[PATCH 5/5] riscv: mm: Fix TOCTOU race in remove_pte_mapping
David Hildenbrand (Arm)
david at kernel.org
Thu Apr 9 05:32:56 PDT 2026
On 4/9/26 11:11, Michael Neuling wrote:
> remove_pte_mapping() reads the PTE via ptep_get() (a READ_ONCE) into a
> local variable, but then checks pte_present(*ptep) by dereferencing the
> pointer directly, reading the PTE a second time. If another CPU modifies
> the PTE between the two reads
Is that even possible?
The code does not use any locking, so nothing would be safe here if
races could happen, no?
--
Cheers,
David
More information about the linux-riscv
mailing list