| Message ID | 1581150928-3214-4-git-send-email-lixinhai.lxh@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mm: Fix misuse of parent anon_vma in dup_mmap path | expand |
On Sat, Feb 08, 2020 at 08:35:28AM +0000, Li Xinhai wrote: > Set ->vm_next and ->vm_prev to NULL to prevent potential misuse from > the new duplicated vma. > > Currently, only in fork path there are misuse for handling anon_vma. No > other bugs been revealed with this patch applied. > > Signed-off-by: Li Xinhai <lixinhai.lxh@gmail.com> > Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Cc: Matthew Wilcox <willy@infradead.org> > Cc: Johannes Weiner <hannes@cmpxchg.org> Looks okay to me. Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
diff --git a/kernel/fork.c b/kernel/fork.c index 1bbd49a..eb3a148 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -361,6 +361,7 @@ struct vm_area_struct *vm_area_dup(struct vm_area_struct *orig) if (new) { *new = *orig; INIT_LIST_HEAD(&new->anon_vma_chain); + new->vm_next = new->vm_prev = NULL; } return new; } @@ -561,7 +562,6 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; tmp->vm_flags &= ~(VM_LOCKED | VM_LOCKONFAULT); - tmp->vm_next = tmp->vm_prev = NULL; file = tmp->vm_file; if (file) { struct inode *inode = file_inode(file);
Set ->vm_next and ->vm_prev to NULL to prevent potential misuse from the new duplicated vma. Currently, only in fork path there are misuse for handling anon_vma. No other bugs been revealed with this patch applied. Signed-off-by: Li Xinhai <lixinhai.lxh@gmail.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Johannes Weiner <hannes@cmpxchg.org> --- kernel/fork.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)