fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()

When iterating the VMAs, the maple state needs to be invalidated if the tree is modified by a split or merge to ensure the maple tree node contained in the maple state is still valid. These invalidations were missed, so add them to the paths which alter the tree. Reported-by: [email protected] Fixes: 69dbe6daf104 (userfaultfd: use maple tree iterator to iterate VMAs) Signed-off-by: Liam R. Howlett <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
author: Liam Howlett <[email protected]> 2022-11-07 20:11:42 +0000
committer: Linus Torvalds <[email protected]> 2022-11-07 12:58:26 -0800
commit: 59f2f4b8a757412fce372f6d0767bdb55da127a8 (patch)
tree: f4b518e9d6a7734d2a8c30062101ce219b8b37a8
parent: a1de832bd3243577de365222d8bc92708005ebf3 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 07c81ab3fd4d..98ac37e34e3d 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1630,17 +1630,20 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx,
 				 NULL_VM_UFFD_CTX, anon_vma_name(vma));
 		if (prev) {
 			vma = prev;
+			mas_pause(&mas);
 			goto next;
 		}
 		if (vma->vm_start < start) {
 			ret = split_vma(mm, vma, start, 1);
 			if (ret)
 				break;
+			mas_pause(&mas);
 		}
 		if (vma->vm_end > end) {
 			ret = split_vma(mm, vma, end, 0);
 			if (ret)
 				break;
+			mas_pause(&mas);
 		}
 	next:
 		/*
author	Liam Howlett <[email protected]>	2022-11-07 20:11:42 +0000
committer	Linus Torvalds <[email protected]>	2022-11-07 12:58:26 -0800
commit	59f2f4b8a757412fce372f6d0767bdb55da127a8 (patch)
tree	f4b518e9d6a7734d2a8c30062101ce219b8b37a8
parent	a1de832bd3243577de365222d8bc92708005ebf3 (diff)