
-		/* p->size includes the guard page, but cpa doesn't like that */
 		change_page_attr(virt_to_page(__va(p->phys_addr)),
 				 p->size >> PAGE_SHIFT,
 				 PAGE_KERNEL);
 		global_flush_tlb();
 	} 
+out_unlock:
+	write_unlock(&vmlist_lock);
 	kfree(p); 
 }