From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Rik van Riel <riel@redhat.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>,
Pete Zaitcev <zaitcev@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH] rmap: anon_vma_prepare() can leak anon_vma_chain
Date: Tue, 20 Apr 2010 21:24:21 +0200 [thread overview]
Message-ID: <20100420192420.GA20840@redhat.com> (raw)
In-Reply-To: <4BCD0E78.9050904@redhat.com>
If find_mergeable_anon_vma() succeeds but another thread installs
->anon_vma before we take ptl, then allocated == NULL but avc should
be freed. Change the code to check avc != NULL to detect this case.
Also, a couple of whitespace changes to make the critical section more
visible.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
mm/rmap.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- 34-rc1/mm/rmap.c~AVP_AVC_LEAK 2010-03-11 13:11:50.000000000 +0100
+++ 34-rc1/mm/rmap.c 2010-04-20 21:05:24.000000000 +0200
@@ -133,8 +133,8 @@ int anon_vma_prepare(struct vm_area_stru
goto out_enomem_free_avc;
allocated = anon_vma;
}
- spin_lock(&anon_vma->lock);
+ spin_lock(&anon_vma->lock);
/* page_table_lock to protect against threads */
spin_lock(&mm->page_table_lock);
if (likely(!vma->anon_vma)) {
@@ -144,14 +144,15 @@ int anon_vma_prepare(struct vm_area_stru
list_add(&avc->same_vma, &vma->anon_vma_chain);
list_add(&avc->same_anon_vma, &anon_vma->head);
allocated = NULL;
+ avc = NULL;
}
spin_unlock(&mm->page_table_lock);
-
spin_unlock(&anon_vma->lock);
- if (unlikely(allocated)) {
+
+ if (unlikely(allocated))
anon_vma_free(allocated);
+ if (unlikely(avc))
anon_vma_chain_free(avc);
- }
}
return 0;
next parent reply other threads:[~2010-04-20 19:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20100415120940.GA31762@redhat.com>
[not found] ` <4BCD0E78.9050904@redhat.com>
2010-04-20 19:24 ` Oleg Nesterov [this message]
2010-04-20 20:47 ` [PATCH] rmap: anon_vma_prepare() can leak anon_vma_chain Rik van Riel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100420192420.GA20840@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=hugh.dickins@tiscali.co.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=riel@redhat.com \
--cc=zaitcev@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.