um: uml_dup_mmap() relies on ->mmap_sem being held, but activate_mm() doesn't hold it (ac2aca28) · Commits · e / devices / android_kernel_fairphone_FP4

arch/um/include/asm/mmu_context.h

+9 −2

Original line number	Diff line number	Diff line
		@@ -9,7 +9,7 @@
		#include <linux/sched.h>
		#include <asm/mmu.h>

		extern void arch_dup_mmap(struct mm_struct oldmm, struct mm_struct mm);
		extern void uml_setup_stubs(struct mm_struct *mm);
		extern void arch_exit_mmap(struct mm_struct *mm);

		#define deactivate_mm(tsk,mm) do { } while (0)
		@@ -23,7 +23,9 @@ static inline void activate_mm(struct mm_struct old, struct mm_struct new)
		* when the new ->mm is used for the first time.
		*/
		__switch_mm(&new->context.id);
		arch_dup_mmap(old, new);
		down_write(&new->mmap_sem);
		uml_setup_stubs(new);
		up_write(&new->mmap_sem);
		}

		static inline void switch_mm(struct mm_struct prev, struct mm_struct next,
		@@ -39,6 +41,11 @@ static inline void switch_mm(struct mm_struct prev, struct mm_struct next,
		}
		}

		static inline void arch_dup_mmap(struct mm_struct oldmm, struct mm_struct mm)
		{
		uml_setup_stubs(mm);
		}

		static inline void enter_lazy_tlb(struct mm_struct *mm,
		struct task_struct *tsk)
		{

+1 −1

Original line number	Diff line number	Diff line
		@@ -101,7 +101,7 @@ int init_new_context(struct task_struct task, struct mm_struct mm)
		return ret;
		}

		void arch_dup_mmap(struct mm_struct oldmm, struct mm_struct mm)
		void uml_setup_stubs(struct mm_struct *mm)
		{
		struct page **pages;
		int err, ret;