From eec42a19886846ec086910c01781bb86347b8878 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@Oracle.com>
Date: Tue, 16 Mar 2021 16:00:06 -0400
Subject: [PATCH] mempolicy rcu fix

Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
---
 mm/mempolicy.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index b9ad22a963f8..b38e2db83223 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -407,8 +407,10 @@ void mpol_rebind_mm(struct mm_struct *mm, nodemask_t *new)
 	MA_STATE(mas, &mm->mm_mt, 0, 0);
 
 	mmap_write_lock(mm);
+	mas_lock(&mas);
 	mas_for_each(&mas, vma, ULONG_MAX)
 		mpol_rebind_policy(vma->vm_policy, new);
+	mas_unlock(&mas);
 	mmap_write_unlock(mm);
 }
 
@@ -812,6 +814,7 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
 	unsigned long vmend;
 	MA_STATE(mas, &mm->mm_mt, start, start);
 
+	rcu_read_lock();
 	vma = mas_find(&mas, ULONG_MAX);
 	VM_BUG_ON(!vma);
 
@@ -858,6 +861,7 @@ next:
 	}
 
 out:
+	rcu_read_unlock();
 	return err;
 }
 
@@ -1222,11 +1226,13 @@ static struct page *new_page(struct page *page, unsigned long start)
 	unsigned long address;
 	MA_STATE(mas, &current->mm->mm_mt, start, start);
 
+	rcu_read_lock();
 	mas_for_each(&mas, vma, ULONG_MAX) {
 		address = page_address_in_vma(page, vma);
 		if (address != -EFAULT)
 			break;
 	}
+	rcu_read_unlock();
 
 	if (PageHuge(page)) {
 		return alloc_huge_page_vma(page_hstate(compound_head(page)),
-- 
2.50.1