Hi Matthew,
On Fri, 28 Jul 2023 00:49:50 +0100 Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>
> On Fri, Jul 28, 2023 at 09:18:49AM +1000, Stephen Rothwell wrote:
> > diff --cc mm/memory.c
> > index ca632b58f792,271982fab2b8..000000000000
> > --- a/mm/memory.c
> > +++ b/mm/memory.c
> > @@@ -5392,32 -5597,18 +5597,21 @@@ retry
> > if (!vma)
> > goto inval;
> >
> > - /* Only anonymous and tcp vmas are supported for now */
> > - if (!vma_is_anonymous(vma) && !vma_is_tcp(vma))
> > - /* find_mergeable_anon_vma uses adjacent vmas which are not locked */
> > - if (vma_is_anonymous(vma) && !vma->anon_vma)
> > -- goto inval;
> > --
> > if (!vma_start_read(vma))
> > goto inval;
> >
> > + /*
> > + * find_mergeable_anon_vma uses adjacent vmas which are not locked.
> > + * This check must happen after vma_start_read(); otherwise, a
> > + * concurrent mremap() with MREMAP_DONTUNMAP could dissociate the VMA
> > + * from its anon_vma.
> > + */
> > - if (unlikely(!vma->anon_vma && !vma_is_tcp(vma)))
> > - goto inval_end_read;
> > -
> > - /*
> > - * Due to the possibility of userfault handler dropping mmap_lock, avoid
> > - * it for now and fall back to page fault handling under mmap_lock.
> > - */
> > - if (userfaultfd_armed(vma))
> > ++ if (unlikely(vma_is_anonymous(vma) && !vma_is_tcp(vma)))
> > + goto inval_end_read;
> > +
>
> No, this isn't right. It should be:
>
> if (unlikely(vma_is_anonymous(vma) && !vma->anon_vma))
> goto inval_end_read;
Yeah, see my second attempt.
> I'm not sure about the userfaultfd_armed() clause. My patch wasn't
> intended to affect that.
That was removed by commit
69f6bbd1317f ("mm: handle userfaults under VMA lock")
in the mm branch.
--
Cheers,
Stephen Rothwell
Attachment:
pgpIOcGtGRp88.pgp
Description: OpenPGP digital signature
