From b515a22f62add2c40513cd0fba949093945d96bd Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Date: Wed, 20 Oct 2021 13:02:19 -0400
Subject: [PATCH] mmap: Fix locking again in munmap

Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
 mm/mmap.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/mm/mmap.c b/mm/mmap.c
index d5fa26a1883d6..babb05f8662cb 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2433,18 +2433,23 @@ do_mas_align_munmap(struct ma_state *mas, struct vm_area_struct *vma,
 			downgrade = false;
 		else if (prev && (prev->vm_flags & VM_GROWSUP))
 			downgrade = false;
-		else {
-			mas_unlock(mas);
+		else
 			mmap_write_downgrade(mm);
-		}
 	}
 
+	/* Have to unlock since unmap_vmas may sleep */
+	mas_unlock(mas);
 	unmap_region(mm, &mt_detach, vma, prev, next, start, end);
 
+
 	/* Statistics and freeing VMAs */
+	/* Have to remain unlocked as remove_vma() might sleep */
 	remove_mt(mm, &mt_detach);
-	mtree_destroy(&mt_detach);
+	/* validate_mt() requires unlocking due to anon_vma check if DEBUG_RB*/
 	validate_mm(mm);
+	if (!downgrade)
+		mas_lock(mas);
+	mtree_destroy(&mt_detach);
 
 	return downgrade ? 1 : 0;
 }
-- 
2.50.1