mm/mmap: write-lock VMAs affected by VMA expansion

vma_expand changes VMA boundaries and might result in freeing an adjacent
VMA. Write-lock affected VMAs to prevent concurrent page faults.

Signed-off-by: Suren Baghdasaryan <surenb@google.com>

diff --git a/mm/mmap.c b/mm/mmap.c
index 80fa9ac6d886f16fa5acf1d3374bd91aba7f30b6..121e17abf76207e6e95d9b1040ced70fcfa34781 100644 (file)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -542,6 +542,7 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
        if (mas_preallocate(mas, vma, GFP_KERNEL))
                goto nomem;
 
+       vma_write_lock(vma);
        vma_adjust_trans_huge(vma, start, end, 0);
 
        if (file) {
@@ -588,6 +589,7 @@ inline int vma_expand(struct ma_state *mas, struct vm_area_struct *vma,
        }
 
        if (remove_next) {
+               vma_write_lock(next);
                if (file) {
                        uprobe_munmap(next, next->vm_start, next->vm_end);
                        fput(file);