m68k: call find_vma with the mmap_sem held in sys_cacheflush()

Performing vma lookups without taking the mm->mmap_sem is asking for
trouble.  While doing the search, the vma in question can be modified or
even removed before returning to the caller.  Take the lock (shared) in
order to avoid races while iterating through the vmacache and/or rbtree.

Signed-off-by: Davidlohr Bueso <davidlohr@hp.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/arch/m68k/kernel/sys_m68k.c b/arch/m68k/kernel/sys_m68k.c
index 3a480b3df0d6cfee0fa7a6e2da99f710d776d587..d2263a0bdc3dbc01be1d52d66d420ca663a477da 100644 (file)
--- a/arch/m68k/kernel/sys_m68k.c
+++ b/arch/m68k/kernel/sys_m68k.c
@@ -376,7 +376,6 @@ cache_flush_060 (unsigned long addr, int scope, int cache, unsigned long len)
 asmlinkage int
 sys_cacheflush (unsigned long addr, int scope, int cache, unsigned long len)
 {
-       struct vm_area_struct *vma;
        int ret = -EINVAL;
 
        if (scope < FLUSH_SCOPE_LINE || scope > FLUSH_SCOPE_ALL ||
@@ -389,16 +388,23 @@ sys_cacheflush (unsigned long addr, int scope, int cache, unsigned long len)
                if (!capable(CAP_SYS_ADMIN))
                        goto out;
        } else {
+               struct vm_area_struct *vma;
+               bool invalid;
+
+               /* Check for overflow.  */
+               if (addr + len < addr)
+                       goto out;
+
                /*
                 * Verify that the specified address region actually belongs
                 * to this process.
                 */
-               vma = find_vma (current->mm, addr);
                ret = -EINVAL;
-               /* Check for overflow.  */
-               if (addr + len < addr)
-                       goto out;
-               if (vma == NULL || addr < vma->vm_start || addr + len > vma->vm_end)
+               down_read(&current->mm->mmap_sem);
+               vma = find_vma(current->mm, addr);
+               invalid = !vma || addr < vma->vm_start || addr + len > vma->vm_end;
+               up_read(&current->mm->mmap_sem);
+               if (invalid)
                        goto out;
        }