Re: [PATCH v2] mm: fix anon_vma->degree underflow in anon_vma endless growing prevention

[Rik van Riel <riel@redhat.com>]

On 03/04/2015 07:52 AM, Leon Yu wrote:
> I have constantly stumbled upon "kernel BUG at mm/rmap.c:399!" after
> upgrading to 3.19 and had no luck with 4.0-rc1 neither.
> 
> So, after looking into new logic introduced by 7a3ef208e662 ("mm: prevent
> endless growth of anon_vma hierarchy"), I found chances are that
> unlink_anon_vmas() is called without incrementing dst->anon_vma->degree in
> anon_vma_clone() due to allocation failure.  If dst->anon_vma is not NULL
> in error path, its degree will be incorrectly decremented in
> unlink_anon_vmas() and eventually underflow when exiting as a result of
> another call to unlink_anon_vmas().  That's how "kernel BUG at
> mm/rmap.c:399!" is triggered for me.
> 
> This patch fixes the underflow by dropping dst->anon_vma when allocation
> fails.  It's safe to do so regardless of original value of dst->anon_vma
> because dst->anon_vma doesn't have valid meaning if anon_vma_clone()
> fails.  Besides, callers don't care dst->anon_vma in such case neither.
> 
> Also suggested by Michal Hocko, we can clean up vma_adjust() a bit as
> anon_vma_clone() now does the work.
> 
> Fixes: 7a3ef208e662 ("mm: prevent endless growth of anon_vma hierarchy")
> Signed-off-by: Leon Yu <chianglungyu@gmail.com>
> Signed-off-by: Konstantin Khlebnikov <koct9i@gmail.com>
> Reviewed-by: Michal Hocko <mhocko@suse.cz>
> Acked-by: David Rientjes <rientjes@google.com>
> Cc: <stable@vger.kernel.org>

Acked-by: Rik van Riel <riel@redhat.com>

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>