From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Lorenzo Stoakes <lstoakes@gmail.com>,
Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
Suren Baghdasaryan <surenb@google.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 6.5 66/88] mmap: fix error paths with dup_anon_vma()
Date: Mon, 6 Nov 2023 14:04:00 +0100 [thread overview]
Message-ID: <20231106130308.189613370@linuxfoundation.org> (raw)
In-Reply-To: <20231106130305.772449722@linuxfoundation.org>
6.5-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liam R. Howlett <Liam.Howlett@oracle.com>
commit 824135c46b00df7fb369ec7f1f8607427bbebeb0 upstream.
When the calling function fails after the dup_anon_vma(), the
duplication of the anon_vma is not being undone. Add the necessary
unlink_anon_vma() call to the error paths that are missing them.
This issue showed up during inspection of the error path in vma_merge()
for an unrelated vma iterator issue.
Users may experience increased memory usage, which may be problematic as
the failure would likely be caused by a low memory situation.
Link: https://lkml.kernel.org/r/20230929183041.2835469-3-Liam.Howlett@oracle.com
Fixes: d4af56c5c7c6 ("mm: start tracking VMAs with maple tree")
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Jann Horn <jannh@google.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mmap.c | 30 ++++++++++++++++++++++--------
1 file changed, 22 insertions(+), 8 deletions(-)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -603,11 +603,12 @@ again:
* dup_anon_vma() - Helper function to duplicate anon_vma
* @dst: The destination VMA
* @src: The source VMA
+ * @dup: Pointer to the destination VMA when successful.
*
* Returns: 0 on success.
*/
static inline int dup_anon_vma(struct vm_area_struct *dst,
- struct vm_area_struct *src)
+ struct vm_area_struct *src, struct vm_area_struct **dup)
{
/*
* Easily overlooked: when mprotect shifts the boundary, make sure the
@@ -615,9 +616,15 @@ static inline int dup_anon_vma(struct vm
* anon pages imported.
*/
if (src->anon_vma && !dst->anon_vma) {
+ int ret;
+
vma_start_write(dst);
dst->anon_vma = src->anon_vma;
- return anon_vma_clone(dst, src);
+ ret = anon_vma_clone(dst, src);
+ if (ret)
+ return ret;
+
+ *dup = dst;
}
return 0;
@@ -644,6 +651,7 @@ int vma_expand(struct vma_iterator *vmi,
unsigned long start, unsigned long end, pgoff_t pgoff,
struct vm_area_struct *next)
{
+ struct vm_area_struct *anon_dup = NULL;
bool remove_next = false;
struct vma_prepare vp;
@@ -651,7 +659,7 @@ int vma_expand(struct vma_iterator *vmi,
int ret;
remove_next = true;
- ret = dup_anon_vma(vma, next);
+ ret = dup_anon_vma(vma, next, &anon_dup);
if (ret)
return ret;
}
@@ -683,6 +691,8 @@ int vma_expand(struct vma_iterator *vmi,
return 0;
nomem:
+ if (anon_dup)
+ unlink_anon_vmas(anon_dup);
return -ENOMEM;
}
@@ -881,6 +891,7 @@ struct vm_area_struct *vma_merge(struct
{
struct vm_area_struct *curr, *next, *res;
struct vm_area_struct *vma, *adjust, *remove, *remove2;
+ struct vm_area_struct *anon_dup = NULL;
struct vma_prepare vp;
pgoff_t vma_pgoff;
int err = 0;
@@ -945,16 +956,16 @@ struct vm_area_struct *vma_merge(struct
is_mergeable_anon_vma(prev->anon_vma, next->anon_vma, NULL)) {
remove = next; /* case 1 */
vma_end = next->vm_end;
- err = dup_anon_vma(prev, next);
+ err = dup_anon_vma(prev, next, &anon_dup);
if (curr) { /* case 6 */
remove = curr;
remove2 = next;
if (!next->anon_vma)
- err = dup_anon_vma(prev, curr);
+ err = dup_anon_vma(prev, curr, &anon_dup);
}
} else if (merge_prev) { /* case 2 */
if (curr) {
- err = dup_anon_vma(prev, curr);
+ err = dup_anon_vma(prev, curr, &anon_dup);
if (end == curr->vm_end) { /* case 7 */
remove = curr;
} else { /* case 5 */
@@ -968,7 +979,7 @@ struct vm_area_struct *vma_merge(struct
vma_end = addr;
adjust = next;
adj_start = -(prev->vm_end - addr);
- err = dup_anon_vma(next, prev);
+ err = dup_anon_vma(next, prev, &anon_dup);
} else {
/*
* Note that cases 3 and 8 are the ONLY ones where prev
@@ -981,7 +992,7 @@ struct vm_area_struct *vma_merge(struct
if (curr) { /* case 8 */
vma_pgoff = curr->vm_pgoff;
remove = curr;
- err = dup_anon_vma(next, curr);
+ err = dup_anon_vma(next, curr, &anon_dup);
}
}
}
@@ -1026,6 +1037,9 @@ struct vm_area_struct *vma_merge(struct
return res;
prealloc_fail:
+ if (anon_dup)
+ unlink_anon_vmas(anon_dup);
+
anon_vma_fail:
vma_iter_set(vmi, addr);
vma_iter_load(vmi);
next prev parent reply other threads:[~2023-11-06 13:18 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 13:02 [PATCH 6.5 00/88] 6.5.11-rc1 review Greg Kroah-Hartman
2023-11-06 13:02 ` [PATCH 6.5 01/88] ASoC: Intel: sof_sdw: add support for SKU 0B14 Greg Kroah-Hartman
2023-11-06 13:02 ` [PATCH 6.5 02/88] ASoC: simple-card: fixup asoc_simple_probe() error handling Greg Kroah-Hartman
2023-11-06 13:02 ` [PATCH 6.5 03/88] coresight: tmc-etr: Disable warnings for allocation failures Greg Kroah-Hartman
2023-11-06 13:02 ` [PATCH 6.5 04/88] ASoC: fsl-asoc-card: use integer type for fll_id and pll_id Greg Kroah-Hartman
2023-11-06 13:02 ` [PATCH 6.5 05/88] ASoC: core: Do not call link_exit() on uninitialized rtd objects Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 06/88] ASoC: tlv320adc3xxx: BUG: Correct micbias setting Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 07/88] net: sched: cls_u32: Fix allocation size in u32_init() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 08/88] arm64: dts: imx93: add the Flex-CAN stop mode by GPR Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 09/88] can: flexcan: remove the auto stop mode for IMX93 Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 10/88] irqchip/riscv-intc: Mark all INTC nodes as initialized Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 11/88] irqchip/stm32-exti: add missing DT IRQ flag translation Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 12/88] dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 13/88] ata: pata_parport: add custom version of wait_after_reset Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 14/88] ata: pata_parport: fit3: implement IDE command set registers Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 15/88] powerpc/85xx: Fix math emulation exception Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 16/88] media: i2c: ov8858: Dont set fwnode in the driver Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 17/88] Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 18/88] fbdev: atyfb: only use ioremap_uc() on i386 and ia64 Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 19/88] fs/ntfs3: Add ckeck in ni_update_parent() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 20/88] fs/ntfs3: Write immediately updated ntfs state Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 21/88] fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN) Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 22/88] fs/ntfs3: Add more attributes checks in mi_enum_attr() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 23/88] fs/ntfs3: Fix alternative boot searching Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 24/88] fs/ntfs3: Add more info into /proc/fs/ntfs3/<dev>/volinfo Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 25/88] fs/ntfs3: Do not allow to change label if volume is read-only Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 26/88] fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 27/88] fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 28/88] fs/ntfs3: Fix directory element type detection Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 29/88] fs/ntfs3: Avoid possible memory leak Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 30/88] spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 31/88] ASoC: soc-dapm: Add helper for comparing widget name Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 32/88] netfilter: nfnetlink_log: silence bogus compiler warning Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 33/88] net/mlx5: Bridge, fix peer entry ageing in LAG mode Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 34/88] x86/efistub: Dont try to print after ExitBootService() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 35/88] efi: fix memory leak in krealloc failure handling Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 36/88] ASoC: rt5650: fix the wrong result of key button Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 37/88] ASoC: codecs: tas2780: Fix log of failed reset via I2C Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 38/88] s390/kasan: handle DCSS mapping in memory holes Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 39/88] drm/ttm: Reorder sys manager cleanup step Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 40/88] fbdev: omapfb: fix some error codes Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 41/88] fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 42/88] scsi: mpt3sas: Fix in error path Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 43/88] ASoC: da7219: Correct the process of setting up Gnd switch in AAD Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 44/88] drm/amdgpu: Unset context priority is now invalid Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 45/88] gpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 46/88] LoongArch: Use SYM_CODE_* to annotate exception handlers Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 47/88] LoongArch: Export symbol invalid_pud_table for modules building Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 48/88] LoongArch: Replace kmap_atomic() with kmap_local_page() in copy_user_highpage() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 49/88] LoongArch: Disable WUC for pgprot_writecombine() like ioremap_wc() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 50/88] netfilter: nf_tables: audit log object reset once per table Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 51/88] platform/mellanox: mlxbf-tmfifo: Fix a warning message Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 52/88] drm/amdgpu: Reserve fences for VM update Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 53/88] riscv: dts: thead: set dma-noncoherent to soc bus Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 54/88] net: chelsio: cxgb4: add an error code check in t4_load_phy_fw Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 55/88] r8152: Check for unplug in rtl_phy_patch_request() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 56/88] r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 57/88] powerpc/mm: Fix boot crash with FLATMEM Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 58/88] io_uring: kiocb_done() should *not* trust ->ki_pos if ->{read,write}_iter() failed Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 59/88] ceph_wait_on_conflict_unlink(): grab reference before dropping ->d_lock Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 60/88] drm/amd/display: Dont use fsleep for PSR exit waits Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 61/88] rust: make `UnsafeCell` the outer type in `Opaque` Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 62/88] rust: types: make `Opaque` be `!Unpin` Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 63/88] power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 64/88] perf evlist: Avoid frequency mode for the dummy event Greg Kroah-Hartman
2023-11-06 13:03 ` [PATCH 6.5 65/88] mmap: fix vma_iterator in error path of vma_merge() Greg Kroah-Hartman
2023-11-06 13:04 ` Greg Kroah-Hartman [this message]
2023-11-06 13:04 ` [PATCH 6.5 67/88] ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 68/88] PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 69/88] usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 70/88] usb: typec: tcpm: Add additional checks for contaminant Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 71/88] usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 72/88] usb: raw-gadget: properly handle interrupted requests Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 73/88] Bluetooth: hci_bcm4377: Mark bcm4378/bcm4387 as BROKEN_LE_CODED Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 74/88] tty: n_gsm: fix race condition in status line change on dead connections Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 75/88] tty: 8250: Remove UC-257 and UC-431 Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 76/88] tty: 8250: Add support for additional Brainboxes UC cards Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 77/88] tty: 8250: Add support for Brainboxes UP cards Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 78/88] tty: 8250: Add support for Intashield IS-100 Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 79/88] tty: 8250: Fix port count of PX-257 Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 80/88] tty: 8250: Fix up PX-803/PX-857 Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 81/88] tty: 8250: Add support for additional Brainboxes PX cards Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 82/88] tty: 8250: Add support for Intashield IX cards Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 83/88] tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 84/88] dt-bindings: serial: rs485: Add rs485-rts-active-high Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 85/88] misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 86/88] serial: core: Fix runtime PM handling for pending tx Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 87/88] ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection Greg Kroah-Hartman
2023-11-06 13:04 ` [PATCH 6.5 88/88] ASoC: SOF: sof-pci-dev: Fix community key " Greg Kroah-Hartman
2023-11-06 17:24 ` [PATCH 6.5 00/88] 6.5.11-rc1 review SeongJae Park
2023-11-06 18:09 ` Florian Fainelli
2023-11-07 3:07 ` Justin Forbes
2023-11-07 4:34 ` Bagas Sanjaya
2023-11-07 8:53 ` Ron Economos
2023-11-07 11:43 ` Jon Hunter
2023-11-07 15:28 ` Shuah Khan
2023-11-07 16:04 ` Conor Dooley
2023-11-07 17:12 ` Naresh Kamboju
2023-11-07 17:15 ` Ricardo B. Marliere
2023-11-07 18:54 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231106130308.189613370@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=jannh@google.com \
--cc=lstoakes@gmail.com \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox