Michel Lespinasse 63c3b902e5 mm: add anon_vma_lock to validate_mm()
Iterating over the vma->anon_vma_chain without anon_vma_lock may cause
NULL ptr deref in anon_vma_interval_tree_verify(), because the node in the
chain might have been removed.

  BUG: unable to handle kernel paging request at fffffffffffffff0
  IP: [<ffffffff8122c29c>] anon_vma_interval_tree_verify+0xc/0xa0
  PGD 4e28067 PUD 4e29067 PMD 0
  Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
  CPU 0
  Pid: 9050, comm: trinity-child64 Tainted: G        W    3.7.0-rc2-next-20121025-sasha-00001-g673f98e-dirty #77
  RIP: 0010: anon_vma_interval_tree_verify+0xc/0xa0
  Process trinity-child64 (pid: 9050, threadinfo ffff880045f80000, task ffff880048eb0000)
  Call Trace:
    validate_mm+0x58/0x1e0
    vma_adjust+0x635/0x6b0
    __split_vma.isra.22+0x161/0x220
    split_vma+0x24/0x30
    sys_madvise+0x5da/0x7b0
    tracesys+0xe1/0xe6
  RIP  anon_vma_interval_tree_verify+0xc/0xa0
  CR2: fffffffffffffff0

Figured out by Bob Liu.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Bob Liu <lliubbo@gmail.com>
Signed-off-by: Michel Lespinasse <walken@google.com>
Reviewed-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-11-16 14:33:03 -08:00
..
2012-10-09 16:22:54 +09:00
2012-05-29 23:28:33 -04:00
2012-01-03 22:54:56 -05:00
2012-10-09 16:23:03 +09:00
2011-07-26 16:49:47 -07:00
2012-10-09 16:23:03 +09:00
2012-10-09 16:23:03 +09:00
2012-11-16 14:33:03 -08:00
2012-07-31 18:42:43 -07:00
2010-05-21 18:31:21 -04:00
2012-10-09 16:22:54 +09:00
2012-10-09 16:22:24 +09:00
2012-07-31 18:42:43 -07:00
2012-06-20 14:39:36 -07:00
2012-06-20 14:39:36 -07:00
2012-07-31 18:42:49 -07:00
2012-10-09 16:22:55 +09:00
2012-10-09 16:23:03 +09:00
2012-10-09 16:22:59 +09:00