Merge tag 'mm-hotfixes-stable-2023-07-28-15-52' of git://git.kernel.org/pub/scm/linux...

[linux-2.6-microblaze.git] / mm / mmap.c

diff --git a/mm/mmap.c b/mm/mmap.c
index 204ddcd..3937479 100644 (file)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -615,6 +615,7 @@ static inline int dup_anon_vma(struct vm_area_struct *dst,
         * anon pages imported.
         */
        if (src->anon_vma && !dst->anon_vma) {
+               vma_start_write(dst);
                dst->anon_vma = src->anon_vma;
                return anon_vma_clone(dst, src);
        }
@@ -1977,6 +1978,8 @@ static int expand_upwards(struct vm_area_struct *vma, unsigned long address)
                return -ENOMEM;
        }
 
+       /* Lock the VMA before expanding to prevent concurrent page faults */
+       vma_start_write(vma);
        /*
         * vma->vm_start/vm_end cannot change under us because the caller
         * is required to hold the mmap_lock in read mode.  We need the
@@ -2064,6 +2067,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address)
                return -ENOMEM;
        }
 
+       /* Lock the VMA before expanding to prevent concurrent page faults */
+       vma_start_write(vma);
        /*
         * vma->vm_start/vm_end cannot change under us because the caller
         * is required to hold the mmap_lock in read mode.  We need the
@@ -2805,6 +2810,8 @@ cannot_expand:
        if (vma_iter_prealloc(&vmi))
                goto close_and_free_vma;
 
+       /* Lock the VMA since it is modified after insertion into VMA tree */
+       vma_start_write(vma);
        if (vma->vm_file)
                i_mmap_lock_write(vma->vm_file->f_mapping);