[PATCH] mremap corrupts freed vma

Hugh Dickins (hugh@veritas.com)
Mon, 19 Aug 2002 23:27:45 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Venkat Raghu: "newbie"
Previous message: john stultz: "[TRIVIAL] [PATCH] notsc-warning_A0"

My tricksy accounting code in mremap's move_vma assumed 2.4 behaviour
in do_munmap, which preserved vma: but 2.5 splitvma may substitute it.
Showed up as Committed_AS growing each time kernel built with kallsyms;
but more seriously, it was writing to an area already kmem_cache_freed.

Patch against 2.5.31 or today's BK: please apply before others corrupted!

--- 2.5.31/mm/mremap.c Fri Aug 2 21:15:57 2002
+++ linux/mm/mremap.c Mon Aug 19 22:13:33 2002
@@ -220,6 +220,8 @@
split = 1;
} else if (addr + old_len == vma->vm_end)
vma = NULL; /* it will be removed */
+ else
+ split = -1; /* vma may be changed */
} else
vma = NULL; /* nothing more to do */

@@ -227,8 +229,10 @@

/* Restore VM_ACCOUNT if one or two pieces of vma left */
if (vma) {
+ if (split < 0)
+ vma = find_vma(mm, addr + old_len);
vma->vm_flags |= VM_ACCOUNT;
- if (split)
+ if (split > 0)
vma->vm_next->vm_flags |= VM_ACCOUNT;
}
current->mm->total_vm += new_len >> PAGE_SHIFT;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Venkat Raghu: "newbie"
Previous message: john stultz: "[TRIVIAL] [PATCH] notsc-warning_A0"