From: David Woodhouse <dwmw2@infradead.org>
To: "Liam R. Howlett" <Liam.Howlett@oracle.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Vegard Nossum <vegard.nossum@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: [PATCH] mm/mmap: Fix error return in do_vmi_align_munmap()
Date: Wed, 28 Jun 2023 11:42:45 +0100 [thread overview]
Message-ID: <ef2c7c0eeb166acf050597f49eb118d94f18bd39.camel@infradead.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2010 bytes --]
From: David Woodhouse <dwmw@amazon.co.uk>
If mas_store_gfp() in the gather loop failed, the 'error' variable that
ultimately gets returned was not being set. In many cases, its original
value of -ENOMEM was still in place, and that was fine. But if VMAs had
been split at the start or end of the range, then 'error' could be zero.
Change to the 'error = foo(); if (error) goto …' idiom to fix the bug.
Also clean up a later case which avoided the same bug by *explicitly*
setting error = -ENOMEM right before calling the function that might
return -ENOMEM.
In a final cosmetic change, move the 'Point of no return' comment to
*after* the goto. That's been in the wrong place since the preallocation
was removed, and this new error path was added.
Fixes: 606c812eb1d5 ("mm/mmap: Fix error path in do_vmi_align_munmap()")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
---
mm/mmap.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/mm/mmap.c b/mm/mmap.c
index d600404580b2..13128e908470 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2387,7 +2387,8 @@ do_vmi_align_munmap(struct vma_iterator *vmi, struct vm_area_struct *vma,
}
vma_start_write(next);
mas_set_range(&mas_detach, next->vm_start, next->vm_end - 1);
- if (mas_store_gfp(&mas_detach, next, GFP_KERNEL))
+ error = mas_store_gfp(&mas_detach, next, GFP_KERNEL);
+ if (error)
goto munmap_gather_failed;
vma_mark_detached(next, true);
if (next->vm_flags & VM_LOCKED)
@@ -2436,12 +2437,12 @@ do_vmi_align_munmap(struct vma_iterator *vmi, struct vm_area_struct *vma,
BUG_ON(count != test_count);
}
#endif
- /* Point of no return */
- error = -ENOMEM;
vma_iter_set(vmi, start);
- if (vma_iter_clear_gfp(vmi, start, end, GFP_KERNEL))
+ error = vma_iter_clear_gfp(vmi, start, end, GFP_KERNEL);
+ if (error)
goto clear_tree_failed;
+ /* Point of no return */
mm->locked_vm -= locked_vm;
mm->map_count -= count;
/*
--
2.34.1
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5965 bytes --]
next reply other threads:[~2023-06-28 10:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-28 10:42 David Woodhouse [this message]
2023-06-28 10:52 ` Greg KH
2023-06-28 13:13 ` Liam R. Howlett
2023-06-29 21:17 ` [GIT PULL] " David Woodhouse
2023-06-30 0:48 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ef2c7c0eeb166acf050597f49eb118d94f18bd39.camel@infradead.org \
--to=dwmw2@infradead.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=torvalds@linux-foundation.org \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox