mm: fall back to mmap_lock if vma->anon_vma is not yet set

When vma->anon_vma is not set, page fault handler will set it by either
reusing anon_vma of an adjacent VMA if VMAs are compatible or by
allocating a new one.  find_mergeable_anon_vma() walks VMA tree to find a
compatible adjacent VMA and that requires not only the faulting VMA to be
stable but also the tree structure and other VMAs inside that tree.
Therefore locking just the faulting VMA is not enough for this search.
Fall back to taking mmap_lock when vma->anon_vma is not set.  This
situation happens only on the first page fault and should not affect
overall performance.

Link: https://lkml.kernel.org/r/20230227173632.3292573-25-surenb@google.com
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/memory.c b/mm/memory.c
index 55701dd56be53b959bd1c267e2578c094eeb914f..480e96af0407a84a10f40212cfd1f18e1614e740 100644 (file)
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -5256,6 +5256,10 @@ retry:
        if (!vma_is_anonymous(vma))
                goto inval;
 
+       /* find_mergeable_anon_vma uses adjacent vmas which are not locked */
+       if (!vma->anon_vma)
+               goto inval;
+
        if (!vma_start_read(vma))
                goto inval;