blackfin/ptrace: call find_vma with the mmap_sem held

Performing vma lookups without taking the mm->mmap_sem is asking for
trouble.  While doing the search, the vma in question can be modified or
even removed before returning to the caller.  Take the lock (shared) in
order to avoid races while iterating through the vmacache and/or rbtree.

Signed-off-by: Davidlohr Bueso <davidlohr@hp.com>
Cc: Steven Miao <realmz6@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/arch/blackfin/kernel/ptrace.c b/arch/blackfin/kernel/ptrace.c
index e1f88e028cfe6ccda107df72a77412c70d32eb3e..8b8fe671b1a6dbf347dd4d31a7f272ef87154bcb 100644 (file)
--- a/arch/blackfin/kernel/ptrace.c
+++ b/arch/blackfin/kernel/ptrace.c
@@ -117,6 +117,7 @@ put_reg(struct task_struct *task, unsigned long regno, unsigned long data)
 int
 is_user_addr_valid(struct task_struct *child, unsigned long start, unsigned long len)
 {
+       bool valid;
        struct vm_area_struct *vma;
        struct sram_list_struct *sraml;
 
@@ -124,9 +125,12 @@ is_user_addr_valid(struct task_struct *child, unsigned long start, unsigned long
        if (start + len < start)
                return -EIO;
 
+       down_read(&child->mm->mmap_sem);
        vma = find_vma(child->mm, start);
-       if (vma && start >= vma->vm_start && start + len <= vma->vm_end)
-                       return 0;
+       valid = vma && start >= vma->vm_start && start + len <= vma->vm_end;
+       up_read(&child->mm->mmap_sem);
+       if (valid)
+               return 0;
 
        for (sraml = child->mm->context.sram_list; sraml; sraml = sraml->next)
                if (start >= (unsigned long)sraml->addr