From 0bf551684025a5f0f3c9aac694cd5cf73706cb70 Mon Sep 17 00:00:00 2001 From: San Mehat Date: Tue, 30 Mar 2010 16:43:18 -0700 Subject: [PATCH] proc: pagemap: Hold mmap_sem during page walk If the mmap_sem is not held while we walk_page_range(), then it is possible for find_vma() to race with a remove_vma_list() caused by do_munmap() (or others). Unable to handle kernel paging request at virtual address 6b6b6b5b Internal error: Oops: 5 [#1] PREEMPT CPU: 0 Not tainted (2.6.32.9-27154-ge3e6e27 #1) PC is at find_vma+0x40/0x7c LR is at walk_page_range+0x70/0x230 pc : [] lr : [] psr: 20000013 sp : c6aa9eb8 ip : 6b6b6b53 fp : c6a58f60 r10: c7e1d1b8 r9 : 0001bca0 r8 : 47000000 r7 : c6aa9f80 r6 : c6aa8000 r5 : 46fbd000 r4 : 6b6b6b6b r3 : c7ca4820 r2 : 6b6b6b6b r1 : 46fbd000 r0 : c70e3e40 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5787d Table: 26574019 DAC: 00000015 [] (find_vma+0x40/0x7c) from [] (walk_page_range+0x70/0x230) [] (walk_page_range+0x70/0x230) from [] (pagemap_read+0x1a4/0x278) [] (pagemap_read+0x1a4/0x278) from [] (vfs_read+0xa8/0x150) [] (vfs_read+0xa8/0x150) from [] (sys_read+0x3c/0x68) [] (sys_read+0x3c/0x68) from [] (ret_fast_syscall+0x0/0x2c) Code: 98bd8010 e5932004 e3a00000 ea000008 (e5124010) Signed-off-by: San Mehat CC: Brian Swetland CC: Matt Mackall CC: Andrew Morton CC: Linus Torvalds --- fs/proc/task_mmu.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 2a1bef9203c6..3f300c1a9bd0 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -726,8 +726,6 @@ static ssize_t pagemap_read(struct file *file, char __user *buf, down_read(¤t->mm->mmap_sem); ret = get_user_pages(current, current->mm, uaddr, pagecount, 1, 0, pages, NULL); - up_read(¤t->mm->mmap_sem); - if (ret < 0) goto out_free; @@ -776,6 +774,7 @@ out_pages: page_cache_release(page); } out_free: + up_read(¤t->mm->mmap_sem); kfree(pages); out_mm: mmput(mm); -- 2.34.1