diff options
| author | Daniel Forrest <dan.forrest@ssec.wisc.edu> | 2014-12-02 18:59:42 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-12-03 12:36:04 -0500 |
| commit | c4ea95d7cd08d9ffd7fa75e6c5e0332d596dd11e (patch) | |
| tree | 528a94f26b4e2bc1ca8652a6dfa9a34d746c4d4f /mm/rmap.c | |
| parent | 2022b4d18a491a578218ce7a4eca8666db895a73 (diff) | |
mm: fix anon_vma_clone() error treatment
Andrew Morton noticed that the error return from anon_vma_clone() was
being dropped and replaced with -ENOMEM (which is not itself a bug
because the only error return value from anon_vma_clone() is -ENOMEM).
I did an audit of callers of anon_vma_clone() and discovered an actual
bug where the error return was being lost. In __split_vma(), between
Linux 3.11 and 3.12 the code was changed so the err variable is used
before the call to anon_vma_clone() and the default initial value of
-ENOMEM is overwritten. So a failure of anon_vma_clone() will return
success since err at this point is now zero.
Below is a patch which fixes this bug and also propagates the error
return value from anon_vma_clone() in all cases.
Fixes: ef0855d334e1 ("mm: mempolicy: turn vma_set_policy() into vma_dup_policy()")
Signed-off-by: Daniel Forrest <dan.forrest@ssec.wisc.edu>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Tim Hartrick <tim@edgecast.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/rmap.c')
| -rw-r--r-- | mm/rmap.c | 6 |
1 files changed, 4 insertions, 2 deletions
| @@ -274,6 +274,7 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) | |||
| 274 | { | 274 | { |
| 275 | struct anon_vma_chain *avc; | 275 | struct anon_vma_chain *avc; |
| 276 | struct anon_vma *anon_vma; | 276 | struct anon_vma *anon_vma; |
| 277 | int error; | ||
| 277 | 278 | ||
| 278 | /* Don't bother if the parent process has no anon_vma here. */ | 279 | /* Don't bother if the parent process has no anon_vma here. */ |
| 279 | if (!pvma->anon_vma) | 280 | if (!pvma->anon_vma) |
| @@ -283,8 +284,9 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) | |||
| 283 | * First, attach the new VMA to the parent VMA's anon_vmas, | 284 | * First, attach the new VMA to the parent VMA's anon_vmas, |
| 284 | * so rmap can find non-COWed pages in child processes. | 285 | * so rmap can find non-COWed pages in child processes. |
| 285 | */ | 286 | */ |
| 286 | if (anon_vma_clone(vma, pvma)) | 287 | error = anon_vma_clone(vma, pvma); |
| 287 | return -ENOMEM; | 288 | if (error) |
| 289 | return error; | ||
| 288 | 290 | ||
| 289 | /* Then add our own anon_vma. */ | 291 | /* Then add our own anon_vma. */ |
| 290 | anon_vma = anon_vma_alloc(); | 292 | anon_vma = anon_vma_alloc(); |