From: Jeremy Fitzhardinge <jeremy@goop.org>
Date: Tue, 25 Sep 2007 18:50:00 +0000 (-0700)
Subject: xen: execve's error paths don't pin the mm before unpinning
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=df912ea4ae7233d1504fbd861ee127bd7ee5781d;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

xen: execve's error paths don't pin the mm before unpinning

execve's error paths don't activate (and therefore pin) the mm before
calling exit_mmap to free it up, so don't try to unpin unless it is
actually pinned.  This prevents a BUG_ON from triggering.

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Cc: Christian Ostheimer <osth@freesurf.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/arch/i386/xen/mmu.c b/arch/i386/xen/mmu.c
index 4ae038aa6c24..874db0cd1d2a 100644
--- a/arch/i386/xen/mmu.c
+++ b/arch/i386/xen/mmu.c
@@ -559,6 +559,9 @@ void xen_exit_mmap(struct mm_struct *mm)
 	put_cpu();
 
 	spin_lock(&mm->page_table_lock);
-	xen_pgd_unpin(mm->pgd);
+
+	/* pgd may not be pinned in the error exit path of execve */
+	if (PagePinned(virt_to_page(mm->pgd)))
+		xen_pgd_unpin(mm->pgd);
 	spin_unlock(&mm->page_table_lock);
 }