bpf: Take mmap_lock in zap_pages() - kernel/linux.git - Linux kernel stable tree (mirror)

diff options

author	Alexei Starovoitov <ast@kernel.org>	2026-05-29 01:20:14 +0300
committer	Alexei Starovoitov <ast@kernel.org>	2026-06-04 19:46:54 +0300
commit	80b89d0226a05e8b67969de99c31b51fcd54f76a (patch)
tree	37e86328616cffdf6ec3d1041bd2d1adccaed4c3 /include
parent	fbd6dc50d9aedc594ec3196211a190170a275ab6 (diff)
download	linux-80b89d0226a05e8b67969de99c31b51fcd54f76a.tar.xz

bpf: Take mmap_lock in zap_pages()

zap_vma_range() requires the owning mm's mmap_lock to be held. Taking mmap_read_lock under arena->lock would AB-BA against arena_vm_close() and arena_map_mmap(), both of which run with mmap_write_lock held and then acquire arena->lock. Instead drop arena->lock, mmget_not_zero() the vma's mm, take mmap_read_lock, and re-resolve the vma via find_vma() since it may have been unmapped or replaced while waiting. Track processed vmls with a per-call generation in vml->zap_gen and serialize zap_pages() callers with a new arena->zap_mutex so concurrent callers on different uaddr ranges do not mark each other's vmls processed before the zap is done. Reported-by: David Hildenbrand <david@kernel.org> Fixes: 317460317a02 ("bpf: Introduce bpf_arena.") Signed-off-by: Alexei Starovoitov <ast@kernel.org> Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com> Link: https://lore.kernel.org/r/20260528222014.38980-1-alexei.starovoitov@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: