Hi Andrew,
Just a quick fix to address issues raised by syzkaller. I removed this code
previously based on misinterpreting review feedback as indicating that I
could do so...
In any case I have tested this against the repro (a well-placed RCU barrier
causes reliable repro it turns out) and confirmed it fixes the issue.
Thanks, Lorenzo
----8<----
>From 4e07d53c6627af21847752ec71f5ecd00afab03b Mon Sep 17 00:00:00 2001
From: Lorenzo Stoakes <lorenzo.stoa...@oracle.com>
Date: Wed, 16 Jul 2025 20:29:54 +0100
Subject: [PATCH] mm/mremap: reset VMI on unmap
Any separate VMA iterator may become invalidated when VMAs are unmapped at
nodes in proximity to the current position of the iterator.
Therefore, reset the iterator at each point where this occurs on a mremap
move.
Signed-off-by: Lorenzo Stoakes <lorenzo.stoa...@oracle.com>
---
mm/mremap.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/mremap.c b/mm/mremap.c
index 7a2e7022139a..15cbd41515ed 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -1113,6 +1113,7 @@ static void unmap_source_vma(struct vma_remap_struct *vrm)
err = do_vmi_munmap(&vmi, mm, addr, len, vrm->uf_unmap, /* unlock=
*/false);
vrm->vma = NULL; /* Invalidated. */
+ vrm->vmi_needs_reset = true;
if (err) {
/* OOM: unable to split vma, just get accounts right */
vm_acct_memory(len >> PAGE_SHIFT);
@@ -1367,6 +1368,7 @@ static unsigned long mremap_to(struct vma_remap_struct
*vrm)
err = do_munmap(mm, vrm->new_addr, vrm->new_len,
vrm->uf_unmap_early);
vrm->vma = NULL; /* Invalidated. */
+ vrm->vmi_needs_reset = true;
if (err)
return err;
--
2.50.1
