fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()

When iterating the VMAs, the maple state needs to be invalidated if the tree is modified by a split or merge to ensure the maple tree node contained in the maple state is still valid. These invalidations were missed, so add them to the paths which alter the tree. Reported-by: [email protected] Fixes: 69dbe6d (userfaultfd: use maple tree iterator to iterate VMAs) Signed-off-by: Liam R. Howlett <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
josf · Nov 7, 2022 · 59f2f4b · 59f2f4b
1 parent a1de832
commit 59f2f4b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
@@ -1630,17 +1630,20 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx,
 				 NULL_VM_UFFD_CTX, anon_vma_name(vma));
 		if (prev) {
 			vma = prev;
+			mas_pause(&mas);
 			goto next;
 		}
 		if (vma->vm_start < start) {
 			ret = split_vma(mm, vma, start, 1);
 			if (ret)
 				break;
+			mas_pause(&mas);
 		}
 		if (vma->vm_end > end) {
 			ret = split_vma(mm, vma, end, 0);
 			if (ret)
 				break;
+			mas_pause(&mas);
 		}
 	next:
 		/*