On Wed, Jun 17, 2015 at 01:39:06AM +0100, Al Viro wrote:
> Huh? kill_ioctx() picks ctx->mmap_base and passes it to vm_munmap().
> Which tries to grab mmap_sem, blocks for mremap() from another thread
> and waits for it to drop mmap_sem. By that time ctx->mmap_base has
> nothing whatsoever to the argument we'd passed to vm_munmap(). Sure,
> it had been recalculated by aio_ring_remap(), but it's too late for
> us - we'd already fetched the old value.
And yes, the leak you've spotted is real, but I would very much prefer
to avoid that goto - something like this instead:
diff --git a/mm/mremap.c b/mm/mremap.c
index 034e2d3..b36b530 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -291,7 +291,10 @@ static unsigned long move_vma(struct vm_area_struct *vma,
if (err < 0) {
move_page_tables(new_vma, new_addr, vma, old_addr,
moved_len, true);
- return err;
+ vma = new_vma;
+ old_len = new_len;
+ old_addr = new_addr;
+ new_addr = err;
}
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
