mm: make the mlock() stack guard page checks stricter

commit 7798330ac8114c731cfab83e634c6ecedaa233d7 upstream.

If we've split the stack vma, only the lowest one has the guard page.
Now that we have a doubly linked list of vma's, checking this is trivial.

Tested-by: Ian Campbell <ijc@hellion.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/mm/mlock.c b/mm/mlock.c
index 524d2a444ef726b94c402c3e0f2d9a6dd1aa63f9..380ea896c17b78f1e121181129474cb41d204612 100644 (file)
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -138,6 +138,19 @@ void munlock_vma_page(struct page *page)
        }
 }
 
+/* Is the vma a continuation of the stack vma above it? */
+static inline int vma_stack_continue(struct vm_area_struct *vma, unsigned long addr)
+{
+       return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN);
+}
+
+static inline int stack_guard_page(struct vm_area_struct *vma, unsigned long addr)
+{
+       return (vma->vm_flags & VM_GROWSDOWN) &&
+               (vma->vm_start == addr) &&
+               !vma_stack_continue(vma->vm_prev, addr);
+}
+
 /**
  * __mlock_vma_pages_range() -  mlock a range of pages in the vma.
  * @vma:   target vma
@@ -171,11 +184,9 @@ static long __mlock_vma_pages_range(struct vm_area_struct *vma,
                gup_flags |= FOLL_WRITE;
 
        /* We don't try to access the guard page of a stack vma */
-       if (vma->vm_flags & VM_GROWSDOWN) {
-               if (start == vma->vm_start) {
-                       start += PAGE_SIZE;
-                       nr_pages--;
-               }
+       if (stack_guard_page(vma, start)) {
+               addr += PAGE_SIZE;
+               nr_pages--;
        }
 
        while (nr_pages > 0) {