userfaultfd: fix a race between writeprotect and exit_mmap()

[sfrench/cifs-2.6.git] / fs / userfaultfd.c

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 003f0d31743eb3cd95de8c8da21a4d0d731daf73..22bf14ab2d163b189ba3f9a3fedc5fe53ec7bccb 100644 (file)
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1827,9 +1827,15 @@ static int userfaultfd_writeprotect(struct userfaultfd_ctx *ctx,
        if (mode_wp && mode_dontwake)
                return -EINVAL;
 
-       ret = mwriteprotect_range(ctx->mm, uffdio_wp.range.start,
-                                 uffdio_wp.range.len, mode_wp,
-                                 &ctx->mmap_changing);
+       if (mmget_not_zero(ctx->mm)) {
+               ret = mwriteprotect_range(ctx->mm, uffdio_wp.range.start,
+                                         uffdio_wp.range.len, mode_wp,
+                                         &ctx->mmap_changing);
+               mmput(ctx->mm);
+       } else {
+               return -ESRCH;
+       }
+
        if (ret)
                return ret;