mm anon rmap: in mremap, set the new vma's position before anon_vma_clone()

anon_vma_clone() expects new_vma->vm_{start,end,pgoff} to be correctly set
so that the new vma can be indexed on the anon interval tree.

copy_vma() was failing to do that, which broke mremap().

Signed-off-by: Michel Lespinasse <walken@google.com>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 4 insertions, 4 deletions

diff --git a/mm/mmap.c b/mm/mmap.c
index deb422c39e21..81248992120d 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2419,16 +2419,16 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
                 new_vma = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
                 if (new_vma) {
                         *new_vma = *vma;
+                        new_vma->vm_start = addr;
+                        new_vma->vm_end = addr + len;
+                        new_vma->vm_pgoff = pgoff;
                         pol = mpol_dup(vma_policy(vma));
                         if (IS_ERR(pol))
                                 goto out_free_vma;
+                        vma_set_policy(new_vma, pol);
                         INIT_LIST_HEAD(&new_vma->anon_vma_chain);
                         if (anon_vma_clone(new_vma, vma))
                                 goto out_free_mempol;
-                        vma_set_policy(new_vma, pol);
-                        new_vma->vm_start = addr;
-                        new_vma->vm_end = addr + len;
-                        new_vma->vm_pgoff = pgoff;
                         if (new_vma->vm_file)
                                 get_file(new_vma->vm_file);
                         if (new_vma->vm_ops && new_vma->vm_ops->open)