[PATCH] mm/mmap: Fix locking issues in vma_expand()
From: Liam Howlett
Date: Tue Jul 12 2022 - 10:49:59 EST
Hugh noted that the locking was mixed up in vma_expand(), revert to the
correct order.
Fixes: b2c87578e0ea (mm/mmap: use advanced maple tree API for mmap_region())
Suggested-by: Hugh Dickins <hughd@xxxxxxxxxx>
Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
---
mm/mmap.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/mm/mmap.c b/mm/mmap.c
index 9eb663cde5c7..9a07bc18e6aa 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -574,7 +574,8 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
if (next->anon_vma && !vma->anon_vma) {
int error;
- vma->anon_vma = next->anon_vma;
+ anon_vma = next->anon_vma;
+ vma->anon_vma = anon_vma;
error = anon_vma_clone(vma, next);
if (error)
return error;
@@ -592,16 +593,19 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
vma_adjust_trans_huge(vma, start, end, 0);
+ if (file) {
+ mapping = file->f_mapping;
+ root = &mapping->i_mmap;
+ uprobe_munmap(vma, vma->vm_start, vma->vm_end);
+ i_mmap_lock_write(mapping);
+ }
+
if (anon_vma) {
anon_vma_lock_write(anon_vma);
anon_vma_interval_tree_pre_update_vma(vma);
}
if (file) {
- mapping = file->f_mapping;
- root = &mapping->i_mmap;
- uprobe_munmap(vma, vma->vm_start, vma->vm_end);
- i_mmap_lock_write(mapping);
flush_dcache_mmap_lock(mapping);
vma_interval_tree_remove(vma, root);
}
@@ -622,16 +626,15 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
__remove_shared_vm_struct(next, file, mapping);
}
- if (file) {
- i_mmap_unlock_write(mapping);
- uprobe_mmap(vma);
- }
-
if (anon_vma) {
anon_vma_interval_tree_post_update_vma(vma);
anon_vma_unlock_write(anon_vma);
}
+ if (file) {
+ i_mmap_unlock_write(mapping);
+ uprobe_mmap(vma);
+ }
if (remove_next) {
if (file) {
--
2.35.1