ANDROID: mm: avoid using vmacache in lockless vma search When searching vma under RCU protection vmcache should be avoided because a race with munmap() might result in finding a vma and placing it into vmcache after munmap() removed that vma and called vmcache_invalidate. Once that vma is freed, vmcache will be left with an invalid vma pointer. Bug: 257443051 Change-Id: I62438305fcf5139974f4f7d3bae5b22c74084a59 Signed-off-by: Suren Baghdasaryan <surenb@google.com>

commit: ca96bd7bf10e62eccc583726be502f219ab02c1e [log] [tgz]
author: Suren Baghdasaryan <surenb@google.com> Mon Nov 21 14:08:41 2022 -0800
committer: Suren Baghdasaryan <surenb@google.com> Wed Nov 23 10:25:27 2022 -0800
tree: fe73bf4badd283ebeb71ae795ee934c70e14f0c3
parent: 533a88fed7d0107eff64d723d853e9a2c4a1053c [diff] [blame]
diff --git a/mm/memory.c b/mm/memory.c
index 6519783..3172677 100644
--- a/mm/memory.c
+++ b/mm/memory.c

@@ -216,7 +216,7 @@ struct vm_area_struct *get_vma(struct mm_struct *mm, unsigned long addr)
 	struct vm_area_struct *vma;
 
 	rcu_read_lock();
-	vma = __find_vma(mm, addr);
+	vma = find_vma_from_tree(mm, addr);
 	if (vma) {
 		if (vma->vm_start > addr ||
 		    !atomic_inc_unless_negative(&vma->file_ref_count))
commit	ca96bd7bf10e62eccc583726be502f219ab02c1e	[log] [tgz]
author	Suren Baghdasaryan <surenb@google.com>	Mon Nov 21 14:08:41 2022 -0800
committer	Suren Baghdasaryan <surenb@google.com>	Wed Nov 23 10:25:27 2022 -0800
tree	fe73bf4badd283ebeb71ae795ee934c70e14f0c3
parent	533a88fed7d0107eff64d723d853e9a2c4a1053c [diff] [blame]