From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Daniel Forrest <dan.forrest@ssec.wisc.edu>,
Michal Hocko <mhocko@suse.cz>,
Konstantin Khlebnikov <koct9i@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Rik van Riel <riel@redhat.com>, Tim Hartrick <tim@edgecast.com>,
Hugh Dickins <hughd@google.com>,
Michel Lespinasse <walken@google.com>,
Vlastimil Babka <vbabka@suse.cz>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 3.17 06/47] mm: fix anon_vma_clone() error treatment
Date: Sun, 14 Dec 2014 12:20:41 -0800 [thread overview]
Message-ID: <20141214201818.747811505@linuxfoundation.org> (raw)
In-Reply-To: <20141214201818.552715149@linuxfoundation.org>
3.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Forrest <dan.forrest@ssec.wisc.edu>
commit c4ea95d7cd08d9ffd7fa75e6c5e0332d596dd11e upstream.
Andrew Morton noticed that the error return from anon_vma_clone() was
being dropped and replaced with -ENOMEM (which is not itself a bug
because the only error return value from anon_vma_clone() is -ENOMEM).
I did an audit of callers of anon_vma_clone() and discovered an actual
bug where the error return was being lost. In __split_vma(), between
Linux 3.11 and 3.12 the code was changed so the err variable is used
before the call to anon_vma_clone() and the default initial value of
-ENOMEM is overwritten. So a failure of anon_vma_clone() will return
success since err at this point is now zero.
Below is a patch which fixes this bug and also propagates the error
return value from anon_vma_clone() in all cases.
Fixes: ef0855d334e1 ("mm: mempolicy: turn vma_set_policy() into vma_dup_policy()")
Signed-off-by: Daniel Forrest <dan.forrest@ssec.wisc.edu>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Tim Hartrick <tim@edgecast.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mmap.c | 10 +++++++---
mm/rmap.c | 6 ++++--
2 files changed, 11 insertions(+), 5 deletions(-)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -752,8 +752,11 @@ again: remove_next = 1 + (end > next->
* shrinking vma had, to cover any anon pages imported.
*/
if (exporter && exporter->anon_vma && !importer->anon_vma) {
- if (anon_vma_clone(importer, exporter))
- return -ENOMEM;
+ int error;
+
+ error = anon_vma_clone(importer, exporter);
+ if (error)
+ return error;
importer->anon_vma = exporter->anon_vma;
}
}
@@ -2453,7 +2456,8 @@ static int __split_vma(struct mm_struct
if (err)
goto out_free_vma;
- if (anon_vma_clone(new, vma))
+ err = anon_vma_clone(new, vma);
+ if (err)
goto out_free_mpol;
if (new->vm_file)
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -274,6 +274,7 @@ int anon_vma_fork(struct vm_area_struct
{
struct anon_vma_chain *avc;
struct anon_vma *anon_vma;
+ int error;
/* Don't bother if the parent process has no anon_vma here. */
if (!pvma->anon_vma)
@@ -283,8 +284,9 @@ int anon_vma_fork(struct vm_area_struct
* First, attach the new VMA to the parent VMA's anon_vmas,
* so rmap can find non-COWed pages in child processes.
*/
- if (anon_vma_clone(vma, pvma))
- return -ENOMEM;
+ error = anon_vma_clone(vma, pvma);
+ if (error)
+ return error;
/* Then add our own anon_vma. */
anon_vma = anon_vma_alloc();
next prev parent reply other threads:[~2014-12-14 20:20 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-14 20:20 [PATCH 3.17 00/47] 3.17.7-stable review Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 01/47] mm: frontswap: invalidate expired data on a dup-store failure Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 02/47] mm/vmpressure.c: fix race in vmpressure_work_fn() Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 03/47] drivers/input/evdev.c: dont kfree() a vmalloc address Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 04/47] fat: fix oops on corrupted vfat fs Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 05/47] mm: fix swapoff hang after page migration and fork Greg Kroah-Hartman
2014-12-14 20:20 ` Greg Kroah-Hartman [this message]
2014-12-14 20:20 ` [PATCH 3.17 07/47] slab: fix nodeid bounds check for non-contiguous node IDs Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 08/47] xen-netfront: Remove BUGs on paged skb data which crosses a page boundary Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 09/47] drm/nouveau/gf116: remove copy1 engine Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 10/47] nouveau: move the hotplug ignore to correct place Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 11/47] i2c: omap: fix NACK and Arbitration Lost irq handling Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 12/47] i2c: omap: fix i207 errata handling Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 14/47] i2c: cadence: Set the hardware time-out register to maximum value Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 16/47] drm/radeon: kernel panic in drm_calc_vbltimestamp_from_scanoutpos with 3.18.0-rc6 Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 17/47] of/fdt: memblock_reserve /memreserve/ regions in the case of partial overlap Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 18/47] drm/i915: More cautious with pch fifo underruns Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 19/47] drm/i915: Unlock panel even when LVDS is disabled Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 20/47] x86: Use $(OBJDUMP) instead of plain objdump Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 22/47] media: s2255drv: fix payload size for JPG, MJPEG Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 23/47] media: smiapp: Only some selection targets are settable Greg Kroah-Hartman
2014-12-14 20:20 ` [PATCH 3.17 24/47] AHCI: Add DeviceIDs for Sunrise Point-LP SATA controller Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 25/47] ahci: disable MSI on SAMSUNG 0xa800 SSD Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 26/47] sata_fsl: fix error handling of irq_of_parse_and_map Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 27/47] ip_tunnel: the lack of vti_link_ops dellink() cause kernel panic Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 28/47] ipv6: gre: fix wrong skb->protocol in WCCP Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 29/47] vxlan: Fix boolean flip in VXLAN_F_UDP_ZERO_CSUM6_[TX|RX] Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 30/47] Fix race condition between vxlan_sock_add and vxlan_sock_release Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 31/47] tg3: fix ring init when there are more TX than RX channels Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 32/47] net/mlx4_core: Limit count field to 24 bits in qp_alloc_res Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 33/47] net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 34/47] bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 35/47] rtnetlink: release net refcnt on error in do_setlink() Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 36/47] gre: Set inner mac header in gro complete Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 37/47] mips: bpf: Fix broken BPF_MOD Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 38/47] net: mvneta: fix Tx interrupt delay Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 39/47] net: mvneta: fix race condition in mvneta_tx() Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 41/47] xen-netfront: use correct linear area after linearizing an skb Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 42/47] netlink: use jhash as hashfn for rhashtable Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 43/47] Revert: ACPI / EC: Add support to disallow QR_EC to be issued before completing previous QR_EC Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 45/47] ALSA: hda - Add EAPD fixup for ASUS Z99He laptop Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 46/47] ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210 Greg Kroah-Hartman
2014-12-14 20:21 ` [PATCH 3.17 47/47] ALSA: usb-audio: Dont resubmit pending URBs at MIDI error recovery Greg Kroah-Hartman
2014-12-15 3:31 ` [PATCH 3.17 00/47] 3.17.7-stable review Guenter Roeck
2014-12-16 3:07 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141214201818.747811505@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dan.forrest@ssec.wisc.edu \
--cc=hughd@google.com \
--cc=koct9i@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.cz \
--cc=riel@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tim@edgecast.com \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
--cc=walken@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).