nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

mm: lock newly mapped VMA which can be modified after it becomes visible

Browse source 
mmap_region adds a newly created VMA into VMA tree and might modify it
afterwards before dropping the mmap_lock.  This poses a problem for page
faults handled under per-VMA locks because they don't take the mmap_lock
and can stumble on this VMA while it's still being modified.  Currently
this does not pose a problem since post-addition modifications are done
only for file-backed VMAs, which are not handled under per-VMA lock.
However, once support for handling file-backed page faults with per-VMA
locks is added, this will become a race.

Fix this by write-locking the VMA before inserting it into the VMA tree.
Other places where a new VMA is added into VMA tree do not modify it
after the insertion, so do not need the same locking.

Cc: stable@vger.kernel.org
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Suren Baghdasaryan 2023-07-08 12:12:11 -07:00 committed by Linus Torvalds
parent c137381f71
commit 33313a747e
1 changed files with 2 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

2
mm/mmap.c
View file

@ -2812,6 +2812,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
if (vma->vm_file) if (vma->vm_file)
i_mmap_lock_write(vma->vm_file->f_mapping); i_mmap_lock_write(vma->vm_file->f_mapping);
/* Lock the VMA since it is modified after insertion into VMA tree */
vma_start_write(vma);
vma_iter_store(&vmi, vma); vma_iter_store(&vmi, vma);
mm->map_count++; mm->map_count++;
if (vma->vm_file) { if (vma->vm_file) {