Re: [PATCH 5/5] riscv: mm: Fix TOCTOU race in remove_pte_mapping

Next message: Russell King (Oracle): "Re: [PATCH net v2 2/2] net: phy: micrel: remove ksz9131_resume()"
Previous message: Luca Ceresoli: "Re: [PATCH v4 1/4] drm: renesas: rz-du: rzg2l_du_encoder: convert to of_drm_find_and_get_bridge()"
In reply to: Michael Neuling: "[PATCH 5/5] riscv: mm: Fix TOCTOU race in remove_pte_mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Thu Apr 09 2026 - 08:33:24 EST

On 4/9/26 11:11, Michael Neuling wrote:
> remove_pte_mapping() reads the PTE via ptep_get() (a READ_ONCE) into a
> local variable, but then checks pte_present(*ptep) by dereferencing the
> pointer directly, reading the PTE a second time. If another CPU modifies
> the PTE between the two reads
Is that even possible?

The code does not use any locking, so nothing would be safe here if
races could happen, no?

--
Cheers,

David