1 files changed, 13 insertions, 6 deletions

diff --git a/mm/mprotect.c b/mm/mprotect.c
index 57577f63b305..17a2b52b753b 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -29,8 +29,9 @@ static void change_pte_range(struct mm_struct *mm, pmd_t *pmd,
                 unsigned long addr, unsigned long end, pgprot_t newprot)
 {
         pte_t *pte;
+        spinlock_t *ptl;
 
-        pte = pte_offset_map(pmd, addr);
+        pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
         do {
                 if (pte_present(*pte)) {
                         pte_t ptent;
@@ -44,7 +45,7 @@ static void change_pte_range(struct mm_struct *mm, pmd_t *pmd,
                         lazy_mmu_prot_update(ptent);
                 }
         } while (pte++, addr += PAGE_SIZE, addr != end);
-        pte_unmap(pte - 1);
+        pte_unmap_unlock(pte - 1, ptl);
 }
 
 static inline void change_pmd_range(struct mm_struct *mm, pud_t *pud,
@@ -88,7 +89,6 @@ static void change_protection(struct vm_area_struct *vma,
         BUG_ON(addr >= end);
         pgd = pgd_offset(mm, addr);
         flush_cache_range(vma, addr, end);
-        spin_lock(&mm->page_table_lock);
         do {
                 next = pgd_addr_end(addr, end);
                 if (pgd_none_or_clear_bad(pgd))
@@ -96,7 +96,6 @@ static void change_protection(struct vm_area_struct *vma,
                 change_pud_range(mm, pgd, addr, next, newprot);
         } while (pgd++, addr = next, addr != end);
         flush_tlb_range(vma, start, end);
-        spin_unlock(&mm->page_table_lock);
 }
 
 static int
@@ -125,6 +124,14 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
          * a MAP_NORESERVE private mapping to writable will now reserve.
          */
         if (newflags & VM_WRITE) {
+                if (oldflags & VM_RESERVED) {
+                        BUG_ON(oldflags & VM_WRITE);
+                        printk(KERN_WARNING "program %s is using MAP_PRIVATE, "
+                                "PROT_WRITE mprotect of VM_RESERVED memory, "
+                                "which is deprecated. Please report this to "
+                                "linux-kernel@vger.kernel.org\n",current->comm);
+                        return -EACCES;
+                }
                 if (!(oldflags & (VM_ACCOUNT|VM_WRITE|VM_SHARED|VM_HUGETLB))) {
                         charged = nrpages;
                         if (security_vm_enough_memory(charged))
@@ -168,8 +175,8 @@ success:
         vma->vm_flags = newflags;
         vma->vm_page_prot = newprot;
         change_protection(vma, start, end, newprot);
-        __vm_stat_account(mm, oldflags, vma->vm_file, -nrpages);
-        __vm_stat_account(mm, newflags, vma->vm_file, nrpages);
+        vm_stat_account(mm, oldflags, vma->vm_file, -nrpages);
+        vm_stat_account(mm, newflags, vma->vm_file, nrpages);
         return 0;
 
 fail: