On Sun, Oct 27, 2024 at 05:53:47PM -0700, Andrew Morton wrote:
On Sun, 27 Oct 2024 12:33:21 +0000 Wei Yang richard.weiyang@gmail.com wrote:
After commit 94d7d9233951 ("mm: abstract the vma_merge()/split_vma() pattern for mprotect() et al."), if vma_modify_flags() return error, the vma is set to an error code. This will lead to an invalid prev be returned.
Generally this shouldn't matter as the caller should treat an error as indicating state is now invalidated, however unfortunately apply_mlockall_flags() does not check for errors and assumes that mlock_fixup() correctly maintains prev even if an error were to occur.
And what is the userspace-visible effect when this occurs?
When error occurs, prev would be set to (-ENOMEM). And accessing this address would lead to a kernel crash.
So looks no userspace-visible effect for this.