We perform VMA lookup in a couple more places which, in theory, can unexpectedly fail to find a VMA. In these cases, correctly indicate failure. Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@xxxxxxxxxx> Reported-by: kernel test robot <oliver.sang@xxxxxxxxx> Closes: https://lore.kernel.org/oe-lkp/202503101328.442cc724-lkp@xxxxxxxxx --- mm/mremap.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/mm/mremap.c b/mm/mremap.c index 0ab0c88072a0..af022e3b89e2 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -1066,10 +1066,13 @@ static unsigned long shrink_vma(struct vma_remap_struct *vrm, * replace the invalidated VMA with the one that may have now been * split. */ - if (drop_lock) + if (drop_lock) { vrm->mmap_locked = false; - else + } else { vrm->vma = vma_lookup(mm, vrm->addr); + if (!vrm->vma) + return -EFAULT; + } return 0; } @@ -1108,6 +1111,8 @@ static unsigned long mremap_to(struct vma_remap_struct *vrm) * this can invalidate the old VMA. Reset. */ vrm->vma = vma_lookup(mm, vrm->addr); + if (!vrm->vma) + return -EFAULT; } if (vrm->remap_type == MREMAP_SHRINK) { -- 2.48.1
