mips: call find_vma with the mmap_sem held

Performing vma lookups without taking the mm->mmap_sem is asking for
trouble.  While doing the search, the vma in question can be modified or
even removed before returning to the caller.  Take the lock (exclusively)
in order to avoid races while iterating through the vmacache and/or
rbtree.

Updates two functions:
  - process_fpemu_return()
  - cteon_flush_cache_sigtramp()

Signed-off-by: Davidlohr Bueso <davidlohr@hp.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Tested-by: Andreas Herrmann <andreas.herrmann@caviumnetworks.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index 074e857ced284eb70bab2d8ae31ae496a14984b5..c51bd20cd081db400fc5f119171725f6f6b8ecc3 100644 (file)
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -712,10 +712,12 @@ int process_fpemu_return(int sig, void __user *fault_addr)
                si.si_addr = fault_addr;
                si.si_signo = sig;
                if (sig == SIGSEGV) {
+                       down_read(&current->mm->mmap_sem);
                        if (find_vma(current->mm, (unsigned long)fault_addr))
                                si.si_code = SEGV_ACCERR;
                        else
                                si.si_code = SEGV_MAPERR;
+                       up_read(&current->mm->mmap_sem);
                } else {
                        si.si_code = BUS_ADRERR;
                }

diff --git a/arch/mips/mm/c-octeon.c b/arch/mips/mm/c-octeon.c
index f41a5c5b0865ecc4e17a66f47129801ebb8ad2f1..05b1d7cf9514c71422c587ddd4955a2a4992623e 100644 (file)
--- a/arch/mips/mm/c-octeon.c
+++ b/arch/mips/mm/c-octeon.c
@@ -137,8 +137,10 @@ static void octeon_flush_cache_sigtramp(unsigned long addr)
 {
        struct vm_area_struct *vma;
 
+       down_read(&current->mm->mmap_sem);
        vma = find_vma(current->mm, addr);
        octeon_flush_icache_all_cores(vma);
+       up_read(&current->mm->mmap_sem);
 }