diff options
author | KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> | 2009-10-26 19:49:58 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-10-29 10:39:29 -0400 |
commit | ab8a3e14e6f8e567560f664bbd29aefb306a274e (patch) | |
tree | 72de6b1c5a9130a0503ecc4d9e16db236f6884a0 /mm/mempolicy.c | |
parent | 47f365eb575735c6b2edf5d08e0d16d26a9c23bd (diff) |
mbind(): fix leak of never putback pages
If mbind() receives an invalid address, do_mbind leaks a page. The
following test program detects this leak.
This patch fixes it.
migrate_efault.c
=======================================
#include <numaif.h>
#include <numa.h>
#include <sys/mman.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
static unsigned long pagesize;
static void* make_hole_mapping(void)
{
void* addr;
addr = mmap(NULL, pagesize*3, PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, 0, 0);
if (addr == MAP_FAILED)
return NULL;
/* make page populate */
memset(addr, 0, pagesize*3);
/* make memory hole */
munmap(addr+pagesize, pagesize);
return addr;
}
int main(int argc, char** argv)
{
void* addr;
int ch;
int node;
struct bitmask *nmask = numa_allocate_nodemask();
int err;
int node_set = 0;
while ((ch = getopt(argc, argv, "n:")) != -1){
switch (ch){
case 'n':
node = strtol(optarg, NULL, 0);
numa_bitmask_setbit(nmask, node);
node_set = 1;
break;
default:
;
}
}
argc -= optind;
argv += optind;
if (!node_set)
numa_bitmask_setbit(nmask, 0);
pagesize = getpagesize();
addr = make_hole_mapping();
err = mbind(addr, pagesize*3, MPOL_BIND, nmask->maskp, nmask->size, MPOL_MF_MOVE_ALL);
if (err)
perror("mbind ");
return 0;
}
=======================================
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/mempolicy.c')
-rw-r--r-- | mm/mempolicy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 7dd9d9f8069..d49956d3025 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c | |||
@@ -1058,7 +1058,8 @@ static long do_mbind(unsigned long start, unsigned long len, | |||
1058 | 1058 | ||
1059 | if (!err && nr_failed && (flags & MPOL_MF_STRICT)) | 1059 | if (!err && nr_failed && (flags & MPOL_MF_STRICT)) |
1060 | err = -EIO; | 1060 | err = -EIO; |
1061 | } | 1061 | } else |
1062 | putback_lru_pages(&pagelist); | ||
1062 | 1063 | ||
1063 | up_write(&mm->mmap_sem); | 1064 | up_write(&mm->mmap_sem); |
1064 | mpol_put(new); | 1065 | mpol_put(new); |