Skip to content

Commit

Permalink
mm: lock newly mapped VMA which can be modified after it becomes visible
Browse files Browse the repository at this point in the history
mmap_region adds a newly created VMA into VMA tree and might modify it
afterwards before dropping the mmap_lock.  This poses a problem for page
faults handled under per-VMA locks because they don't take the mmap_lock
and can stumble on this VMA while it's still being modified.  Currently
this does not pose a problem since post-addition modifications are done
only for file-backed VMAs, which are not handled under per-VMA lock.
However, once support for handling file-backed page faults with per-VMA
locks is added, this will become a race.

Fix this by write-locking the VMA before inserting it into the VMA tree.
Other places where a new VMA is added into VMA tree do not modify it
after the insertion, so do not need the same locking.

Cc: [email protected]
Signed-off-by: Suren Baghdasaryan <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
surenbaghdasaryan authored and torvalds committed Jul 8, 2023
1 parent c137381 commit 33313a7
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions mm/mmap.c
Original file line number Diff line number Diff line change
Expand Up @@ -2812,6 +2812,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
if (vma->vm_file)
i_mmap_lock_write(vma->vm_file->f_mapping);

/* Lock the VMA since it is modified after insertion into VMA tree */
vma_start_write(vma);
vma_iter_store(&vmi, vma);
mm->map_count++;
if (vma->vm_file) {
Expand Down

0 comments on commit 33313a7

Please sign in to comment.