From: Suren Baghdasaryan <surenb@google.com>
Date: Fri, 9 Dec 2022 20:11:56 +0000 (-0800)
Subject: fixup: remove wrong assumption in find_mergeable_anon_vma
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e0c70c65b46ce867510157252f976855356f8ffe;p=users%2Fjedix%2Flinux-maple.git

fixup: remove wrong assumption in find_mergeable_anon_vma

Signed-off-by: Suren Baghdasaryan <surenb@google.com>
---

diff --git a/mm/memory.c b/mm/memory.c
index b90f72db83d2..e4e958ec75ea 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -5281,6 +5281,10 @@ retry:
 	if (!vma_is_anonymous(vma))
 		goto inval;
 
+	/* find_mergeable_anon_vma uses adjacent vmas which are not locked */
+	if (!vma->anon_vma)
+		goto inval;
+
 	/*
 	* Due to the possibility of userfault handler dropping mmap_lock, avoid
 	* it for now and fall back to page fault handling under mmap_lock.
diff --git a/mm/mmap.c b/mm/mmap.c
index f0c6f122a60b..e12a8b21726b 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1169,20 +1169,12 @@ struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *vma)
 	struct anon_vma *anon_vma = NULL;
 	struct vm_area_struct *prev, *next;
 
-	/*
-	 * This search can be done with per-vma lock and without mmap_lock,
-	 * therefore acquire RCU read lock to prevent the tree from changing.
-	 */
-	rcu_read_lock();
-
 	/* Try next first. */
 	next = mas_walk(&mas);
 	if (next) {
 		anon_vma = reusable_anon_vma(next, vma, next);
-		if (anon_vma) {
-			rcu_read_unlock();
+		if (anon_vma)
 			return anon_vma;
-		}
 	}
 
 	prev = mas_prev(&mas, 0);
@@ -1192,7 +1184,6 @@ struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *vma)
 	if (prev)
 		anon_vma = reusable_anon_vma(prev, prev, vma);
 
-	rcu_read_unlock();
 	/*
 	 * We might reach here with anon_vma == NULL if we can't find
 	 * any reusable anon_vma.