Skip to content

Commit

Permalink
mmap: call unlink_anon_vmas() in __split_vma() in case of error
Browse files Browse the repository at this point in the history 
If __split_vma fails because of an out of memory condition the
anon_vma_chain isn't teardown and freed potentially leading to rmap walks
accessing freed vma information plus there's a memleak.

Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Acked-by: Johannes Weiner <jweiner@redhat.com>
Acked-by: Rik van Riel <riel@redhat.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Andrea Arcangeli authored and Linus Torvalds committed Sep 23, 2010
1 parent a247c3a commit 2aeadc3
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions mm/mmap.c
View file
Original file line number Diff line number Diff line change
@@ -2009,6 +2009,7 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
removed_exe_file_vma(mm);
fput(new->vm_file);
}
unlink_anon_vmas(new);
out_free_mpol:
mpol_put(pol);
out_free_vma:

0 comments on commit 2aeadc3

Please sign in to comment.