The patch titled
Subject: mm/mmap: fix locking issues in vma_expand()
has been added to the -mm mm-unstable branch. Its filename is
mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix.patch
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Liam Howlett <liam.howlett@xxxxxxxxxx>
Subject: mm/mmap: fix locking issues in vma_expand()
Date: Tue, 12 Jul 2022 14:49:43 +0000
Hugh noted that the locking was mixed up in vma_expand(), revert to the
correct order.
Link: https://lkml.kernel.org/r/20220712144926.4190769-1-Liam.Howlett@xxxxxxxxxx
Fixes: b2c87578e0ea (mm/mmap: use advanced maple tree API for mmap_region())
Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
Suggested-by: Hugh Dickins <hughd@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/mmap.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
--- a/mm/mmap.c~mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix
+++ a/mm/mmap.c
@@ -677,7 +677,8 @@ inline int vma_expand(struct ma_state *m
if (next->anon_vma && !vma->anon_vma) {
int error;
- vma->anon_vma = next->anon_vma;
+ anon_vma = next->anon_vma;
+ vma->anon_vma = anon_vma;
error = anon_vma_clone(vma, next);
if (error)
return error;
@@ -695,16 +696,19 @@ inline int vma_expand(struct ma_state *m
vma_adjust_trans_huge(vma, start, end, 0);
+ if (file) {
+ mapping = file->f_mapping;
+ root = &mapping->i_mmap;
+ uprobe_munmap(vma, vma->vm_start, vma->vm_end);
+ i_mmap_lock_write(mapping);
+ }
+
if (anon_vma) {
anon_vma_lock_write(anon_vma);
anon_vma_interval_tree_pre_update_vma(vma);
}
if (file) {
- mapping = file->f_mapping;
- root = &mapping->i_mmap;
- uprobe_munmap(vma, vma->vm_start, vma->vm_end);
- i_mmap_lock_write(mapping);
flush_dcache_mmap_lock(mapping);
vma_interval_tree_remove(vma, root);
}
@@ -735,16 +739,15 @@ inline int vma_expand(struct ma_state *m
mm->highest_vm_end = vm_end_gap(vma);
}
- if (file) {
- i_mmap_unlock_write(mapping);
- uprobe_mmap(vma);
- }
-
if (anon_vma) {
anon_vma_interval_tree_post_update_vma(vma);
anon_vma_unlock_write(anon_vma);
}
+ if (file) {
+ i_mmap_unlock_write(mapping);
+ uprobe_mmap(vma);
+ }
if (remove_next) {
if (file) {
_
Patches currently in -mm which might be from liam.howlett@xxxxxxxxxx are
android-binder-fix-lockdep-check-on-clearing-vma.patch
maple-tree-add-new-data-structure-fix.patch
maple-tree-add-new-data-structure-fix-2.patch
maple-tree-add-new-data-structure-fix-3.patch
maple-tree-add-new-data-structure-fix-4.patch
lib-test_maple_tree-add-testing-for-maple-tree-fix.patch
lib-test_maple_tree-add-testing-for-maple-tree-fix-2.patch
lib-test_maple_tree-add-testing-for-maple-tree-fix-3.patch
mm-mmap-change-do_brk_flags-to-expand-existing-vma-and-add-do_brk_munmap-fix.patch
mm-mmap-use-advanced-maple-tree-api-for-mmap_region-fix.patch
mm-remove-the-vma-linked-list-fix-3.patch
mm-mlock-drop-dead-code-in-count_mm_mlocked_page_nr.patch
