NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

FROMLIST: mm/mmap: write-lock VMAs affected by VMA expansion

Browse source 
vma_expand changes VMA boundaries and might result in freeing an adjacent
VMA. Write-lock affected VMAs to prevent concurrent page faults.

Signed-off-by: Suren Baghdasaryan <surenb@google.com>

Link: https://lore.kernel.org/all/20230109205336.3665937-22-surenb@google.com/
[surenb: using older v1 of patchset due to __vma_adjust() being removed
in 6.2-rc4]
[surenb: lock next earlier when removing it like we do in v3:
https://lore.kernel.org/all/20230216051750.3125598-18-surenb@google.com/]

Bug: 161210518
Change-Id: I31aff80996b4ad646bdd6861ff6479c8eb2a690a
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This commit is contained in:
Suren Baghdasaryan 2023-01-09 12:53:16 -08:00 committed by Carlos Llamas
parent 57b3f8a5ab
commit 2554cb4775
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
mm/mmap.c
View file

@ -528,6 +528,8 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
if (next && (vma != next) && (end == next->vm_end)) {
remove_next = true;
/* Lock the VMA before removing it */
vma_start_write(next);
if (next->anon_vma && !vma->anon_vma) {
int error;
@ -548,6 +550,7 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
if (mas_preallocate(mas, vma, GFP_KERNEL))
goto nomem;
vma_start_write(vma);
vma_adjust_trans_huge(vma, start, end, 0);
if (file) {