[PATCH] vm_area_struct slab corruption

Hugh Dickins (hugh@veritas.com)
Thu, 6 Mar 2003 12:29:14 +0000 (GMT)


Fix vm_area_struct slab corruption due to mremap's move_vma mistaking
(okay, okay, _my_ mistaking) how do_munmap splits vmas in one case.

This patch fits do_munmap to move_vma's expectation: you may well feel
that's the wrong way round to fix it (and not the way I promised a few
days ago), but at present I'm more comfortable with this simpler fix;
and it does seem preferable for do_munmap to reuse the existing vma.

Hugh

--- 2.5.64/mm/mmap.c Wed Mar 5 07:26:34 2003
+++ linux/mm/mmap.c Thu Mar 6 11:47:44 2003
@@ -1258,20 +1258,24 @@

/*
* If we need to split any vma, do it now to save pain later.
+ *
+ * Note: mremap's move_vma VM_ACCOUNT handling assumes a partially
+ * unmapped vm_area_struct will remain in use: so lower split_vma
+ * places tmp vma above, and higher split_vma places tmp vma below.
*/
if (start > mpnt->vm_start) {
if (split_vma(mm, mpnt, start, 0))
return -ENOMEM;
prev = mpnt;
- mpnt = mpnt->vm_next;
}

/* Does it split the last one? */
last = find_vma(mm, end);
if (last && end > last->vm_start) {
- if (split_vma(mm, last, end, 0))
+ if (split_vma(mm, last, end, 1))
return -ENOMEM;
}
+ mpnt = prev? prev->vm_next: mm->mmap;

/*
* Remove the vma's, and unmap the actual pages

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/