The patch titled
Subject: mm/mmap: allow vma_expand() to lock both anon and file locks
has been added to the -mm mm-unstable branch. Its filename is
mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix-3.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix-3.patch
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Liam Howlett <liam.howlett@xxxxxxxxxx>
Subject: mm/mmap: allow vma_expand() to lock both anon and file locks
Date: Thu, 16 Jun 2022 18:33:06 +0000
vma_expand() was only locking either file or anon based locks but could
unlock both. This caused a locking error in trinity fuzzer. Allow both
locks to be taken and released.
Link: https://lkml.kernel.org/r/20220616183258.1153609-1-Liam.Howlett@xxxxxxxxxx
Fixes: a5985220056d (mm/mmap: use advanced maple tree API for mmap_region())
Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/mmap.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
--- a/mm/mmap.c~mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix-3
+++ a/mm/mmap.c
@@ -694,6 +694,11 @@ inline int vma_expand(struct ma_state *m
vma_adjust_trans_huge(vma, start, end, 0);
+ if (anon_vma) {
+ anon_vma_lock_write(anon_vma);
+ anon_vma_interval_tree_pre_update_vma(vma);
+ }
+
if (file) {
mapping = file->f_mapping;
root = &mapping->i_mmap;
@@ -701,9 +706,6 @@ inline int vma_expand(struct ma_state *m
i_mmap_lock_write(mapping);
flush_dcache_mmap_lock(mapping);
vma_interval_tree_remove(vma, root);
- } else if (anon_vma) {
- anon_vma_lock_write(anon_vma);
- anon_vma_interval_tree_pre_update_vma(vma);
}
vma->vm_start = start;
@@ -732,15 +734,16 @@ inline int vma_expand(struct ma_state *m
mm->highest_vm_end = vm_end_gap(vma);
}
+ if (file) {
+ i_mmap_unlock_write(mapping);
+ uprobe_mmap(vma);
+ }
+
if (anon_vma) {
anon_vma_interval_tree_post_update_vma(vma);
anon_vma_unlock_write(anon_vma);
}
- if (file) {
- i_mmap_unlock_write(mapping);
- uprobe_mmap(vma);
- }
if (remove_next) {
if (file) {
_
Patches currently in -mm which might be from liam.howlett@xxxxxxxxxx are
maple-tree-add-new-data-structure-fix.patch
maple-tree-add-new-data-structure-fix-2.patch
maple-tree-add-new-data-structure-fix-3.patch
maple-tree-add-new-data-structure-fix-4.patch
maple-tree-add-new-data-structure-fix-7.patch
maple-tree-add-new-data-structure-fix-8.patch
maple-tree-add-new-data-structure-fix-9.patch
lib-test_maple_tree-add-testing-for-maple-tree-fix.patch
lib-test_maple_tree-add-testing-for-maple-tree-fix-2.patch
mm-start-tracking-vmas-with-maple-tree-fix-2.patch
mm-start-tracking-vmas-with-maple-tree-fix-3.patch
mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix-2.patch
mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix-3.patch
mm-mmap-change-do_brk_munmap-to-use-do_mas_align_munmap-fix.patch
mm-remove-the-vma-linked-list-fix.patch
mm-mlock-drop-dead-code-in-count_mm_mlocked_page_nr.patch
