From: Liam Howlett <liam.howlett@xxxxxxxxxx>
[ Upstream commit f829b4b212a315b912cb23fd10aaf30534bb5ce9 ]
When the superuser flushes the entire cache, the mmap_read_lock() is not
taken, but mmap_read_unlock() is called. Add the missing
mmap_read_lock() call.
Cc: stable@xxxxxxxxxx # <= 5.7.y
Fixes: cd2567b6850b1648 ("m68k: call find_vma with the mmap_sem held in sys_cacheflush()")
Signed-off-by: Liam Howlett <liam.howlett@xxxxxxxxxx>
Reviewed-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20210407200032.764445-1-Liam.Howlett@xxxxxxxxxx
Signed-off-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
Signed-off-by: Finn Thain <fthain@xxxxxxxxxxxxxx>
---
The original commit was backported as far as 5.10.y but never made it into
4.19.y or 5.4.y.
mmap_read_lock() was unavailable prior to v5.8, being introduced in commit
d8ed45c5dcd4 ("mmap locking API: use coccinelle to convert mmap_sem rwsem
call sites"), so this backport uses down_read() instead.
---
arch/m68k/kernel/sys_m68k.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/m68k/kernel/sys_m68k.c b/arch/m68k/kernel/sys_m68k.c
index 6363ec83a290..38dcc1a2097d 100644
--- a/arch/m68k/kernel/sys_m68k.c
+++ b/arch/m68k/kernel/sys_m68k.c
@@ -388,6 +388,8 @@ sys_cacheflush (unsigned long addr, int scope, int cache, unsigned long len)
ret = -EPERM;
if (!capable(CAP_SYS_ADMIN))
goto out;
+
+ down_read(¤t->mm->mmap_sem);
} else {
struct vm_area_struct *vma;
--
2.39.5
