linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mmap: Fix copy_vma() failure path
@ 2022-10-11 20:36 Liam Howlett
  2022-10-12  9:41 ` Lukas Bulwahn
  0 siblings, 1 reply; 2+ messages in thread
From: Liam Howlett @ 2022-10-11 20:36 UTC (permalink / raw)
  To: maple-tree, linux-mm, linux-kernel, Andrew Morton
  Cc: Lukas Bulwahn, Liam Howlett

The anon vma was not unlinked and the file was not closed in the failure
path when the machine runs out of memory during the maple tree
modification.  This caused a memory leak of the anon vma chain and vma
since neither would be freed.

Reported-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Fixes: 524e00b36e8c (mm: remove rb tree.)
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
 mm/mmap.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mm/mmap.c b/mm/mmap.c
index 74c0e3784500..5855f26639f9 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -3234,6 +3234,11 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
 out_vma_link:
 	if (new_vma->vm_ops && new_vma->vm_ops->close)
 		new_vma->vm_ops->close(new_vma);
+
+	if (new_vma->vm_file)
+		fput(new_vma->vm_file);
+
+	unlink_anon_vmas(new_vma);
 out_free_mempol:
 	mpol_put(vma_policy(new_vma));
 out_free_vma:
-- 
2.35.1


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-12  9:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-11 20:36 [PATCH] mmap: Fix copy_vma() failure path Liam Howlett
2022-10-12  9:41 ` Lukas Bulwahn

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox