On Mon, Feb 27, 2023 at 09:36:23AM -0800, Suren Baghdasaryan wrote: > When vma->anon_vma is not set, page fault handler will set it by either > reusing anon_vma of an adjacent VMA if VMAs are compatible or by > allocating a new one. find_mergeable_anon_vma() walks VMA tree to find > a compatible adjacent VMA and that requires not only the faulting VMA > to be stable but also the tree structure and other VMAs inside that tree. > Therefore locking just the faulting VMA is not enough for this search. > Fall back to taking mmap_lock when vma->anon_vma is not set. This > situation happens only on the first page fault and should not affect > overall performance. > > Signed-off-by: Suren Baghdasaryan <sur...@google.com> > --- > mm/memory.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/mm/memory.c b/mm/memory.c > index bda4c1a991f0..8855846a361b 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -5243,6 +5243,10 @@ struct vm_area_struct *lock_vma_under_rcu(struct > mm_struct *mm, > if (!vma_is_anonymous(vma)) > goto inval; > > + /* find_mergeable_anon_vma uses adjacent vmas which are not locked */ > + if (!vma->anon_vma) > + goto inval; > + > if (!vma_start_read(vma)) > goto inval;
Reviewed-by: Hyeonggon Yoo <42.hye...@gmail.com> > -- > 2.39.2.722.g9855ee24e9-goog > >
