[PATCH 4.18 030/228] RDMA/i40w: Hold read semaphore while looking after VMA

From: Greg Kroah-Hartman
Date: Tue Oct 02 2018 - 10:14:30 EST


4.18-stable review patch. If anyone has any objections, please let me know.

------------------

From: Leon Romanovsky <leonro@xxxxxxxxxxxx>

[ Upstream commit 5d9a2b0e28759e319a623da33940dbb3ce952b7d ]

VMA lookup is supposed to be performed while mmap_sem is held.

Fixes: f26c7c83395b ("i40iw: Add 2MB page support")
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 ++
1 file changed, 2 insertions(+)

--- a/drivers/infiniband/hw/i40iw/i40iw_verbs.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_verbs.c
@@ -1409,6 +1409,7 @@ static void i40iw_set_hugetlb_values(u64
struct vm_area_struct *vma;
struct hstate *h;

+ down_read(&current->mm->mmap_sem);
vma = find_vma(current->mm, addr);
if (vma && is_vm_hugetlb_page(vma)) {
h = hstate_vma(vma);
@@ -1417,6 +1418,7 @@ static void i40iw_set_hugetlb_values(u64
iwmr->page_msk = huge_page_mask(h);
}
}
+ up_read(&current->mm->mmap_sem);
}

/**