Commit 9c49e5d0 authored Jun 02, 2025 by SeongJae Park Committed by Andrew Morton Jun 05, 2025

mm/madvise: handle madvise_lock() failure during race unwinding

When unwinding race on -ERESTARTNOINTR handling of process_madvise(),
madvise_lock() failure is ignored.  Check the failure and abort remaining
works in the case.

Link: https://lkml.kernel.org/r/20250602174926.1074-1-sj@kernel.org


Fixes: 4000e3d0 ("mm/madvise: remove redundant mmap_lock operations from process_madvise()")
Signed-off-by: SeongJae Park <sj@kernel.org>
Reported-by: Barry Song <21cnbao@gmail.com>
Closes: https://lore.kernel.org/CAGsJ_4xJXXO0G+4BizhohSZ4yDteziPw43_uF8nPXPWxUVChzw@mail.gmail.com


Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Shakeel Butt <shakeel.butt@linux.dev>
Reviewed-by: Barry Song <baohua@kernel.org>
Cc: Liam Howlett <liam.howlett@oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent 68408817

mm/madvise.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -1881,7 +1881,9 @@ static ssize_t vector_madvise(struct mm_struct mm, struct iov_iter iter,
		/* Drop and reacquire lock to unwind race. */
		madvise_finish_tlb(&madv_behavior);
		madvise_unlock(mm, behavior);
		madvise_lock(mm, behavior);
		ret = madvise_lock(mm, behavior);
		if (ret)
		goto out;
		madvise_init_tlb(&madv_behavior, mm);
		continue;
		}
		@@ -1892,6 +1894,7 @@ static ssize_t vector_madvise(struct mm_struct mm, struct iov_iter iter,
		madvise_finish_tlb(&madv_behavior);
		madvise_unlock(mm, behavior);

		out:
		ret = (total_len - iov_iter_count(iter)) ? : ret;

		return ret;