NOMMU: Lock i_mmap_mutex for access to the VMA prio list

BugLink: http://bugs.launchpad.net/bugs/954576 commit 918e556ec214ed2f584e4cac56d7b29e4bb6bf27 upstream. Lock i_mmap_mutex for access to the VMA prio list to prevent concurrent access. Currently, certain parts of the mmap handling are protected by the region mutex, but not all. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: David Howells <dhowells@redhat.com> 2012-02-23 08:50:35 -0500
committer: Luis Henriques <luis.henriques@canonical.com> 2012-03-26 05:26:34 -0400
commit: 5ea05711c36f9d5971c8d4be1497cc3dc086c8b8 (patch)
tree: d45f384570b0c9f4e215a67094d73d7143d5d06f
parent: 8db72667de592d78dc36d7befb5a6b9403ed3521 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/mm/nommu.c b/mm/nommu.c
index 9edc897a397..839775875e7 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -697,9 +697,11 @@ static void add_vma_to_mm(struct mm_struct *mm, struct vm_area_struct *vma)
        if (vma->vm_file) {
                mapping = vma->vm_file->f_mapping;
+                mutex_lock(&mapping->i_mmap_mutex);
                flush_dcache_mmap_lock(mapping);
                vma_prio_tree_insert(vma, &mapping->i_mmap);
                flush_dcache_mmap_unlock(mapping);
+                mutex_unlock(&mapping->i_mmap_mutex);
        }
        /* add the VMA to the tree */
@@ -761,9 +763,11 @@ static void delete_vma_from_mm(struct vm_area_struct *vma)
        if (vma->vm_file) {
                mapping = vma->vm_file->f_mapping;
+                mutex_lock(&mapping->i_mmap_mutex);
                flush_dcache_mmap_lock(mapping);
                vma_prio_tree_remove(vma, &mapping->i_mmap);
                flush_dcache_mmap_unlock(mapping);
+                mutex_unlock(&mapping->i_mmap_mutex);
        }
        /* remove from the MM's tree and list */
@@ -2061,6 +2065,7 @@ int nommu_shrink_inode_mappings(struct inode *inode, size_t size,
        high = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
        down_write(&nommu_region_sem);
+        mutex_lock(&inode->i_mapping->i_mmap_mutex);
        /* search for VMAs that fall within the dead zone */
        vma_prio_tree_foreach(vma, &iter, &inode->i_mapping->i_mmap,
@@ -2068,6 +2073,7 @@ int nommu_shrink_inode_mappings(struct inode *inode, size_t size,
                /* found one - only interested if it's shared out of the page
                 * cache */
                if (vma->vm_flags & VM_SHARED) {
+                        mutex_unlock(&inode->i_mapping->i_mmap_mutex);
                        up_write(&nommu_region_sem);
                        return -ETXTBSY; /* not quite true, but near enough */
                }
@@ -2095,6 +2101,7 @@ int nommu_shrink_inode_mappings(struct inode *inode, size_t size,
                }
        }
+        mutex_unlock(&inode->i_mapping->i_mmap_mutex);
        up_write(&nommu_region_sem);
        return 0;
 }
author	David Howells <dhowells@redhat.com>	2012-02-23 08:50:35 -0500
committer	Luis Henriques <luis.henriques@canonical.com>	2012-03-26 05:26:34 -0400
commit	5ea05711c36f9d5971c8d4be1497cc3dc086c8b8 (patch)
tree	d45f384570b0c9f4e215a67094d73d7143d5d06f
parent	8db72667de592d78dc36d7befb5a6b9403ed3521 (diff)