diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-05-19 20:23:24 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-05-19 20:23:24 +0300 |
commit | 1335d9a1fb2abbe5022de3c517989cc7c7161dee (patch) | |
tree | 23e4a27cb22bb09fefea09a62e419a8c5bcc32cd /mm | |
parent | 4c4a5c99af7f479a14759196f8df9467128f3baf (diff) | |
parent | 8ea58f1e8b11cca3087b294779bf5959bf89cc10 (diff) | |
download | linux-1335d9a1fb2abbe5022de3c517989cc7c7161dee.tar.xz |
Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull core fixes from Ingo Molnar:
"This fixes a particularly thorny munmap() bug with MPX, plus fixes a
host build environment assumption in objtool"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
objtool: Allow AR to be overridden with HOSTAR
x86/mpx, mm/core: Fix recursive munmap() corruption
Diffstat (limited to 'mm')
-rw-r--r-- | mm/mmap.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/mm/mmap.c b/mm/mmap.c index bd7b9f293b39..2d6a6662edb9 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2735,9 +2735,17 @@ int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len, return -EINVAL; len = PAGE_ALIGN(len); + end = start + len; if (len == 0) return -EINVAL; + /* + * arch_unmap() might do unmaps itself. It must be called + * and finish any rbtree manipulation before this code + * runs and also starts to manipulate the rbtree. + */ + arch_unmap(mm, start, end); + /* Find the first overlapping VMA */ vma = find_vma(mm, start); if (!vma) @@ -2746,7 +2754,6 @@ int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len, /* we have start < vma->vm_end */ /* if it doesn't overlap, we have nothing.. */ - end = start + len; if (vma->vm_start >= end) return 0; @@ -2816,12 +2823,6 @@ int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len, /* Detach vmas from rbtree */ detach_vmas_to_be_unmapped(mm, vma, prev, end); - /* - * mpx unmap needs to be called with mmap_sem held for write. - * It is safe to call it before unmap_region(). - */ - arch_unmap(mm, vma, start, end); - if (downgrade) downgrade_write(&mm->mmap_sem); |