Commit d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g., due to memory allocation error), would leave the duplicated memory mapping in an inconsistent state.
Fix by regarding the return value, as it was before the change.
Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Cc: Andrew Morton akpm@linux-foundation.org Cc: stable@vger.kernel.org Signed-off-by: Nadav Amit namit@vmware.com --- kernel/fork.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c index 1b27babc4c78..4527d1d331de 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -549,8 +549,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, goto out; } /* a new mm has just been created */ - arch_dup_mmap(oldmm, mm); - retval = 0; + retval = arch_dup_mmap(oldmm, mm); out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm);
On Wed 22-08-18 22:12:29, Nadav Amit wrote:
Commit d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g., due to memory allocation error), would leave the duplicated memory mapping in an inconsistent state.
Fix by regarding the return value, as it was before the change.
Ohh, well spotted! I have a vague recollection I didn't really like the patch. For other reasons. I didn't get to review it properly back then because I didn't have much time and I didn't have a high motivation because I simple disagreed with the patch.
Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Cc: Andrew Morton akpm@linux-foundation.org Cc: stable@vger.kernel.org Signed-off-by: Nadav Amit namit@vmware.com
Acked-by: Michal Hocko mhocko@suse.com
Thanks!
kernel/fork.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/fork.c b/kernel/fork.c index 1b27babc4c78..4527d1d331de 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -549,8 +549,7 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, goto out; } /* a new mm has just been created */
- arch_dup_mmap(oldmm, mm);
- retval = 0;
- retval = arch_dup_mmap(oldmm, mm);
out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm); -- 2.17.1
linux-stable-mirror@lists.linaro.org