On 7/10/25 19:02, Suren Baghdasaryan wrote:
On Thu, Jul 10, 2025 at 12:03 AM Suren Baghdasaryan surenb@google.com wrote:
I have the patchset ready but would like to test it some more. Will post it tomorrow.
Ok, I found a couple of issues using the syzbot reproducer [1] (which is awesome BTW!):
- rwsem_acquire_read() inside vma_start_read() at [2] should be moved
after the last check, otherwise the lock is considered taken on vma->vm_refcnt overflow; 2. query_matching_vma() is missing unlock_vma() call when it does "goto next_vma;" and re-issues query_vma_find_by_addr(). The previous vma is left locked;
How does that happen? query_vma_find_by_addr() does get_next_vma() which does unlock_vma()?