mm/mmap: write-lock VMAs affected by VMA expansion

vma_expand changes VMA boundaries and might result in freeing an adjacent
VMA. Write-lock affected VMAs to prevent concurrent page faults.

Signed-off-by: Suren Baghdasaryan <surenb@google.com>

diff --git a/mm/mmap.c b/mm/mmap.c
index c25a39a4a617f57e9f73f13a3abbf760c3865727..ae585a6287eaf8cf798b4a9b427aaf3407c599a0 100644 (file)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -542,6 +542,7 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
        if (mas_preallocate(mas, vma, GFP_KERNEL))
                goto nomem;
 
+       vma_write_lock(vma);
        vma_adjust_trans_huge(vma, start, end, 0);
 
        if (file) {
@@ -588,6 +589,7 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
        }
 
        if (remove_next) {
+               vma_write_lock(next);
                if (file) {
                        uprobe_munmap(next, next->vm_start, next->vm_end);
                        fput(file);